KTH-SEECS Applied Information Security Lab

National University of Sciences and Technology (NUST)

CRESCENT+: A secure and reliable framework for durable web service composition

Domain:Cloud Computing Security

Status: Active
Contact Person(s): Sara Khurshid , Awais Shibli

The rapid growth of web applications has resulted in increased interest in the area of composite web services that involve several service providers. Web service composition over the internet allows the customers to avail complex one-stop services that provide various functionalities in one. The potential for such composite web services can be realized only if consumer security concerns are satisfactorily addressed. Both customers and service providers have their own security requirements regarding confidentiality and integrity of their data, so it becomes important to fulfill the requirements defined in SLAs. There is a need of secure management framework for composite web services.

We have proposed a CRESCENT+, which is a secure and reliable framework for durable composite web service management. Our work is based on already proposed CRESCENT framework.

Our research includes doing an extensive survey of security frameworks for web service composition and its management and vulnerability analysis of CRESCENT framework. We have performed threat modeling of the framework and identified its security requirements, using STRIDE mechanism. Based on the identified security mechanisms, we have introduced security mechanisms into CRESCENT to ensure security of its modules and composite as well as component web services. The incorporation of security modules into the framework will provide security features such as mutual authentication, authorization, confidentiality, integrity and non repudiation. It also increases the reliability of the framework