"Dependability Analysis on Web Service Security: Business Logic Driven Approach"
(IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 Dependability Analysis on Web Service Security: Business Logic Driven Approach Saleem Basha P. Dhavachelvan Department of Computer Science Department of Computer Science Pondicherry University Pondicherry University Puducherry, India Puducherry, India email@example.com firstname.lastname@example.org Abstract— In the modern computing world internet and e- development starting from requirement analysis to business are the composite blend of web service and technology. maintenance. The information exchange between the database Organization must secure their state of computing system or risk and the user interface will be done by the functional algorithm to malicious attacks. The business logic is the fundamental drive which is described by the business logic. This logic is for computer based business tasks, where business process and composed of business functions and business rules. Series of business function adds their features for better illustration for the logically related activities or task performed together to abstract view of the business domain. The advent and produce a defined set of result called business function and astronomical raise of internet and ebusiness makes the business business rule is a statement that defines or constrains some logic to specify and drive the web service. Due to the loosely aspect of the business. It is important to understand that coupling of web service with the application, analyzing business modeling commonly refers to business process design dependability of the business logic becomes an essential artifact to produce complex web service composition and orchestrations at the operational level  which comes under the functional to complete a business task. This paper extended the Markov requirement of the system, where as the non functional chain for the dependability analysis of the business logic driven requirements are left as it is afterthought. Non functional web service security. attributes defines the system properties and constraints and can be classified as Product requirements, Organizational Keywords- Web Servcie; Dependability Analysis; Busienss requirements and External requirements. Security of the system Logic; Web Servcie Security plays a major role across the boundaries of the organizations. Security of the system can be improved by providing the I. INTRODUCTION foundation in the early phase of the system development process by dependability analysis. The development of system Enterprise systems are distinct and highly complex class of during requirements analysis and system design can improve systems. They are characterized by their importance for the quality of the resulting system. enterprises themselves, making them mission critical, by their extreme multi-user capability, by their tolerance of heavy loads The most common dependability parameters which can be and by with their tight integration with the business process, used to describe the nonfunctional requirements of virtually which makes every enterprise system installation unique. In any kind of service, independently from the nature of the short, they are one of the most fascinating yet most demanding service are reliability and availability . The dependability disciplines in software engineering . The business logic is of the of the system raises along with the growing popularity of responsible for implementing the basic rules of the system the web service based integration of heterogeneous enterprise according to the operating rules of the business. Its main systems. The parameters of non functional (mainly feature is to take request, determine what actions the request dependability related) requirements must be predefined for a requires, implement those actions and return response data to given web service in order to guarantee the web service the customer. Organization faces the problem of the security consumers. The provider also has to consider similar derived from the non functional requirements and to maximize nonfunctional parameters of external Web services involved in the utilization of the cutting edge technology with minimum the operation of his main service to be able to calculate and cost in the agile business environment. Web service is the plan the dependability parameters. upcoming wave for tomorrows business needs, in this concern In this paper, we extend Markov chain process for the the non functional attributes is the one of the major challenging dependability analysis of the business logic driven web service sector for the developers to guarantee the confidentiality, security. A direct generalization of the scheme of independent authentication, integrity, authorization and non-repudiation of trials is a scheme of what are known as Markov Chains, machine to machine interaction so security is not negotiable to imagine that a sequence of trials in each of which one and only anticipate a secure artifacts for web service. There are two one of k mutually exclusive events A1(s), A2(s)… Ak(s) can occur. underlying themes for all these pressure: Heterogeneity and We say that the sequence of trials forms a Markov Chain, or agility: Software development is a standard practice in more precisely a simple Markov chain, if the conditional software engineering where business logic drives the software 33 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 probability that event Ai(s+1) (i=1,2…k) will occur in the (s+1)th configurable web services. Hence this model would ensure the trial (s=1,2,3….) after a known event has occurred in the sth consumers that the services are manageable at runtime, self trial, depends solely on the event that occurred in the sth trial configurable in case of dependability, computable in total or and is not modified by supplementary information about the partial and traceable to the point of failure. Also it sustains event that occurred in earlier trials. A different terminology is dependency between the business rules and business functions. frequently employed in starting the theory of Markov chains and one speaks of a certain system S, which at each instant of A. Web Service Security Analysis time can be in one of the states A1, A2 ….. Ak and alters its state The cost versus risk parameters of the business will only at times t1, t2 …. tn …. For Markov chains, the probability determine the capability to implement security in web service of passing to some state Ai (i=1,2….k) at time τ(ts< τ<ts+1) . More a business can articulate the risks to its business, depends only on the state the system was in at time t(ts-1<t<ts) better it will be capable to appraise the advantage of preventive and does not change if we learn its state were at earlier times. measurements to protect itself. The business must be capable of answering such a question. II. WEB SERVICE SECURITY ANALYSIS AND BUSINESS LOGIC MODEL Who has to have the access to which information? Modeling business logic focuses on the core functionality How is access to data provided? Direct or brokered? of the business process, which are capsulated as web services. Is there a need for data to be available to external partners It requires that business process pertains exactly to the business as well as internal consumers? logic with various business terminologies such as dependency, policy, standards, constraints, etc. As a prerequisite to this What requirements does the information need in transit, in business logic model, the core functionality of the business process and at rest? process should be analyzed for dependencies then modeled To achieve a secure web service, the application and the absolutely, whereas the previous implementations of web security analysis must be analyzed conceptually and modeled. services were direct. Ronald et al. states that existing models This roughly goes without saying that the big companies are like business rule model, business motivation model and obsessed by the safety and to assure the critical applications, business process model concentrate on business process at the essential information is at stake. Any movement towards web operational level with compromising minimum range of QoS service presents a principal opportunity to incorporate the attributes . Business rule model deals with the extraction of safety in future applications. Organization and system stake business rules from the business logic, in order to reduce the holders are realizing that every opportunity for the business cost and time spent in development . Business motivation emerges with the danger of seriously screwing things-up. In model paves way for identifying the facts preserved in novel early web service adopters are delicious prey for the bad objectives, thereby facilitating the business process thinking about the security analysis of the web service. After development. Business process model provides optimization to the several advancement in the technology and techniques in the business process at the designing phase. The the context of security analysis, still the system developers implementation of a company's business model into faces the problem of security and security analysis. organizational structures and systems is part of a company's business operations. It is important to understand that business Wide consideration to inherent the security features in the modeling commonly refers to business process design at the SDLC of the web service platform will enhances the safety of operational level , whereas business models and business the web service as well as the service themselves . Thus model design refer to defining the business logic of a company web service provides an opportunity to avoid such security at the strategic level. Business logic model aims to resolve the related issues and challenges or otherwise managing security complexities involved, by decomposing the business process dependencies that pervade software architecture. into sub processes and in turn into tasks, also preserving the The vendors typically emphasize the primary features of functional dependencies among the sub-processes, without safety that they offer as key selling points in the real world of ignoring the key factors. Any service domain adopted this enterprise applications. Nevertheless, out of the list of model for their web service development could be easily obligatory features of safety, few sellers can give testimony to managed in terms of handling run time exceptions towards the underlying safety of the product itself. So the user could service reliability and manageability. Business logic model can have all the characteristics of security in the computing world, be applied in tandem with the above described models, thereby but they remain untenably insecure due to lack of analysis of facilitating service computation and composition much better. the security. This model enables web services to realize their computational criteria such as computability, traceability and decidability with the supporting QoS attributes like manageability, B. Business Logic Model configurability, serviceability and dependency. The Business processes and motivation models have been used computational criteria would be the best suit for the web to analyze and propose new changes in accordance to changing service community who look for exception-free web services business scenarios. A process model scope does not extend or reconfigurable web services. This model would also satisfy optimally to web services, whereas Business Rule models the service consumers who approach the discovery and extract rules from the business logic and concentrate mainly on composition engines for fetching exception free or self the problem of modeling and accessing data by using efficient queries . However they do not model the entire business Identify applicable sponsor/s here. (sponsors) 34 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 logic including the dependency analysis. Thus there is a need drawbacks; significant performance problem for data intensive for a model which represents a business process in detail and functions, non object application may have significant also adapts the dependability analysis, rules, policies and difficulty to accessing functionality. Improper handling of the standards to changing business scenarios. This adaptability non functional requirements and its dependability may result in helps service consumers and service providers cope up with the compromising the growth of the organization. demanding and challenging changes in services. Currently much work in the requirements engineering field Such a representation should not compromise on matter and has been done to shown the necessity of business logic which processes private to a business. Since a business logic model take non-functional requirement’s (NFR) dependability into seems inevitable, by maintaining business privacy and by consideration. Such logic will better deal with real-world modeling a specific business process, the model seems to be a situations. On the other hand the advantages of having business promising methodology to handle the ever-changing business logic is the capability of representing nonfunctional aspects, scenarios. Business Process systems that use web services such as dependability, confidentiality, performance, ease of use decrease the cost of automating transactions with trading and timeliness. It is believed that these functional aspects partners. should be dealt with as non-functional requirements. Therefore, NFRs have to be handled and expressed very early in the The scope of a business process is limited to design, process of modeling an information system . Organizations development and deployment of services. The limited scope are spending much in system development and least helps to develop better services keeping service customization concentration to NFRs. Recent tales of failure in information in mind. The outcome breakdown structure of the service systems can be explained by the lack of attention to NFRs. The business logic is streamed as a set of business rules, functions London Ambulance System (LAS) is a example for the and parameters. Further, these rules and functions could be information system failure due to lack of attention of NFRs . tuned to be primitive business functions under certain specific The LAS was deactivated, soon after its deployment, because conditions. The primary motivation behind setting up the of several problems, many of which were related to NFRs such business functions as primitive business functions would pose as performance and conformance with standards . the computability and traceability factors, which are the most Negotiation in the NRFs is not a healthy activity in the system essential quality-driven factors as they could manage the development, the consequences of negotiating NRFs leads to complete service computing platform successfully by the serious problem as in the case of LAS. effective handling of run-time exceptions during service computation and composition by the security dependencies. Serviced Oriented Architecture (SOA) is the paradigm for This model decomposes the business logic into functionally the future business environment, where web service is the consistent and coherent business rules and functions, keeping building block for SOA and it is the key for agile business in mind the privacy constraints of businesses. Decomposition across the enterprises. It is important in Service Oriented helps representing the interdependent business functions with Architecture to separate functional and non-functional the security dependability as low as possible. This strategy requirements for services because different applications use categorizes the business functions into initial, composite and services in different non-functional contexts. In order to recursive functions and evaluates them into computable and maximize the reusability of services, a set of constraints among dependable business functions. Computability and non-functional requirements tend to be complicated to dependability of business functions are key factors for maintain. Currently, those non-functional constraints are measuring the success rate. Existing discovery and composition informally specified in natural languages, and developers need engines provide services based on functionality, quality, and to ensure that their applications satisfy the constraints in security of requested services. Customizing the services is not manual and ad-hoc manners . System developers believe addressed by the existing engines. The proposed business logic that business logic composes and speaks only the functional based dependability analysis exhibits the functionalities of any aspect, but fails to keep in mind that to consider the other of the generic engines but is also resilient to customization. aspects driven by functional aspect i.e. dependabelity. The separation of functional and non-functional aspects improves C. Relation Between Web Service Security Analysis and the reusability of services and connections. It also improves the Business Logic Model ease of understanding application design and enables two different aspects to evolve independently. Wada et al. pointed Modeling system with business logic model has benefits that the separation of functional and non-functional aspects like; it reflects standard layering practices with in the results in higher maintainability of applications . Non- development communities, business functionality easily functional aspects should also be captured as abstract models in accessible by other object application, very efficient to build an early development phase and automatically transformed to business objects, it helps to test the basic success premises of code or configuration files in order to improve development business, improves the clear understanding of existing value productivity. It incurs time-consuming and error-prone manual drivers and constraints, it provides a componentized view of efforts to implement and deploy non-functional aspects in later the business and technology environment in order to have development phases (e.g., integration and test phases) . common building blocks that can be reused across product and Web services become more popular and better utilized by many business silos, it defines and sustainable interim states which users and software agents, they will inevitably be provides measurable benefits as flexible path to the goal and commercialized. But still Services Challenge (WSC) that focus business logic provides a strong governance to manage and on functional aspects . We believe that considering the deliver the changes. Business logic also possesses some of the 35 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 dependability of both functional and non-functional attributes constrains of the system can be eliminated and the probability together in solving the Web services composition problem of a system failure can be evaluated. The analysis can be done would produce superior outputs . Because NFRs are always for two basic purposes; determine the optimal solution for tied up with functional requirements i.e., NFRs can be seen as given requirements and determine the guaranteed parameters requirements that constrain or set some quality attributes upon for a given solution. a functional requirement To the best of our knowledge, this is the first work studying B. Business Logic Based Dependability Analysis in Web the usability of the main approaches adopted for specifying and Servcie Security enforcing web service security analysis in business logic. The web service is the perfect blue print for agile business Today’s internet and e-affaires are the composite blend of environment where the services are catered across the business process and technology where the web service is the organizational boundary which is specified by the business perfect blue print for agile business environment. In the early logic. The loosely coupling characteristic of web service times, data in the networks were closed; security within these introduces many challenges including security. networks was ensured through isolation. Later LAN(Local Security is the major concern and web service may fail due Area Network) was introduced with firewalls to isolated from to these concerns. As said earlier business logic drives the the untrusted public networks to ensure that adversaries and business through web service using business functions and hackers cannot intrude into the private network. For more business rules. Business logic also specifies the security security, they added security aspects like proxies, intrusion aspects; a promising approach for problem determination in detection system, intrusion prevention system, antivirus, large systems is dependency analysis. In brief, the question that malware catchers etc., are the domain specific security dependency analysis tries to answer is this: Is the service X measures. The belief was that applications and assets used by dependent on another service Y or security parameter Z? If the organization can be secured through in-vitro perimeter such a dependency exists, what is the strength1 of the security. Therefore, software engineering techniques never dependency? Using this information, when a problem is looked into security analysis as an important component in observed at a particular service point, the root cause may be Software Develop Life Cycle (SDLC); and, identified security tracked down to a security parameter on which this service is as nonfunctional requirement . Security must be part of the dependent. The dependency analysis problem becomes very application to protect itself from security threats. Application challenging in situations where the security of the system may security will however be over and above the perimeter network be static or dynamic in nature. In such cases, these parameters security. To achieve this, security now need to be treated as can appear and disappear during system lifetime because of functional requirement and must be part of SDLC . Sindre failures, or deployment of new security requirement and the et al. have identified application security as a need and dependency relations can change as a result of change of proposed ways to achieve this. All these isolated and security parameter availability or new service level agreements independent techniques have been combined together in a being negotiated. thread to form a business Logic . For illustration let us consider four service providers (SP1, III. DEPENDABILITY ANALYSIS IN WEB SERVICE SECURITY SP2, SP3, SP4) each service provider has his own Business Logic (BL) and one or many Business Function (BF) to A. Dependability Analysis complete the business tasks as shown in the Figure 1. The most common dependability parameters which can be From the Markov chain the dependability of the business used to describe the nonfunctional requirements of virtually functions to the web service is shown in the Table 1. The BL1 any kind of service, independently from the nature of the has defined two business functions namely BF1 and BF2 which service are reliability and availability . The probability has three web services each WS1, WS3, WS4 and WS1, WS2, formalism, into which these dependencies may fit in a natural WS4 respectively. Now consider only the business function way and it is important for the analysis of the non functional BF1, let WS1, WS3 and WS4 are need to complete a business parameters. Then the dependability of the system can able to task with some security consideration. The state graph of these assessed for the parameters of the system from the web services is show in the Figure 2. WS1 is the initial state or components’ parameters. Using design patterns that are proven the initial web service for BF1, the arrow flows from WS1 to in the field of reliability can enhance the dependability of the WS2 iff (if and if only) all the security conditions satisfies in main service. Such patterns can be, for instance, the N-Version WS1, and its probability is 1, else it rolls back to WS1 itself. Programming and the Recovery Block scheme . Web Similarly from WS2 to WS4, the P21 is the probability of the service is the building block for SOA in different platforms, state WS3 to return to previous state WS1 under any fault vendors, etc. The dependability of that particular system may conditions, and P23 is the probability of success of the security of course influenced by the nature of the problem. The considerations and reaches to the final state WS4 and thus a parameters of a composite web service is depends on the nature business task completes for business function BF1. of the implementation and design of the individual web services and its patterns. Finally the aim of the dependability analysis of the system is to validate a business process towards some business tasks. The consideration of such patterns can be based on the result of a dependability analysis, moreover the 36 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 TABLE I. BUSINESS LOGIC AND ITS ASSOCIATED B USINESS FUNCTIONS SP1 BL1 AND WEB SERVCIES BL1 BL2 BL3 BL4 BF1 BF2 BF3 BF4 BF5 BF6 BF7 BF8 BF9 BF1 BF2 WS1 * * WS2 * WS3 * WS4 * * WS5 * * WS1 WS2 WS3 WS4 WS6 * * WS7 * * (a) WS8 * * * BL2 WS9 * SP2 WS10 * * WS11 * BF3 BF4 BF5 WS12 * 0 WS5 WS6 WS7 1 1 WS1 WS3 WS4 (b) P23 P21 SP3 BL3 are the security considerations BF6 BF7 BF8 Figure 2. Dependability Graph of BF1 The transition probability of BF1 from state WSi to WSj, where i, j = 1,3,4. Then transition matrix can be written for WS1, WS3, and WS4. WS8 WS9 WS10 0 1 0 BL1 P21 0 P23 (1) (c) 0 0 1 Here P21 + P23 = 1 Let ∂0, ∂1, ∂2 ….. ∂n are the phases of the chain, then SP3 BL4 Pi = [P1(i) P2(i) P3(i)] be the probability of the chain in the given phase i. BF9 Since WS1 is the initial state, therefore P0 = [1 0 0] Further from matrix theory Pi+1 = PiA i.e. P1 = P0A =  WS11 WS12 P2 = P1A = [P210P23] P3 = P2A = [0P21+P32P231] (d) In general Pn=P0An ; n=1,2,3 …. Figure 1. Service Providers (SP1, SP2,SP3 and SP4) and its Business Functions 37 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 where The row total of WS2 for the four business functions are 17. 0 0 1 The row total of WS3 for the four business functions A P23 P21 0 (2) are 3. 1 0 0 From the above matrix it is clear that BF4 has the minimum dependencies that the other three business tasks. The state transition diagram of the business task is given as states in the 1 0 0 Figure 3. * A 0 0 0 (3) 0 P P21 0 23 1 The matrix of non absorption states is represented as Q 1 1 S1 S2 S3 S4 0 1 0.5 Q P (4) 21 0 0 0.5 From the matrix theory I3 – Q is always invertible matrix which is the fundamental matrix N of the chain is given 1 by Figure 3. State representation of BF1, BF2, BF3 and BF4 1 1 N I 3Q (5) Considering the other three business logics, P21=0, P23=1, D ( I3 Q )adj ( I 3 Q) P34=0.5 and P32=P34=0.5. Then ijth entry of the N gives the mean time of that state. For example, assume that there are four business functions which is provided by a service provider in association with 0. 5 1 1 three web services (WS1, WS2, and WS3), first business 1 function (BF1) has 6 dependencies, second business function N 0 1 1 (7) (BF2) has 54 dependencies, third business function (BF3) has 0.5 28 dependencies and fourth business function (BF4) has 9 0 0.5 1 dependencies over those web services to complete a business Therefore the total dependencies are task with 4 phases of Markov chain. Then the state transition 1*6+2*54+2*28+1*9=179 for 5 phases. For 4 phases it is matrix of these web services can be given as for the completion given as P3=[0 0.5 0 0.5] ; P4(3) = 0.5. Hence to complete a of a business task with minimum dependencies is given below. business task in four phases it has only the probability of 50%. Assume that the business logic with respect to the particular web service to fulfill a business task could be produced The starting chain is Si, then the expected number of steps statistically is shown in the matrix below. before the chain is absorbed is given by, let ti be the excepted umber of steps before the chain is absorbed, t be the column BF1 BF2 BF3 BF4 vector whose ith entry is ti. WS1 3 8 5 4 t Nc (8) Bu sin essTask WS 2 4 2 6 5 (6) where, c is a column vector all of whose entries are 1 WS 3 2 1 1 1 1 2 2 1 5 The dependencies of BF1 over WS1 is 3, WS2 is 4 WS3 t 0 2 2 1 4 (9) is 2. 0 1 2 1 3 The dependencies of BF2 over WS1 is 8, WS2 is 2 WS3 is 1. The dependencies of BF3 over WS1 is 5, WS2 is 6 WS3 1) Classification of Possible States is 1. In a Markov chain, each state can be placed in one of the three classifications. Since each state falls into one and only The dependencies of BF1 over WS1 is 4, WS2 is 5 WS3 one category, these categories partition the states. The secret of is -1. categorizing the states is to find the communicating classes. The row total of WS1 for the four business functions The states of a Markov chain can be partitioned into these are 20. communicating classes. Two states communicate if and only if it is possible to go from each to the other. That is, states A and 38 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 B communicate if and only if it is possible to go from A to B can be partitioned into classes such that all states belonging to a and from B to A. There are three classification of states single class communicates and those belonging to different transient, ergodic, and periodic. class do not communicate. Since for the essential state Ai and the unessential state Aj the equation Pij (m)=0 holds for any m, The state Ai is called transient if there exist Aj and n such we can draw the following conclusion: if a system has reached that Pij(n)>0, but Pij(m)=0 for all m. Thus, an transient state one of the states of a definite class of essential states, it can no possess the property that it is possible, with positive longer leave that class. probability, to pass from it into other state, but it is no longer possible to return from that state to the original state. Transient: A state is transient if it is possible to leave the state and never return. Start Periodic: A state is periodic if it is not transient, and if that state is returned to only on multiples of some positive integer greater than 1. This integer is known as the period of the state. Ergodic: A state is ergodic if it is neither transient nor WS1 periodic. 1 The Figure 4 illustrates the classification of the states for a 0.5 banking transaction. For illustration assume there are two External service providers SP1 and SP2. SP1 has the set of web services WS2 WS3 (WS1, WS2, WS3, WS4, WS10, WS11, WS12 and Event Partner 1 Notification EN) and the SP2 has another set of web services (WS5, WS6, WS7, WS8 and WS9) which is under the dotted 0.5 circle, the web services can be noted as states of the transactions. WS1, WS2 and WS3 are the basic transactions 1 which are communicating class. Neglecting start and end, once WS4 WS5 WS6 the chain goes from WS1 to WS4 it cannot return to WS1, hence 1\3 the web services WS1, WS2 and WS3 are transient. WS4 acts as a gateway for the external partners. Web service WS4 is a 0.5 1 communicating class by itself, once the control leaves WS4 it WS7 never returns again to WS4 so the web service WS4 is transient. 1\3 Any failure occurs in the gateway will be captured by the EN 0.5 1 and notified as an event notification. The EN is a 1\3 communication class and has the loop so it is ergodic. WS10, WS11 and WS12 be the loan approval services, WS12 is the final WS8 WS9 END web service which decide the approval process base upon the 1 parameters passed by the other web services and finally ends the process else it rollbacks. The web services WS10, WS11 and WS10 WS12 forms a communicating class. Once the control arrives END there it never leaves the class so it is not transient, also the web 1 1 service WS12 has a loop it and its whole class cannot be 0.5 periodic hence it is ergodic. WS11 WS12 The external partner has five web services which forms a 1 0.5 communicating class. Once the control comes to this class it never leave that class hence they are not transient if we consider the web service WS7 once the control leaves WS7, will always return in 3 transitions hence the whole class forms a END periodic. Let us examine more closely the mechanism of transition from state to state inside on class. To do this take some Figure 4. Sample classification of concerns essential state Ai and denote by Mi the set of all web services WS for which Pii(WS)>0. This set cannot be empty by the All states not transient are called periodic state. Form the virtue of the definition of an essential state. It is immediately definition it follows that if the states Ai and Aj are essential, obvious that if the web service WSi and WSj are contained in then there exist positive m and n such that as long with the the set Mi, then their dependability, of WSi and WSj, also inequality Pij(m)>0 the inequality Pij(n)>0 also holds. If Ai and belongs to this set. Denoted by di the greatest common Aj are such that for both of them these inequalities holds, given dependability of the entire web services of the set Mi. it is clear certain m and n, then they are called communicating. It is clear that Mi consists only of web services which are dependents of that if Ai communicates with Aj, and Aj communicates with Ak, di. The dependencies di is called the period of the state Ai. then Ai also communicates with Ak. Thus, all essential states 39 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 2) Limiting probabilities of composite web service Then the transition probabilities In a service-oriented architecture , individual services Pr(Xi=end | Xi-1=A) = 0.16 are combined into a single workflow that reflects the business process in question. Although services can be defined in a Pr(Xi=end | Xi-1=G) = 0.34 general way, in practice the most widely used services are web services . Currently, composition of web services is Pr(Xi=end | Xi-1=T) = 0.38 carried out by orchestration . An orchestration is a Pr(Xi=end | Xi-1=C) = 0.12 workflow that combines invocations of individual operations of the web services involved. It is therefore a composition of 0.16 0.34 individual operations, rather than a composition of entire web Pr 0.38 0.049096 (12) services. 0.12 The greatest probabilities Pij(n) cannot increase with the If the composite factor is reduced by 2 then the transition growth of n and the least cannot decrease, where n is the probabilities composite factor (no. of web services to form a composite web service) in other words, the group of communicating web Pr(Xi=end | Xi-1=G) = 0.34 services in a class is called composite web service. It is then Pr(Xi=end | Xi-1=A) = 0.16 shown that the maximum of the difference Pij(n) – Plj(n), (i,l = 1,2,3….k) tends to zero when n tends to infinity. It is cleared 0.34 0.16 that the when the number of web services (composite factor) Pr 0 0.18 (13) increases in the composite web service, then the probability of 0 change of state decreases to zero. Then there exist Therefore, The probability of changing state from start to lim . min .Pij (n) Pj (10) end in a composite web service with the composition factor 4 is n 1i k 0.049096 and the probability of changing state from start to end in a composite web service with the composition factor 2 is and only 0.18. Hence it is concluded that the probability to complete a business task for a given composite web service lim . max .Pij (n) Pj (11) inversely proportional to the number of individual web service n 1i k (composite factor). 0.16 Defining the composite service with very small composite factor will increase the probability to complete the business task and also supports reusability & flexible-introduces 0.34 governance, maintenance & new testing, performance issue based on the network consumption of these service. Defining the composite service with too large composite factor will decrease the probability to complete the business 0.38 task and also deliver less or no reusability & flexibility but easy to maintain with less network usage. Finding the right choice of composite factor is on of the key success factor to web service computing 0.12 IV. CASE STUDY / MODEL ANALYSIS Figure 5. Composite web service Dependability analysis is unavoidable in service computing and hence, analyzing these expendabilities could resolve these From the Figure 5, let A, C, G and T be the web individual problems up to the maximum extent. The purpose of analyzing web service to form a composite web service and they are communicating class with the composite factor 4. Each these dependencies is to ensure that the code can handle any individual web service has its own security constrains and it is exception or error during the service is being computed. The marked as self loop. Start state is the initial orchestration of service computation in this context is also about when more web service to do a business task and end state is the final work number of services is executed under service composition. done by the orchestration. Table II illustrates the real world web service and its dependencies. 40 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010 TABLE II. DEPENDABILITY OF WEB SERVICE SECURITY  Ronald G.Ross, “Principles of the Business Rule Approach”, Addison Wesley Publisher, ISBN 0-201-78893-4, 2003. Web Service Business Logic  Asuman Dogac, Yildiray Kabak, Tuncay Namli, and Alper Okcan, Service Functionality Endpoint Dependabilities “Collaborative Business Process Support in eHealth: Integrating IHE 1. Multi criteria and profile Profiles Through ebXML Business Process Specification Language”, http://xml.assessm IEEE Transactions on Information Technology in Biomedicine, vol. match doesn’t set to the ent.com/service/M Match a single Job Profile to 12(6), pp 754-762, 2008. service APPMatching.asm a single person 2. No multi value  Saqib Ali, Ben Soh, and Torab Torabi ,“A Novel Approach Toward x?wsdl dependency Exist Integration of Rules Into Business Processes Using An Agent-Oriented StrikeIron provides an Framework” , IEEE Transaction on Industrial Informatics, Vol. 2(3), pp http://www.strikeir 1.Requested type of data ondemand Web-based 145-154, 2006. on.com/webservice delivery is not applicable infrastructure for delivering  Luiz Marcio Cysneiros, Julio Cesar Sampaio do Prado Leite and Jaime s/usdadata.asmx?w 2. Data source not found business data to any de Melo Sabat Neto, “A Framework for Integrating Non-Functional sdl 3.Null pointer exception Internetconnected system. Requirements into Conceptual Models” Springer. LNCS, Issue 2068, pp http://www.holida 284-298, 2001. ywebservice.com/  Finkelstein A, Dowell J, “A Comedy of Errors: the London Ambulance Web service that calculates Holidays/GBNIR/ 1.Invalid date format Service Case Study” Proceedings of the Eighth International Workshop specific national holidays for Dates/GBNIRHoli 2. No match exist on Software Specification and Design, IEEE Computer Society Press, pp Northern Ireland (UK) dayDates.asmx?W 2-5, 1996. SDL  Breitman KK, Leite JCSP, Finkelstein A. “The world’s Stage: A Survey http://galex.stsci.e 1.Null pointer Exception Login web service uses on Requirements Engineering Using a Real-Life Case Study” Brazilian du/casjobs/CasUse 2. Can’t resolve the input either name or email id Computer Society, pp 13-37, 1999 rs.asmx?WSDL Symbol http://websrv.cs.fs Service for typecasting 1. implicit type conversion  Wada. H, Suzuki. J and Oba. K “A Feature Modeling Support for Non- u.edu/~engelen/int includes hexadecimal, from type1 to type2 not Functional Constraints in Service Oriented Architecture” IEEE erop2_2.wsdl base64,etc Possible Conference on Service Computing, pp 187-195, 2007 Package tracking service :  Wada. H, Suzuki. J and Oba. K, “A Model-Driven Development Input all digits of the 1. Data Mismatched found Framework for Non-Functional Aspects in Service Oriented Grids” http://trial.serviceo ICAS, IEEE Computer Society, pp 30-38, 2006 package tracking number. 2. Duplicate package bjects.com/pt/Pack Returns package tracking number exist  S. Paunov, J. Hill, D. C. Schmidt, J. Slaby, and S. Baker, “Domain- Track.asmx?wsdl information for a given 3. Data inconsistency Specific Modeling Languages for Configuring and Evaluating Enterprise Airborne Express number DRE System Quality of Service”. Proceedings of IEEE International http://superglue.ba symposium and Workshop on the Engineering of Computer Based Provides simple and fast dc.rl.ac.uk/exist/se 1. unhandled exception Systems, pp 198-208, 2006 information retrieval for the rvices/Discovery? 2. resource not found  D. C. Schmidt, “Model-Driven Engineering”, IEEE Computer, 39(2), pp given input string. wsdl 25-31, 2006.  Z. Gu, B. Xu, J. Li, “Inheritance-Aware Document- Driven Service V. CONCLUSION Composition”, Proceeding of IEEE International Conference on E- The exploit of web threats continues to expand and security Commerce Technology and on Enterprise Computing, ECommerce, and E-Services, pp. 513-516, 2007. concerns wane in their usefulness. The current workflow modeling and integration software are not able to capture  S.C. Oh, J.W. Yoo, H. Kil, D. Lee, and S. Kumara, “Semantic Web- Service Discovery and Composition Using Flexible Parameter important non-functional parameters of the system, like Matching”, Proceedings of IEEE International Conference on E- security dependability which is crucial with the model Commerce Technology and on Enterprise Computing, ECommerce, and transformation framework. Probability analysis of the security E-Services, pp. 533-536, 2007. dependencies represents another step in this direction such as  John Jung, Soundar Kumara, Dongwon Lee, and Seog, “A Web Service Markov chain. In this paper we extended the concept of Composition Framework Using Integer Programming with Non- Markov chain process for dependability analysis of business Functional Objectives and Constraints” IEEE Conference on E- Commerce Technology and the Fifth IEEE Conference on Enterprise logic for web services. The presented approach is fully base on Computing, E-Commerce and E-Services, pp 347-350, 2008 mathematical concepts and modeling of business logic  Asoke K Talukder and Manish Chaitanya, “Architecting Secure dependability analysis of web service security can be Software Systems”, Auerbach Publications, 2008. seamlessly integrated to business logic analyzing algorithms.  Asoke K Talukder “Analyzing and Reducing the Attack Surface for a Cloud-ready Application” Indo-US Conference on Cyber Security, Cyber Crime, and Cyber Forensics, National Institute of Technology ACKNOWLEDGMENT Karnataka, 2009 This work has been carried out as a part of ‘Collaborative  G. Sindre and A.L. Opdahl, “Eliciting Security Requirements by Misuse Directed Basic Research in Smart and Secure Environment’ Cases,” in Proceedings of 37th Conference on Techniques of Object- Project, funded by National Technical Research Organization Oriented Languages and Systems, TOOLS Pacific 2000, pp. 120–131, 2000 (NTRO), New Delhi, India. The authors would like to thank the  A. Avizienis and J. C. Laprie. Dependable computing: from concepts to funded organization. design diversity. In Proc. IEEE, 74(5):629–638, May 1986.  www.issco.unige.ch REFERENCES  J.C. C. Laprie, A. Avizienis, H. Kopetz. Dependability: Basic Concepts and Terminology. Springer-Verlag New York, 1992  Dirk Draheim, Gerald Weber, “From-Oriented Analysis, A New  E. Thomas. Service-Oriented Architecture: Concepts, Technology, and Methodology to Model Based Application”, Springer, vol 4(3), pp 346- Design. Prentice Hall, 2005. 347, 2005  E. Newcomer. Understanding Web Services: XML, WSDL, SOAP, and UDDI. Addison-Wesley, 2002. 41 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 8, No. 2, 2010  G. Alonso, F. Casati, H. Kuno, and V. Machiraju. Web Services: in the field of Computer Science and Engineering, Anna University, Chennai, Concepts, Architectures and Applications. Springer-Verlag, 2004. India. He is currently working in the area of web service modelling systems.  C. Peltz. Web services orchestration and choreography. Computer, Dr. Dhavachelvan Ponnurangam is working as Associate Professor, 36(10):46–52, 2003. Department of Computer Science, Pondicherry University, India. He has  Heather, Hinton, Maryann Hondo, Beth Hurchison, “Security patterns obtained his M.E. and Ph.D. in the field of Computer Science and Engineering within a Service Oriented Architecture”, IBM, 2006. in Anna University, Chennai, India. He is having more than a decade of experience as an academician and his research areas include Software  Paul Kearney, “Message Level Security for Web Service”, Information Engineering and Standards, web service computing and technologies. He has Security Technical Report, Elsevier, Vol. 10, No. 1, 2005, pp 41-50 published around 50 research papers in National and International Journals and Conferences. He is collaborating and coordinating with the research AUTHORS PROFILE groups working towards to develop the standards for Attributes Specific Saleem Basha is a Ph.D research scholar in the Department of Computer SDLC Models & Web Services computing and technologies. Science, Pondicherry University. He has obtained B.E in the field of Electrical and Electronics Engineering, Bangalore University, Bangalore, India and M.E 42 http://sites.google.com/site/ijcsis/ ISSN 1947-5500