Docstoc

Dependability Analysis on Web Service Security: Business Logic Driven Approach

Document Sample
Dependability Analysis on Web Service Security: Business Logic Driven Approach Powered By Docstoc
					                                                                 (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                           Vol. 8, No. 2, 2010

      Dependability Analysis on Web Service Security:
            Business Logic Driven Approach

                       Saleem Basha                                                              P. Dhavachelvan
             Department of Computer Science                                               Department of Computer Science
                 Pondicherry University                                                       Pondicherry University
                    Puducherry, India                                                           Puducherry, India
              smartsaleem1979@gmail.com                                                     dhavachelvan@gmail.com


Abstract— In the modern computing world internet and e-                      development starting from requirement analysis to
business are the composite blend of web service and technology.              maintenance. The information exchange between the database
Organization must secure their state of computing system or risk             and the user interface will be done by the functional algorithm
to malicious attacks. The business logic is the fundamental drive            which is described by the business logic. This logic is
for computer based business tasks, where business process and                composed of business functions and business rules. Series of
business function adds their features for better illustration for the        logically related activities or task performed together to
abstract view of the business domain. The advent and                         produce a defined set of result called business function and
astronomical raise of internet and ebusiness makes the business              business rule is a statement that defines or constrains some
logic to specify and drive the web service. Due to the loosely               aspect of the business. It is important to understand that
coupling of web service with the application, analyzing
                                                                             business modeling commonly refers to business process design
dependability of the business logic becomes an essential artifact
to produce complex web service composition and orchestrations
                                                                             at the operational level [4] which comes under the functional
to complete a business task. This paper extended the Markov                  requirement of the system, where as the non functional
chain for the dependability analysis of the business logic driven            requirements are left as it is afterthought. Non functional
web service security.                                                        attributes defines the system properties and constraints and can
                                                                             be classified as Product requirements, Organizational
   Keywords- Web Servcie; Dependability Analysis; Busienss                   requirements and External requirements. Security of the system
Logic; Web Servcie Security                                                  plays a major role across the boundaries of the organizations.
                                                                             Security of the system can be improved by providing the
                       I.    INTRODUCTION                                    foundation in the early phase of the system development
                                                                             process by dependability analysis. The development of system
    Enterprise systems are distinct and highly complex class of              during requirements analysis and system design can improve
systems. They are characterized by their importance for                      the quality of the resulting system.
enterprises themselves, making them mission critical, by their
extreme multi-user capability, by their tolerance of heavy loads                 The most common dependability parameters which can be
and by with their tight integration with the business process,               used to describe the nonfunctional requirements of virtually
which makes every enterprise system installation unique. In                  any kind of service, independently from the nature of the
short, they are one of the most fascinating yet most demanding               service are reliability and availability [20]. The dependability
disciplines in software engineering [1]. The business logic is               of the of the system raises along with the growing popularity of
responsible for implementing the basic rules of the system                   the web service based integration of heterogeneous enterprise
according to the operating rules of the business. Its main                   systems. The parameters of non functional (mainly
feature is to take request, determine what actions the request               dependability related) requirements must be predefined for a
requires, implement those actions and return response data to                given web service in order to guarantee the web service
the customer. Organization faces the problem of the security                 consumers. The provider also has to consider similar
derived from the non functional requirements and to maximize                 nonfunctional parameters of external Web services involved in
the utilization of the cutting edge technology with minimum                  the operation of his main service to be able to calculate and
cost in the agile business environment. Web service is the                   plan the dependability parameters.
upcoming wave for tomorrows business needs, in this concern                      In this paper, we extend Markov chain process for the
the non functional attributes is the one of the major challenging            dependability analysis of the business logic driven web service
sector for the developers to guarantee the confidentiality,                  security. A direct generalization of the scheme of independent
authentication, integrity, authorization and non-repudiation of              trials is a scheme of what are known as Markov Chains,
machine to machine interaction so security is not negotiable to              imagine that a sequence of trials in each of which one and only
anticipate a secure artifacts for web service. There are two                 one of k mutually exclusive events A1(s), A2(s)… Ak(s) can occur.
underlying themes for all these pressure: Heterogeneity and                  We say that the sequence of trials forms a Markov Chain, or
agility: Software development is a standard practice in                      more precisely a simple Markov chain, if the conditional
software engineering where business logic drives the software



                                                                        33                              http://sites.google.com/site/ijcsis/
                                                                                                        ISSN 1947-5500
                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                         Vol. 8, No. 2, 2010
probability that event Ai(s+1) (i=1,2…k) will occur in the (s+1)th         configurable web services. Hence this model would ensure the
trial (s=1,2,3….) after a known event has occurred in the sth              consumers that the services are manageable at runtime, self
trial, depends solely on the event that occurred in the sth trial          configurable in case of dependability, computable in total or
and is not modified by supplementary information about the                 partial and traceable to the point of failure. Also it sustains
event that occurred in earlier trials. A different terminology is          dependency between the business rules and business functions.
frequently employed in starting the theory of Markov chains
and one speaks of a certain system S, which at each instant of             A. Web Service Security Analysis
time can be in one of the states A1, A2 ….. Ak and alters its state            The cost versus risk parameters of the business will
only at times t1, t2 …. tn …. For Markov chains, the probability           determine the capability to implement security in web service
of passing to some state Ai (i=1,2….k) at time τ(ts< τ<ts+1)               [25]. More a business can articulate the risks to its business,
depends only on the state the system was in at time t(ts-1<t<ts)           better it will be capable to appraise the advantage of preventive
and does not change if we learn its state were at earlier times.           measurements to protect itself. The business must be capable of
                                                                           answering such a question.
    II.    WEB SERVICE SECURITY ANALYSIS AND BUSINESS
                          LOGIC MODEL                                         Who has to have the access to which information?
     Modeling business logic focuses on the core functionality                How is access to data provided? Direct or brokered?
of the business process, which are capsulated as web services.                 Is there a need for data to be available to external partners
It requires that business process pertains exactly to the business         as well as internal consumers?
logic with various business terminologies such as dependency,
policy, standards, constraints, etc. As a prerequisite to this                What requirements does the information need in transit, in
business logic model, the core functionality of the business               process and at rest?
process should be analyzed for dependencies then modeled                       To achieve a secure web service, the application and the
absolutely, whereas the previous implementations of web                    security analysis must be analyzed conceptually and modeled.
services were direct. Ronald et al. states that existing models            This roughly goes without saying that the big companies are
like business rule model, business motivation model and                    obsessed by the safety and to assure the critical applications,
business process model concentrate on business process at the              essential information is at stake. Any movement towards web
operational level with compromising minimum range of QoS                   service presents a principal opportunity to incorporate the
attributes [2]. Business rule model deals with the extraction of           safety in future applications. Organization and system stake
business rules from the business logic, in order to reduce the             holders are realizing that every opportunity for the business
cost and time spent in development [2][3]. Business motivation             emerges with the danger of seriously screwing things-up. In
model paves way for identifying the facts preserved in novel               early web service adopters are delicious prey for the bad
objectives, thereby facilitating the business process                      thinking about the security analysis of the web service. After
development. Business process model provides optimization to               the several advancement in the technology and techniques in
the business process at the designing phase. The                           the context of security analysis, still the system developers
implementation of a company's business model into                          faces the problem of security and security analysis.
organizational structures and systems is part of a company's
business operations. It is important to understand that business               Wide consideration to inherent the security features in the
modeling commonly refers to business process design at the                 SDLC of the web service platform will enhances the safety of
operational level [4], whereas business models and business                the web service as well as the service themselves [26]. Thus
model design refer to defining the business logic of a company             web service provides an opportunity to avoid such security
at the strategic level. Business logic model aims to resolve the           related issues and challenges or otherwise managing security
complexities involved, by decomposing the business process                 dependencies that pervade software architecture.
into sub processes and in turn into tasks, also preserving the
                                                                               The vendors typically emphasize the primary features of
functional dependencies among the sub-processes, without
                                                                           safety that they offer as key selling points in the real world of
ignoring the key factors. Any service domain adopted this
                                                                           enterprise applications. Nevertheless, out of the list of
model for their web service development could be easily
                                                                           obligatory features of safety, few sellers can give testimony to
managed in terms of handling run time exceptions towards
                                                                           the underlying safety of the product itself. So the user could
service reliability and manageability. Business logic model can
                                                                           have all the characteristics of security in the computing world,
be applied in tandem with the above described models, thereby
                                                                           but they remain untenably insecure due to lack of analysis of
facilitating service computation and composition much better.
                                                                           the security.
This model enables web services to realize their computational
criteria such as computability, traceability and decidability with
the supporting QoS attributes like manageability,                          B. Business Logic Model
configurability, serviceability and dependency. The                            Business processes and motivation models have been used
computational criteria would be the best suit for the web                  to analyze and propose new changes in accordance to changing
service community who look for exception-free web services                 business scenarios. A process model scope does not extend
or reconfigurable web services. This model would also satisfy              optimally to web services, whereas Business Rule models
the service consumers who approach the discovery and                       extract rules from the business logic and concentrate mainly on
composition engines for fetching exception free or self                    the problem of modeling and accessing data by using efficient
                                                                           queries [4][2]. However they do not model the entire business
   Identify applicable sponsor/s here. (sponsors)



                                                                      34                              http://sites.google.com/site/ijcsis/
                                                                                                      ISSN 1947-5500
                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                        Vol. 8, No. 2, 2010
logic including the dependency analysis. Thus there is a need             drawbacks; significant performance problem for data intensive
for a model which represents a business process in detail and             functions, non object application may have significant
also adapts the dependability analysis, rules, policies and               difficulty to accessing functionality. Improper handling of the
standards to changing business scenarios. This adaptability               non functional requirements and its dependability may result in
helps service consumers and service providers cope up with the            compromising the growth of the organization.
demanding and challenging changes in services.
                                                                              Currently much work in the requirements engineering field
    Such a representation should not compromise on matter and             has been done to shown the necessity of business logic which
processes private to a business. Since a business logic model             take non-functional requirement’s (NFR) dependability into
seems inevitable, by maintaining business privacy and by                  consideration. Such logic will better deal with real-world
modeling a specific business process, the model seems to be a             situations. On the other hand the advantages of having business
promising methodology to handle the ever-changing business                logic is the capability of representing nonfunctional aspects,
scenarios. Business Process systems that use web services                 such as dependability, confidentiality, performance, ease of use
decrease the cost of automating transactions with trading                 and timeliness. It is believed that these functional aspects
partners.                                                                 should be dealt with as non-functional requirements. Therefore,
                                                                          NFRs have to be handled and expressed very early in the
    The scope of a business process is limited to design,                 process of modeling an information system [5]. Organizations
development and deployment of services. The limited scope                 are spending much in system development and least
helps to develop better services keeping service customization            concentration to NFRs. Recent tales of failure in information
in mind. The outcome breakdown structure of the service                   systems can be explained by the lack of attention to NFRs. The
business logic is streamed as a set of business rules, functions          London Ambulance System (LAS) is a example for the
and parameters. Further, these rules and functions could be               information system failure due to lack of attention of NFRs [6].
tuned to be primitive business functions under certain specific           The LAS was deactivated, soon after its deployment, because
conditions. The primary motivation behind setting up the                  of several problems, many of which were related to NFRs such
business functions as primitive business functions would pose             as performance and conformance with standards [7].
the computability and traceability factors, which are the most            Negotiation in the NRFs is not a healthy activity in the system
essential quality-driven factors as they could manage the                 development, the consequences of negotiating NRFs leads to
complete service computing platform successfully by the                   serious problem as in the case of LAS.
effective handling of run-time exceptions during service
computation and composition by the security dependencies.                     Serviced Oriented Architecture (SOA) is the paradigm for
This model decomposes the business logic into functionally                the future business environment, where web service is the
consistent and coherent business rules and functions, keeping             building block for SOA and it is the key for agile business
in mind the privacy constraints of businesses. Decomposition              across the enterprises. It is important in Service Oriented
helps representing the interdependent business functions with             Architecture to separate functional and non-functional
the security dependability as low as possible. This strategy              requirements for services because different applications use
categorizes the business functions into initial, composite and            services in different non-functional contexts. In order to
recursive functions and evaluates them into computable and                maximize the reusability of services, a set of constraints among
dependable      business     functions.      Computability     and        non-functional requirements tend to be complicated to
dependability of business functions are key factors for                   maintain. Currently, those non-functional constraints are
measuring the success rate. Existing discovery and composition            informally specified in natural languages, and developers need
engines provide services based on functionality, quality, and             to ensure that their applications satisfy the constraints in
security of requested services. Customizing the services is not           manual and ad-hoc manners [8]. System developers believe
addressed by the existing engines. The proposed business logic            that business logic composes and speaks only the functional
based dependability analysis exhibits the functionalities of any          aspect, but fails to keep in mind that to consider the other
of the generic engines but is also resilient to customization.            aspects driven by functional aspect i.e. dependabelity. The
                                                                          separation of functional and non-functional aspects improves
C. Relation Between Web Service Security Analysis and                     the reusability of services and connections. It also improves the
    Business Logic Model                                                  ease of understanding application design and enables two
                                                                          different aspects to evolve independently. Wada et al. pointed
    Modeling system with business logic model has benefits
                                                                          that the separation of functional and non-functional aspects
like; it reflects standard layering practices with in the
                                                                          results in higher maintainability of applications [9]. Non-
development communities, business functionality easily
                                                                          functional aspects should also be captured as abstract models in
accessible by other object application, very efficient to build
                                                                          an early development phase and automatically transformed to
business objects, it helps to test the basic success premises of
                                                                          code or configuration files in order to improve development
business, improves the clear understanding of existing value
                                                                          productivity. It incurs time-consuming and error-prone manual
drivers and constraints, it provides a componentized view of
                                                                          efforts to implement and deploy non-functional aspects in later
the business and technology environment in order to have
                                                                          development phases (e.g., integration and test phases) [10][11].
common building blocks that can be reused across product and
                                                                          Web services become more popular and better utilized by many
business silos, it defines and sustainable interim states which
                                                                          users and software agents, they will inevitably be
provides measurable benefits as flexible path to the goal and
                                                                          commercialized. But still Services Challenge (WSC) that focus
business logic provides a strong governance to manage and
                                                                          on functional aspects [12][13]. We believe that considering the
deliver the changes. Business logic also possesses some of the



                                                                     35                              http://sites.google.com/site/ijcsis/
                                                                                                     ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                       Vol. 8, No. 2, 2010
dependability of both functional and non-functional attributes           constrains of the system can be eliminated and the probability
together in solving the Web services composition problem                 of a system failure can be evaluated. The analysis can be done
would produce superior outputs [14]. Because NFRs are always             for two basic purposes; determine the optimal solution for
tied up with functional requirements i.e., NFRs can be seen as           given requirements and determine the guaranteed parameters
requirements that constrain or set some quality attributes upon          for a given solution.
a functional requirement[25]
    To the best of our knowledge, this is the first work studying        B. Business Logic Based Dependability Analysis in Web
the usability of the main approaches adopted for specifying and              Servcie Security
enforcing web service security analysis in business logic.                   The web service is the perfect blue print for agile business
Today’s internet and e-affaires are the composite blend of               environment where the services are catered across the
business process and technology where the web service is the             organizational boundary which is specified by the business
perfect blue print for agile business environment. In the early          logic. The loosely coupling characteristic of web service
times, data in the networks were closed; security within these           introduces many challenges including security.
networks was ensured through isolation. Later LAN(Local
                                                                             Security is the major concern and web service may fail due
Area Network) was introduced with firewalls to isolated from
                                                                         to these concerns. As said earlier business logic drives the
the untrusted public networks to ensure that adversaries and
                                                                         business through web service using business functions and
hackers cannot intrude into the private network. For more                business rules. Business logic also specifies the security
security, they added security aspects like proxies, intrusion
                                                                         aspects; a promising approach for problem determination in
detection system, intrusion prevention system, antivirus,                large systems is dependency analysis. In brief, the question that
malware catchers etc., are the domain specific security
                                                                         dependency analysis tries to answer is this: Is the service X
measures. The belief was that applications and assets used by            dependent on another service Y or security parameter Z? If
the organization can be secured through in-vitro perimeter
                                                                         such a dependency exists, what is the strength1 of the
security. Therefore, software engineering techniques never               dependency? Using this information, when a problem is
looked into security analysis as an important component in
                                                                         observed at a particular service point, the root cause may be
Software Develop Life Cycle (SDLC); and, identified security             tracked down to a security parameter on which this service is
as nonfunctional requirement [15]. Security must be part of the
                                                                         dependent. The dependency analysis problem becomes very
application to protect itself from security threats. Application         challenging in situations where the security of the system may
security will however be over and above the perimeter network
                                                                         be static or dynamic in nature. In such cases, these parameters
security. To achieve this, security now need to be treated as            can appear and disappear during system lifetime because of
functional requirement and must be part of SDLC [16]. Sindre
                                                                         failures, or deployment of new security requirement and the
et al. have identified application security as a need and
                                                                         dependency relations can change as a result of change of
proposed ways to achieve this. All these isolated and
                                                                         security parameter availability or new service level agreements
independent techniques have been combined together in a
                                                                         being negotiated.
thread to form a business Logic [17].
                                                                            For illustration let us consider four service providers (SP1,
 III.   DEPENDABILITY ANALYSIS IN WEB SERVICE SECURITY                   SP2, SP3, SP4) each service provider has his own Business
                                                                         Logic (BL) and one or many Business Function (BF) to
A. Dependability Analysis                                                complete the business tasks as shown in the Figure 1.
    The most common dependability parameters which can be                    From the Markov chain the dependability of the business
used to describe the nonfunctional requirements of virtually             functions to the web service is shown in the Table 1. The BL1
any kind of service, independently from the nature of the                has defined two business functions namely BF1 and BF2 which
service are reliability and availability [20]. The probability           has three web services each WS1, WS3, WS4 and WS1, WS2,
formalism, into which these dependencies may fit in a natural            WS4 respectively. Now consider only the business function
way and it is important for the analysis of the non functional           BF1, let WS1, WS3 and WS4 are need to complete a business
parameters. Then the dependability of the system can able to             task with some security consideration. The state graph of these
assessed for the parameters of the system from the                       web services is show in the Figure 2. WS1 is the initial state or
components’ parameters. Using design patterns that are proven            the initial web service for BF1, the arrow flows from WS1 to
in the field of reliability can enhance the dependability of the         WS2 iff (if and if only) all the security conditions satisfies in
main service. Such patterns can be, for instance, the N-Version          WS1, and its probability is 1, else it rolls back to WS1 itself.
Programming and the Recovery Block scheme [18]. Web                      Similarly from WS2 to WS4, the P21 is the probability of the
service is the building block for SOA in different platforms,            state WS3 to return to previous state WS1 under any fault
vendors, etc. The dependability of that particular system may            conditions, and P23 is the probability of success of the security
of course influenced by the nature of the problem. The                   considerations and reaches to the final state WS4 and thus a
parameters of a composite web service is depends on the nature           business task completes for business function BF1.
of the implementation and design of the individual web
services and its patterns. Finally the aim of the dependability
analysis of the system is to validate a business process towards
some business tasks. The consideration of such patterns can be
based on the result of a dependability analysis, moreover the




                                                                    36                              http://sites.google.com/site/ijcsis/
                                                                                                    ISSN 1947-5500
                                                                      (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                Vol. 8, No. 2, 2010
                                                                               TABLE I.         BUSINESS LOGIC AND ITS ASSOCIATED B USINESS FUNCTIONS
               SP1             BL1                                                                        AND WEB SERVCIES

                                                                                              BL1                         BL2                    BL3             BL4
                                                                                       BF1      BF2            BF3        BF4    BF5     BF6     BF7       BF8   BF9

                       BF1              BF2                                     WS1       *         *
                                                                                WS2                 *
                                                                                WS3       *
                                                                                WS4       *         *
                                                                                WS5                             *                    *
         WS1             WS2            WS3          WS4
                                                                                WS6                             *          *
                                                                                WS7                                        *         *
                                 (a)
                                                                                WS8                                                        *      *         *

                                  BL2                                           WS9                                                               *
                 SP2
                                                                               WS10                                                        *      *
                                                                               WS11                                                                               *
                   BF3           BF4           BF5                             WS12                                                                               *




                                                                                                0
                WS5            WS6            WS7                                                                                                      1
                                                                                                                     1
                                                                                                    WS1                        WS3             WS4
                                 (b)                                                                                                     P23

                                                                                                                    P21
                 SP3             BL3
                                                                                                        are the security considerations


                   BF6            BF7          BF8                                                  Figure 2. Dependability Graph of BF1

                                                                                  The transition probability of BF1 from state WSi to WSj,
                                                                               where i, j = 1,3,4. Then transition matrix can be written for
                                                                               WS1, WS3, and WS4.

                WS8            WS9            WS10                                        0               1  0 
                                                                                                                
                                                                                   BL1   P21             0 P23                                                (1)
                                  (c)                                                     0               0 1 
                                                                                                                
                                                                                  Here P21 + P23 = 1
                                                                                  Let ∂0, ∂1, ∂2 ….. ∂n are the phases of the chain, then
                     SP3            BL4
                                                                                  Pi = [P1(i) P2(i) P3(i)] be the probability of the chain in the
                                                                               given phase i.
                                    BF9                                           Since WS1 is the initial state, therefore P0 = [1 0 0]
                                                                                  Further from matrix theory Pi+1 = PiA i.e.
                                                                                  P1 = P0A = [010]
                             WS11         WS12                                    P2 = P1A = [P210P23]
                                                                                  P3 = P2A = [0P21+P32P231]
                                    (d)
                                                                                  In general Pn=P0An ; n=1,2,3 ….
Figure 1. Service Providers (SP1, SP2,SP3 and SP4) and its Business
                            Functions




                                                                          37                                              http://sites.google.com/site/ijcsis/
                                                                                                                          ISSN 1947-5500
                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                        Vol. 8, No. 2, 2010
   where                                                                        The row total of WS2 for the four business functions
                                                                                 are 17.
         0         0      1
                                                                              The row total of WS3 for the four business functions
    A   P23      P21     0                                 (2)                are 3.
         1         0      0                                                From the above matrix it is clear that BF4 has the minimum
                            
                                                                         dependencies that the other three business tasks. The state
                                                                         transition diagram of the business task is given as states in the
        1           0      0
                                                                         Figure 3.
       
       *
                             
    A  0           0      0                                (3)
                                                                                            0
       P           P21     0
        23                                                                                                                             1
   The matrix of non absorption states is represented as Q                          1                   1
                                                                            S1                  S2               S3                S4
       0          1                                                                                                      0.5
   Q 
      P                                                     (4)
       21         0
                                                                                       0             0.5
        From the matrix theory I3 – Q is always invertible
matrix which is the fundamental matrix N of the chain is given                                          1
by
                                                                                  Figure 3. State representation of BF1, BF2, BF3 and BF4
                   1                 1
    N  I 3Q                                              (5)           Considering the other three business logics, P21=0, P23=1,
                          D ( I3  Q )adj ( I 3  Q)                     P34=0.5 and P32=P34=0.5.
    Then ijth entry of the N gives the mean time of that state.
For example, assume that there are four business functions
which is provided by a service provider in association with                          0. 5 1 1
three web services (WS1, WS2, and WS3), first business                           1           
function (BF1) has 6 dependencies, second business function                  N      0    1 1                                                (7)
(BF2) has 54 dependencies, third business function (BF3) has                    0.5          
28 dependencies and fourth business function (BF4) has 9                             0 0.5 1
dependencies over those web services to complete a business                 Therefore         the       total      dependencies        are
task with 4 phases of Markov chain. Then the state transition            1*6+2*54+2*28+1*9=179 for 5 phases. For 4 phases it is
matrix of these web services can be given as for the completion          given as P3=[0 0.5 0 0.5] ; P4(3) = 0.5. Hence to complete a
of a business task with minimum dependencies is given below.             business task in four phases it has only the probability of 50%.
Assume that the business logic with respect to the particular
web service to fulfill a business task could be produced                    The starting chain is Si, then the expected number of steps
statistically is shown in the matrix below.                              before the chain is absorbed is given by, let ti be the excepted
                                                                         umber of steps before the chain is absorbed, t be the column
                                 BF1   BF2     BF3      BF4              vector whose ith entry is ti.
                 WS1  3               8      5         4                   t  Nc                                                            (8)
                                                         
Bu sin essTask  WS 2  4              2      6         5    (6)           where, c is a column vector all of whose entries are 1
                 WS 3  2
                                      1      1         1
                                                                                 1 2 2 1  5 
                                                                                           
          The dependencies of BF1 over WS1 is 3, WS2 is 4 WS3               t   0 2 2 1   4                                           (9)
           is 2.                                                                  0 1 2 1  3 
                                                                                           
          The dependencies of BF2 over WS1 is 8, WS2 is 2 WS3
           is 1.
          The dependencies of BF3 over WS1 is 5, WS2 is 6 WS3              1) Classification of Possible States
           is 1.                                                              In a Markov chain, each state can be placed in one of the
                                                                         three classifications. Since each state falls into one and only
          The dependencies of BF1 over WS1 is 4, WS2 is 5 WS3           one category, these categories partition the states. The secret of
           is -1.                                                        categorizing the states is to find the communicating classes.
          The row total of WS1 for the four business functions          The states of a Markov chain can be partitioned into these
           are 20.                                                       communicating classes. Two states communicate if and only if
                                                                         it is possible to go from each to the other. That is, states A and



                                                                    38                                  http://sites.google.com/site/ijcsis/
                                                                                                        ISSN 1947-5500
                                                                   (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                             Vol. 8, No. 2, 2010
B communicate if and only if it is possible to go from A to B               can be partitioned into classes such that all states belonging to a
and from B to A. There are three classification of states                   single class communicates and those belonging to different
transient, ergodic, and periodic.                                           class do not communicate. Since for the essential state Ai and
                                                                            the unessential state Aj the equation Pij (m)=0 holds for any m,
    The state Ai is called transient if there exist Aj and n such           we can draw the following conclusion: if a system has reached
that Pij(n)>0, but Pij(m)=0 for all m. Thus, an transient state             one of the states of a definite class of essential states, it can no
possess the property that it is possible, with positive                     longer leave that class.
probability, to pass from it into other state, but it is no longer
possible to return from that state to the original state.                       Transient: A state is transient if it is possible to leave the
                                                                            state and never return.
                           Start                                                Periodic: A state is periodic if it is not transient, and if that
                                                                            state is returned to only on multiples of some positive integer
                                                                            greater than 1. This integer is known as the period of the state.
                                                                                Ergodic: A state is ergodic if it is neither transient nor
                           WS1                                              periodic.
                                       1                                        The Figure 4 illustrates the classification of the states for a
                     0.5                                                    banking transaction. For illustration assume there are two
                                                    External                service providers SP1 and SP2. SP1 has the set of web services
                 WS2                WS3                                     (WS1, WS2, WS3, WS4, WS10, WS11, WS12 and Event
                                                    Partner
                            1                                               Notification EN) and the SP2 has another set of web services
                                                                            (WS5, WS6, WS7, WS8 and WS9) which is under the dotted
               0.5                                                          circle, the web services can be noted as states of the
                                                                            transactions. WS1, WS2 and WS3 are the basic transactions
                                                     1                      which are communicating class. Neglecting start and end, once
                WS4                        WS5               WS6            the chain goes from WS1 to WS4 it cannot return to WS1, hence
                             1\3                                            the web services WS1, WS2 and WS3 are transient. WS4 acts as
                                                                            a gateway for the external partners. Web service WS4 is a
                                            0.5               1             communicating class by itself, once the control leaves WS4 it
                                                  WS7                       never returns again to WS4 so the web service WS4 is transient.
         1\3                                                                Any failure occurs in the gateway will be captured by the EN
                                            0.5              1              and notified as an event notification. The EN is a
                     1\3                                                    communication class and has the loop so it is ergodic. WS10,
                                                                            WS11 and WS12 be the loan approval services, WS12 is the final
                                           WS8               WS9
        END                                                                 web service which decide the approval process base upon the
                                                     1
                                                                            parameters passed by the other web services and finally ends
                                                                            the process else it rollbacks. The web services WS10, WS11 and
                           WS10                                             WS12 forms a communicating class. Once the control arrives
                                                             END            there it never leaves the class so it is not transient, also the web
           1           1                                                    service WS12 has a loop it and its whole class cannot be
                                      0.5
                                                                            periodic hence it is ergodic.
                   WS11              WS12                                       The external partner has five web services which forms a
                                1                  0.5                      communicating class. Once the control comes to this class it
                                                                            never leave that class hence they are not transient if we
                                                                            consider the web service WS7 once the control leaves WS7, will
                                                                            always return in 3 transitions hence the whole class forms a
                                     END                                    periodic.
                                                                                Let us examine more closely the mechanism of transition
                                                                            from state to state inside on class. To do this take some
               Figure 4. Sample classification of concerns                  essential state Ai and denote by Mi the set of all web services
                                                                            WS for which Pii(WS)>0. This set cannot be empty by the
    All states not transient are called periodic state. Form the            virtue of the definition of an essential state. It is immediately
definition it follows that if the states Ai and Aj are essential,           obvious that if the web service WSi and WSj are contained in
then there exist positive m and n such that as long with the                the set Mi, then their dependability, of WSi and WSj, also
inequality Pij(m)>0 the inequality Pij(n)>0 also holds. If Ai and           belongs to this set. Denoted by di the greatest common
Aj are such that for both of them these inequalities holds, given           dependability of the entire web services of the set Mi. it is clear
certain m and n, then they are called communicating. It is clear            that Mi consists only of web services which are dependents of
that if Ai communicates with Aj, and Aj communicates with Ak,               di. The dependencies di is called the period of the state Ai.
then Ai also communicates with Ak. Thus, all essential states




                                                                       39                                http://sites.google.com/site/ijcsis/
                                                                                                         ISSN 1947-5500
                                                                (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                          Vol. 8, No. 2, 2010
  2) Limiting probabilities of composite web service                           Then the transition probabilities
    In a service-oriented architecture [21], individual services
                                                                               Pr(Xi=end | Xi-1=A) = 0.16
are combined into a single workflow that reflects the business
process in question. Although services can be defined in a                     Pr(Xi=end | Xi-1=G) = 0.34
general way, in practice the most widely used services are web
services [22][23]. Currently, composition of web services is                   Pr(Xi=end | Xi-1=T) = 0.38
carried out by orchestration [24]. An orchestration is a                       Pr(Xi=end | Xi-1=C) = 0.12
workflow that combines invocations of individual operations of
the web services involved. It is therefore a composition of                            0.16      0.34 
individual operations, rather than a composition of entire web                   Pr  
                                                                                       0.38
                                                                                                         0.049096                            (12)
services.                                                                                        0.12 
                                                                                                       
    The greatest probabilities Pij(n) cannot increase with the                 If the composite factor is reduced by 2 then the transition
growth of n and the least cannot decrease, where n is the                   probabilities
composite factor (no. of web services to form a composite web
service) in other words, the group of communicating web                        Pr(Xi=end | Xi-1=G) = 0.34
services in a class is called composite web service. It is then                Pr(Xi=end | Xi-1=A) = 0.16
shown that the maximum of the difference Pij(n) – Plj(n), (i,l =
1,2,3….k) tends to zero when n tends to infinity. It is cleared                       0.34 0.16 
that the when the number of web services (composite factor)                     Pr  
                                                                                      0
                                                                                                   0.18                                      (13)
increases in the composite web service, then the probability of                             0  
change of state decreases to zero. Then there exist
                                                                                Therefore, The probability of changing state from start to
    lim . min .Pij (n)  Pj                                     (10)        end in a composite web service with the composition factor 4 is
    n 1i  k                                                             0.049096 and the probability of changing state from start to end
                                                                            in a composite web service with the composition factor 2 is
         and
                                                                            only 0.18. Hence it is concluded that the probability to
                                                                            complete a business task for a given composite web service
    lim . max .Pij (n)  Pj                                     (11)        inversely proportional to the number of individual web service
    n 1i  k
                                                                            (composite factor).
                                    0.16
                                                                                Defining the composite service with very small composite
                                                                            factor will increase the probability to complete the business
                                                                            task and also supports reusability & flexible-introduces
                                                         0.34
                                                                            governance, maintenance & new testing, performance issue
                                                                            based on the network consumption of these service.
                                                                                Defining the composite service with too large composite
                                                                            factor will decrease the probability to complete the business
                                                  0.38                      task and also deliver less or no reusability & flexibility but easy
                                                                            to maintain with less network usage.
                                                                               Finding the right choice of composite factor is on of the key
                                                                            success factor to web service computing
                                           0.12
                                                                                         IV.   CASE STUDY / MODEL ANALYSIS

                  Figure 5. Composite web service                               Dependability analysis is unavoidable in service computing
                                                                            and hence, analyzing these expendabilities could resolve these
    From the Figure 5, let A, C, G and T be the web individual
                                                                            problems up to the maximum extent. The purpose of analyzing
web service to form a composite web service and they are
communicating class with the composite factor 4. Each                       these dependencies is to ensure that the code can handle any
individual web service has its own security constrains and it is            exception or error during the service is being computed. The
marked as self loop. Start state is the initial orchestration of            service computation in this context is also about when more
web service to do a business task and end state is the final work           number of services is executed under service composition.
done by the orchestration.                                                  Table II illustrates the real world web service and its
                                                                            dependencies.




                                                                       40                               http://sites.google.com/site/ijcsis/
                                                                                                        ISSN 1947-5500
                                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                        Vol. 8, No. 2, 2010
         TABLE II.        DEPENDABILITY OF WEB SERVICE SECURITY                            [2]    Ronald G.Ross, “Principles of the Business Rule Approach”, Addison
                                                                                                  Wesley Publisher, ISBN 0-201-78893-4, 2003.
   Web Service                                             Business Logic                  [3]    Asuman Dogac, Yildiray Kabak, Tuncay Namli, and Alper Okcan,
                        Service Functionality
    Endpoint                                               Dependabilities                        “Collaborative Business Process Support in eHealth: Integrating IHE
                                                      1. Multi criteria and profile               Profiles Through ebXML Business Process Specification Language”,
http://xml.assessm                                                                                IEEE Transactions on Information Technology in Biomedicine, vol.
                                                      match doesn’t set to the
ent.com/service/M Match a single Job Profile to                                                   12(6), pp 754-762, 2008.
                                                      service
APPMatching.asm a single person
                                                      2.     No     multi     value        [4]    Saqib Ali, Ben Soh, and Torab Torabi ,“A Novel Approach Toward
x?wsdl
                                                      dependency Exist                            Integration of Rules Into Business Processes Using An Agent-Oriented
                      StrikeIron      provides     an                                             Framework” , IEEE Transaction on Industrial Informatics, Vol. 2(3), pp
http://www.strikeir                                   1.Requested type of data
                      ondemand            Web-based                                               145-154, 2006.
on.com/webservice                                     delivery is not applicable
                      infrastructure for delivering                                        [5]    Luiz Marcio Cysneiros, Julio Cesar Sampaio do Prado Leite and Jaime
s/usdadata.asmx?w                                     2. Data source not found
                      business     data     to   any                                              de Melo Sabat Neto, “A Framework for Integrating Non-Functional
sdl                                                   3.Null pointer exception
                      Internetconnected system.                                                   Requirements into Conceptual Models” Springer. LNCS, Issue 2068, pp
http://www.holida                                                                                 284-298, 2001.
ywebservice.com/                                                                           [6]    Finkelstein A, Dowell J, “A Comedy of Errors: the London Ambulance
                      Web service that calculates
Holidays/GBNIR/                                       1.Invalid date format                       Service Case Study” Proceedings of the Eighth International Workshop
                      specific national holidays for
Dates/GBNIRHoli                                       2. No match exist                           on Software Specification and Design, IEEE Computer Society Press, pp
                      Northern Ireland (UK)
dayDates.asmx?W                                                                                   2-5, 1996.
SDL
                                                                                           [7]    Breitman KK, Leite JCSP, Finkelstein A. “The world’s Stage: A Survey
http://galex.stsci.e                                  1.Null pointer Exception
                      Login web service uses                                                      on Requirements Engineering Using a Real-Life Case Study” Brazilian
du/casjobs/CasUse                                     2. Can’t resolve the input
                      either name or email id                                                     Computer Society, pp 13-37, 1999
rs.asmx?WSDL                                          Symbol
http://websrv.cs.fs Service       for     typecasting 1. implicit type conversion          [8]    Wada. H, Suzuki. J and Oba. K “A Feature Modeling Support for Non-
u.edu/~engelen/int includes             hexadecimal, from type1 to type2 not                      Functional Constraints in Service Oriented Architecture” IEEE
erop2_2.wsdl          base64,etc                      Possible                                    Conference on Service Computing, pp 187-195, 2007
                      Package tracking service :                                           [9]    Wada. H, Suzuki. J and Oba. K, “A Model-Driven Development
                      Input all digits of the 1. Data Mismatched found                            Framework for Non-Functional Aspects in Service Oriented Grids”
http://trial.serviceo                                                                             ICAS, IEEE Computer Society, pp 30-38, 2006
                      package tracking number. 2.            Duplicate      package
bjects.com/pt/Pack
                      Returns package tracking number exist                                [10]   S. Paunov, J. Hill, D. C. Schmidt, J. Slaby, and S. Baker, “Domain-
Track.asmx?wsdl
                      information for a given 3. Data inconsistency                               Specific Modeling Languages for Configuring and Evaluating Enterprise
                      Airborne Express number                                                     DRE System Quality of Service”. Proceedings of IEEE International
http://superglue.ba                                                                               symposium and Workshop on the Engineering of Computer Based
                      Provides simple and fast
dc.rl.ac.uk/exist/se                                  1. unhandled exception                      Systems, pp 198-208, 2006
                      information retrieval for the
rvices/Discovery?                                     2. resource not found                [11]   D. C. Schmidt, “Model-Driven Engineering”, IEEE Computer, 39(2), pp
                      given input string.
wsdl                                                                                              25-31, 2006.
                                                                                           [12]   Z. Gu, B. Xu, J. Li, “Inheritance-Aware Document- Driven Service
                       V. CONCLUSION                                                              Composition”, Proceeding of IEEE International Conference on E-
    The exploit of web threats continues to expand and security                                   Commerce Technology and on Enterprise Computing, ECommerce, and
                                                                                                  E-Services, pp. 513-516, 2007.
concerns wane in their usefulness. The current workflow
modeling and integration software are not able to capture                                  [13]   S.C. Oh, J.W. Yoo, H. Kil, D. Lee, and S. Kumara, “Semantic Web-
                                                                                                  Service Discovery and Composition Using Flexible Parameter
important non-functional parameters of the system, like                                           Matching”, Proceedings of IEEE International Conference on E-
security dependability which is crucial with the model                                            Commerce Technology and on Enterprise Computing, ECommerce, and
transformation framework. Probability analysis of the security                                    E-Services, pp. 533-536, 2007.
dependencies represents another step in this direction such as                             [14]   John Jung, Soundar Kumara, Dongwon Lee, and Seog, “A Web Service
Markov chain. In this paper we extended the concept of                                            Composition Framework Using Integer Programming with Non-
Markov chain process for dependability analysis of business                                       Functional Objectives and Constraints” IEEE Conference on E-
                                                                                                  Commerce Technology and the Fifth IEEE Conference on Enterprise
logic for web services. The presented approach is fully base on                                   Computing, E-Commerce and E-Services, pp 347-350, 2008
mathematical concepts and modeling of business logic                                       [15]   Asoke K Talukder and Manish Chaitanya, “Architecting Secure
dependability analysis of web service security can be                                             Software Systems”, Auerbach Publications, 2008.
seamlessly integrated to business logic analyzing algorithms.                              [16]   Asoke K Talukder “Analyzing and Reducing the Attack Surface for a
                                                                                                  Cloud-ready Application” Indo-US Conference on Cyber Security,
                                                                                                  Cyber Crime, and Cyber Forensics, National Institute of Technology
                            ACKNOWLEDGMENT                                                        Karnataka, 2009
   This work has been carried out as a part of ‘Collaborative                              [17]   G. Sindre and A.L. Opdahl, “Eliciting Security Requirements by Misuse
Directed Basic Research in Smart and Secure Environment’                                          Cases,” in Proceedings of 37th Conference on Techniques of Object-
Project, funded by National Technical Research Organization                                       Oriented Languages and Systems, TOOLS Pacific 2000, pp. 120–131,
                                                                                                  2000
(NTRO), New Delhi, India. The authors would like to thank the
                                                                                           [18]   A. Avizienis and J. C. Laprie. Dependable computing: from concepts to
funded organization.                                                                              design diversity. In Proc. IEEE, 74(5):629–638, May 1986.
                                                                                           [19]   www.issco.unige.ch
                                 REFERENCES                                                [20]   J.C. C. Laprie, A. Avizienis, H. Kopetz. Dependability: Basic Concepts
                                                                                                  and Terminology. Springer-Verlag New York, 1992
[1]   Dirk Draheim, Gerald Weber, “From-Oriented Analysis, A New                           [21]   E. Thomas. Service-Oriented Architecture: Concepts, Technology, and
      Methodology to Model Based Application”, Springer, vol 4(3), pp 346-                        Design. Prentice Hall, 2005.
      347, 2005                                                                            [22]   E. Newcomer. Understanding Web Services: XML, WSDL, SOAP, and
                                                                                                  UDDI. Addison-Wesley, 2002.




                                                                                      41                                    http://sites.google.com/site/ijcsis/
                                                                                                                            ISSN 1947-5500
                                                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                     Vol. 8, No. 2, 2010
[23] G. Alonso, F. Casati, H. Kuno, and V. Machiraju. Web Services:                    in the field of Computer Science and Engineering, Anna University, Chennai,
     Concepts, Architectures and Applications. Springer-Verlag, 2004.                  India. He is currently working in the area of web service modelling systems.
[24] C. Peltz. Web services orchestration and choreography. Computer,                  Dr. Dhavachelvan Ponnurangam is working as Associate Professor,
     36(10):46–52, 2003.                                                               Department of Computer Science, Pondicherry University, India. He has
[25] Heather, Hinton, Maryann Hondo, Beth Hurchison, “Security patterns                obtained his M.E. and Ph.D. in the field of Computer Science and Engineering
     within a Service Oriented Architecture”, IBM, 2006.                               in Anna University, Chennai, India. He is having more than a decade of
                                                                                       experience as an academician and his research areas include Software
[26] Paul Kearney, “Message Level Security for Web Service”, Information
                                                                                       Engineering and Standards, web service computing and technologies. He has
     Security Technical Report, Elsevier, Vol. 10, No. 1, 2005, pp 41-50
                                                                                       published around 50 research papers in National and International Journals
                                                                                       and Conferences. He is collaborating and coordinating with the research
                           AUTHORS PROFILE                                             groups working towards to develop the standards for Attributes Specific
Saleem Basha is a Ph.D research scholar in the Department of Computer                  SDLC Models & Web Services computing and technologies.
Science, Pondicherry University. He has obtained B.E in the field of Electrical
and Electronics Engineering, Bangalore University, Bangalore, India and M.E




                                                                                  42                                   http://sites.google.com/site/ijcsis/
                                                                                                                       ISSN 1947-5500