This document discusses secure service composition adaptation in service-oriented architectures. It describes how the problem of selecting alternative services to achieve the most secure composition while balancing other factors like cost is analogous to the NP-complete 0/1 knapsack problem. Heuristic methods like simulated annealing are proposed to intelligently find increasingly successful solutions until an adequate composition is found, as formal verification techniques are impractical. Services would be quantified based on security properties to allow comparison and optimization of the composition.

1. Liverpool John Moores University
Bo Zhou
B.Zhou@ljmu.ac.uk

2. Overview
 SOA and its security issues
 Secure service composition adaptation
 0/1 knapsack problem
 Heuristic solution
 Simulated annealing

3. Service-oriented Architecture
 Foundation for modelling, planning, searching for and
composing services.
 Offer new applications via composition of services.
 Facilitated by standardised interoperations among
services.
- WSDL, USDL, BPMN

4. A BPMN example

5. Security measures in SOA
 Verification is to ensure selected services comply with
the security policy at both design- and run-time.
- Changes in service behaviour or operating context could
affect the stated composition behaviour.
- There are variety of existing tools for performing
analysis of individual or composed services. i.e. formal
analysis and code analysis
 Inconsistent security policies and configurations must
be continually monitored and addressed.
- Countermeasures such as adaptation or recomposition.

6. Secure Service Composition
Adaptation
 Composition adaptation aims to mitigate issues identified during
verification and monitoring.
 Adaptation is not straightforward due to the following reasons.
- No direct suggestions from verification tools.
- Concept of security is broad.
- A simple substitution of a service may result in dramatic changes to the
security properties of the entire composition.
 Individual success does not guarantee collective satisfactory.
- For example, two services use different encryption algorithms.
 The secure composition adaptation issue is actually an optimisation
problem with constraints.
- Especially when facing wide choice of alternatives.

7. The 0/1 Knapsack Problem
Given a set of items, each with a weight and a
value, determine the items to be included in a
combination so that the total weight is less than or
equal to a given limit (e.g. the capacity of a knapsack)
and the total value is as large as possible.

8. The 0/1 Knapsack Problem

9. Similarity to our problem
 Definition- Given a set of alternative services, what is
the best combination of them in order to achieve the
most secure service composition?
 There are always constraints while selecting services.
- On trustworthiness, running efficiency and many other
QoS and security related factors.
- This is known as the 0/1 multidimensional knapsack
problem.
 Focus on typical business decision where the user has
to balance security withcost.
Cost->Weight Security->Value

10. Optimisation of Composition Adaptation
Service
C
Composition
Composition S1? S2? Sn?
plan
Candidate S11 S21 Sn1
Services
S12 S22 Sn2
S13 Snm

11. Heuristics-based Solution
 Problems that have no polynomial-time algorithms are
known for solving them.
- NP-complete
 Exhaustive search is impractical.
- Formal verification is a time consuming and resource
wasting process
 Heuristic methods select compositions `intelligently‘,
attempting to find increasingly successful solutions
until an adequate answer is found.
- Aiming for fast and accurate adaptation.

12. Simulated Annealing
 Used to solve NP-complete problems in general,
including 0/1 knapsack problem.
 Named to mimic the chemical process when atoms in
metal become placed in relative order during the
process of being overheated to gradually being cooled.

13. The solution
1. Choose any feasible combination randomly.
2. Randomly select an item from the original items set n.
3. If the item has not been collected, add the item to the combination. If the new
combination does not satisfy the weight constraint, randomly remove an item from
the combination until it becomes feasible.
4. While in step 3 if the item has already been collected, remove this item and pick up
another item from the items set that forms a new feasible combination.
5. If the new combination satisfies following equation, than the new combination will be
accepted. V
e T > R(0,1)
where ΔV represents the change of value, T is the temperature, e is the mathematical
constant and R(0, 1) generates a random number between 0 and 1.
6. For the value function V, if ΔV is a positive, that means the new combination has greater
value and the equation is always true; if ΔV is negative, than the new combination has
lower value. However, it is still possible that the new combination will be accepted. In
effect, with larger T, the chance of satisfying the equation is higher.
7. Repeat steps 2-6 several times, decreasing the value of T at each step until a lower
threshold for the value of T is reached.
8. When T reaches the threshold value, the current solution will be the best one we can get.

14. Quantify Services
 To apply the solution, we have to find away to quantify services.
- Will allow direct comparison of services.
 Current proposal is to derive the security properties from service
level agreement and catogorise them into four aspects.
- Privacy, Confidentiality, Authenticity, Availability.
- For example, `secured communication = true‘ contributes 0.5 to
Confidentiality and 0.3 to Privacy; `encryption algorithm =
3DES‘ contributes another extra 0.1 to Confidentiality.
e.g. S = 0.4 × C + 0.2 × U + 0.1 × V + 0.3 × P
where C represents the value of Confidentiality, U represents
Authenticity, V represents Availability and P represents Privacy.

15. Future Work
 Prove the NP-completeness
 Examine the efficiency of Heuristics solutions
- Adaptation speed and accuracy
- Other solutions apart from Simulated Annealing

16. Summary
 SOA and its security issue
 Secure Service Composition Adaptation
 NP-complete with 0/1 knapsack problem
 Heuristic solutions such as Simulate Annealing
Q&A