November 2023: Top 10 Read Articles in Web Service Computing

November 2023: Top 10 Read
Articles in Web Service
Computing
International Journal on Web Service Computing
(IJWSC)
ISSN: 0976 - 9811 (Online); 2230 - 7702 (print)
https://airccse.org/journal/jwsc/ijwsc.html

A COMPARATIVE STUDY BETWEEN GRAPH-QL& RESTFUL
SERVICES IN API MANAGEMENT OF STATELESS
ARCHITECTURES
Mr.Sayan Guha and Mrs.Shreyasi Majumder
Data Architect, AI and Analytics Practice, Cognizant Technology Solutions, India
ABSTRACT
A stateless architecture design is a web architecture design that typically does not persist data in
any database and such applications also does not require any kind of backup storage. Data that
flows through a stateless service is data in transition and such data is never stored in any data store.
The processing requests that arrive to such architecture does not rely on information gathered or
persisted from any previous session. API (Application programming interface) which consists of
subroutines, definitions & procedures that can access data on the applications are the
communication points between applications and management of API endpoints using stateless
architecture is less complex as there is no server side retention of the client session and each client
sends requisite information in each request to the server. Graph QL and RESTful services are
means of designing such API architecture. This paper discusses and explains in detail both Graph
QL and REST API architecture design and management methods and does an analysis of the
potential benefits of Graph QL over REST in Stateless architectural API designs.
KEYWORDS
API, RESTful, URI, GraphQL, Stateless, Schema Definition Language (SDL), HTTP, Mutation
Original Source URL: https://aircconline.com/ijwsc/V11N2/11220ijwsc01.pdf
Volume Link: https://airccse.org/journal/jwsc/current2020.html

REFERENCES
[1] MoussaTaifi, Yuan Shi. &YasinCelik (2015) “JENERGY: A Fault Tolerant Stateless Architecture for High
Performance Computing”,
https://www.researchgate.net/publication/303837779_JENERGY_A_Fault_Tolerant_Stateless_Archit
ecture_for_Hig_Performance_Computing
[2] JacekKopecký, Paul Fremantle & Rich Boakes (2014) “A history and future of Web APIs”,
https://www.researchgate.net/publication/274527941_A_history_and_future_of_Web_APIs
[3] Roy Thomas Fielding (2014) “Architectural Styles and the Design of Network-based Software
Architectures”, https://www.ics.uci.edu/~fielding/pubs/dissertation/fielding_dissertation.pdf.
[4] FestimHalili&YasinCelik (2018) “Web Services: A Comparison of Soap and Rest Services”,
https://www.researchgate.net/publication/323456206_Web_Services_A_Comparison_of_Soap_and_
Rest_Services.
[5] NishuPrasher (2018) “Security Assurance of REST API based applications”,
https://ntnuopen.ntnu.no/ntnuxmlui/bitstream/handle/11250/2502569/19973_FULLTEXT.pdf?sequence=1&is
Allowed=y.
[6] Olaf Hartig& Jorge Pérez (2017) “An Initial Analysis of Facebook's GraphQL Language”,
https://www.researchgate.net/publication/316686431_An_Initial_Analysis_of_Facebook's_GraphQL_
Language.
[7] Kristopher sandoval (2018) “7 Unique Benefits of Using GraphQL in Microservices”,
https://nordicapis.com/7-unique-benefits-of-using-graphql-in-microservices/
[8] Olaf Hartig& Jorge Pérez (2017) “An Initial Analysis of Facebook's GraphQL Language”,
https://www.researchgate.net/publication/316686431_An_Initial_Analysis_of_Facebook's_GraphQL_
Language.
[9] Olaf Hartig& Jorge Pérez (2018) “Semantics and complexity of GraphQL”,
https://blog.acolyer.org/2018/05/21/semantics-and-complexity-of-graphql/
[10] JobineshPurushothaman (2018) “Building a Polyglot GraphQL Server”,
https://static.rainfocus.com/oracle/oow18/sess/1526618246355001wDNO/PF/DEV6113_Purushotha
man_15404417239460019Dyp.pdf.
[11] Sebastian Eschweiler (2018) “Creating a GraphQL Server with Node.js and Express”,
https://medium.com/codingthesmartway-com-blog/creating-a-graphql-server-with-node-js-andexpress-
f6dddc5320e1.
[12] Erik Wittern, Alan Cha, James C. Davis, Guillaume Baudart& Louis Mandel (2018) “An Empirical Study
of GraphQL Schemas”, https://arxiv.org/pdf/1907.13012.pdf [13] MatheusSeabra, Marcos Felipe Nazário, &
Gustavo Pinto (2019) “REST or GraphQL? A Performance Comparative Study”,
https://www.researchgate.net/publication/335784769_REST_or_GraphQL_A_Performance_Compara tive_Stud

OPENLEARNING: KEY FOUNDATIONS OF PERSONAL
LEARNING ENVIRONMENT
Abdullah Alenezi
Northern Borders University, Arar, Saudi Arabia
ABSTRACT
The concept of open education is one of the concepts that have taken a clear place on the academic
map of higher education in many countries of the world. This type of education has become an
important resource for universities to overcome many of the material and academic problems. The aim
of this study is to analyse the role of open learning as the key foundations of personal learning
environment. The interview respondents were nine teachers who are currently working with different
open learning programs in Saudi Arabia. The nine teachers were from three different institutes in Saudi
Arabia. It was identified through the interviews that the emergence of Open Textbooks, which is part
of the broader movement known as Open Learning Resources, can help meet these challenges and
improve the quality of the learning process. Higher textbooks for higher education students, especially
middle school students, In the beginning of the last decade in the Saudi Arabia, to what is known as
the "crisis of the textbook" and tried to solve many solutions to address the problem, such as the rental
of the book to the student and the adoption of e-boo kand others, but the most prominent solutions are
effective and impact, the emergence of non-profit
KEYWORDS
Open learning, Saudi Arabia, e-learning.

REFERENCES
[1] Attwell, G. (2007). The Personal Learning Environments –the future of eLearning? En eLearning Papers. 2( 1)
[2] Boot,R. and Hodgson, V. (1987). Open learning: Mening and experience. EN Hodgson, V. Mann, S. Snell, R. (Eds.).
Beyond distance teaching: Towards open learning. Buckingham: Open University press, pp. 5-15
[3] Coffey, J. (1977). Open learning oportunities for mature students. En Davies, C. (Ed.). Open Learning systems for
mature students. CET Working Paper, 14.London : Council for Educational Technology.
[4] Casquero, O., Portillo, J., Ovelar, R., Benito, M. and Romo, J. (2010).iPLE Network: an integrated eLearning 2.0
architecture from a university’s perspective. Interactive Learning Environments, 18(3), 293-308.
[5] Casquero, O., Portillo, R., Ovelar, R., Romo, J. and Benito, M. (2008).iGoogle and gadgets as a platform for integrating
institutional and external services. Universidad del País Vasco. Workshop on Mash-Up Personal Learning Environments
(MUPPLE’08).
[6] Couros, A. (2010). Developing Personal Learning Networks for Open and Social Learning. In Veletsianos, G.
(Ed).Emerging Technologies in Distance Education. Edmonton: Athabasca University Press.
[7] Dirckinck-Holmfeld, L.; Hodgson, V. and McConnell, D. (Eds.) (2012). Exploring the Theory, Pedagogy and Practice
of Networked Learning. New York: Springer.
[8] Duffy, T. M. and Cunningham, D. J. (1996). Constructivism: Implications for the design and delivery of instruction. In
D. H. Jonassen (Ed.), Handbook of research for educational communications and technology. New York: Macmillan.
[9] Holmberg, B. (1985). Distance education: Situation and perspectives. Buenos Aires: Kapelusz. Iiyosh
[10] Kumar, M. (eds.) (2008).Opening up Education.The Collective Advancement of Education through Open Technology,
Open Content, and Open Knowledge. Cambridge, Mass: MIT Press
[11] Keegan, D. (1986). Foundations of Distance Education.London and New York: Routledge
[12] Kember,D. (1995). Open Learning.Courses for Adults. Englewood Cliffs NJ.: Educational Technology Pub.
[13] Lewis, R. (1986) What is Open Learning? Open Learning, 5(2), pp. 3-8.
[14] Lewis, R. and Spencer, D. (1986). What is open learning? Open Leaning Guide, vol. 4. Liber, O. (2005) Learning
objects: conditions for viability,. Journal of Computer Assisted Learning 21(5). 366- 373
[15] Moore, M. G. (1983). «On a Theory of independent study», a Sewart, D.; Keegan, D.; Holmberg, B. (eds.). Distance
Education: International Perspectives. London /New York.Manrtin’s Press
[16] Moore, M. G. (1991). «Theory of distance education».Second American Symposium on Research in Distance
Education.The University State University, University Park.
[17] Moran, L. and Myringer, B. (1999). Flexible learning and university change. En
[18] NBEET (1992) Changing Patterns of Teaching and Learning, Report 19, AGPS, Canberra.
[19] OCDE (2007).Giving Knowledge for Free: The Emergence of Open Educational Resources. Paris: OCDE
[20] Paul, R. H. (1990), Open Learning and Open Management: Leadership and Integrity in Distance Education. London
:Kogan Page.
[21] Race,P. (1994). The Open Learning Handbook.London :Kogan Page.

[22] Salinas, J., Marín, V. and Escandell, C. (2011). A Case of an Institutional PLE: Integrating VLEs and E-Portfolios for
Students. The PLE Conference 2011. Southampton, UK.
[23] Santos, C. and Pedro, L. (2010). What’s the role for institutions in PLEs? The case of SAPO Campus.The PLE
Conference 2010.
[24] Van den Brande, L. (1993). Flexible and Distance Learning.Chicherter (UK): John Wiley & Sons.
[25] Wedemeyer, C. (1971). Independent Study.En L. Deighton (Ed.) Encyclopaedia of education, vol. 4. p. 548-57. New
York: Macmillan. [26] White, S. and Davis, H. C. (2011). Rich and personal revisited: translating ambitions for an
institutional personal learning environment into a reality. The PLE Conference 2011. Southampton, UK
[27] Wilson, S. (2005). The VLE of the Future.En Wilson, S., Scott’s Workblog, (January 17th, 2005). [28] Wilson, S.
(2008). Patterns of personal learning environments. Interactive Learning Environments, 16(1), 17-34

SURVEY OF CLOUD COMPUTING
Amira. A. Elsonbaty
High Institute of Engineering & Technology in New Damietta
ABSTRACT
With expanding volumes of knowledgeable production and the variability of themes and roots, shapes
andlanguages, most detectable issues related to the delivery of storage space for the information and thevariety of
treatment strategies in addition to the problems related to the flow of information and methodsgo down and take an
interest in the advantage of them face the researchers. In any case, such a greatsignificance comes with a support of
a great infrastructure that includes large data centers comprisingthousands of server units and other supporting
equipment. The cloud is not a small, undeveloped branch ofit, it is a type of computing that is based on the internet,
an image from the internet. Cloud Computing is adeveloped technology, cloud computing, possibly offers an overall
economic benefit, in that end usersshares a large, centrally achieved pool of storing and computing resources, rather
than owning andmanaging their own systems. But, it needs to be environment friendly also. This review paper gives
ageneral overview of cloud computing, also it describes cloud computing, architecture of cloud
computing,characteristics of cloud computing, and different services and deployment model of cloud computing.
This paper is for anyone who will have recently detected regarding cloud computing and desires to grasp a lotof
regarding cloud computing.
KEYWORDS
cloud computing; architecture of cloud computing; characteristics of cloud computing.

REFERENCES
[1] Bharti Wadhwa, “Energy Saving Approaches for Green Cloud Computing: A Review”, Proceedings of 2014 RAECS
UIET Panjab University Chandigarh, 06 - 08 March, 2014 978-1-4799-2291- 8/14/$31.00 ©2014 IEEE
[2] Jasleen Kaur, Ms. Anupma Sehrawat, Ms. Neha Bishnoi, " Survey Paper on Basics of Cloud Computing and Data
Security," International Journal of Computer Science Trends and Technology (IJCST) – Volume 2 Issue 3, May-Jun 2014.
[3] https://en.wikipedia.org/wiki/Cloud_computing,12-9-4:30pm.
[4] Yashpalsinh Jadeja, Kirit Modi, “Cloud Computing - Concepts, Architecture and Challenges” in Proceeding of
International Conference on Computing, Electronics and Electrical Technologies [ICCEET], 2012.
[5] Qi Zhang, Lu Cheng and Raouf Boutaba, “Cloud computing: state-of-the-art and research challenges”. Journal of
Internet Services and Applications, Volume 1, Issue 1, pp 7–18, May 2010
[6] Ivanka Menken," Cloud Computing - The Complete Cornerstone Guide to Cloud Computing Best Practices
Concepts, Terms, and Techniques for Successfully Planning, Implementing ... Enterprise IT Cloud
ComputingTechnology", London,UK, UK ©2008 , ISBN:1921573007 9781921573002,2008.
[7] Ms. Disha H. Parekh, Dr. R. Sridaran, “An Analysis of Security Challenges in Cloud Computing,” (IJACSA)
International Journal of Advanced Computer Science and Applications, Vol. 4, No.1, 2013.
[8] Jasleen Kaur, Ms.Anupma Sehrawat, Ms.Neha Bishnoi ,"Survey Paper on Basics of Cloud Computing and Data
Security", International Journal of Computer Science Trends and Technology (IJCST) – Volume 2 Issue 3, May-Jun 2014.
[9] M. Armbrust, O. Fox, R. Griffith, A. D. Joseph, Y. Katz, A. Konwinski, et al., "M.: Above the clouds: A Berkeley view
of cloud computing," 2009.
[10] S. Subashini and V. Kavitha, "A survey on security issues in service delivery models of cloud computing," Journal of
Network and Computer Applications, vol. 34, pp. 1-11, 2011.
[11] Aniruddha S. Rumale, D.N.Chaudhari, ” Cloud Computing: Infrastructure as a Service,” International Journal of
Inventive Engineering and Sciences (IJIES) ISSN: 2319–9598, Volume-1, Issue-3, February 2013.
[12] Imran Ashrafa, "An Overview of Service Models of Cloud Computing," International Journal of Multidisciplinary and
Current Research 27 Aug 2014, Vol.2 [8] Yashpalsinh Jadeja; Kirit Modi, “Cloud Computing - Concepts, Architecture and
Challenges” in Proceeding of International Conference on Computing, Electronics and Electrical Technologies [ICCEET],
2012.
[13] Xu Wang, Beizhan Wang, Jing Huang, “Cloud computing and its key techniques” in Proceeding of IEEE Conference,
2011.
[14] Michael Boniface, Bassem Nasser, Juri Papay, Stephen C. Phillips, Arturo Servin, Xiaoyu Yang, Zlatko Zlatev,
Spyridon V. Gogouvitis, Gregory Katsaros, Kleopatra Konstanteli, George Kousiouris, Andreas Menychtas, Dimosthenis
Kyriazis, “Platform-as-a-Service Architecture for Real-time Quality of Service Management in Clouds,” Fifth International
Conference on Internet and Web Applications and Services, 2010.

LARGE-SCALE DATA PROCESSING USING MAPREDUCE IN
CLOUD COMPUTING ENVIRONMENT
Samira Daneshyar1
and Majid Razmjoo2
1,2
School ofComputer Science,Centre ofSoftware Technology and Management(SOFTEM),Faculty of
Information Science and Technology,Universiti Kebangsaan Malaysia(The National University of
Malaysia),43600 UKM Bangi, Selangor Darul Ehsan, Malaysia
,
ABSTRACT
The computer industry is being challenged to developmethods and techniques for affordable data processing on large
datasets at optimum response times. The technical challenges in dealing with theincreasing demand to handle vast
quantities of data is daunting and on the rise. One of the recent processing modelswith a more efficient and intuitive
solution to rapidly process large amount of data in parallel is called MapReduce. It is a framework defining a template
approach of programming to performlarge-scale data computation on clusters of machines inacloud computing
environment. MapReduce provides automatic parallelization and distribution of computation based on several processors.
It hidesthe complexity of writing parallel and distributed programming code. This paper provides a
comprehensivesystematic review and analysisof large-scale dataset processing and dataset handling challenges and
requirements inacloud computing environment by using the MapReduce framework and its open-sourceimplementation
Hadoop. We defined requirements for MapReduce systems to perform large-scale data processing. We also proposed the
MapReduce framework and oneimplementation of this framework on Amazon Web Services. At the end of the paper,we
presented an experimentation of running MapReducesystem in a cloud environment. This paper outlines one of the best
techniques to process large datasets is MapReduce;it also can help developers to do parallel and distributed computation
in a cloud environment.
KEYWORDS
MapReduce,Hadoop,cloud computing,parallel and distributedprocessing.
Original Source URL: https://airccse.org/journal/jwsc/papers/3412ijwsc01.pdf
Volume Link : https://airccse.org/journal/jwsc/current2012.html

REFERENCES
[1] R. W. Moore, C. Baru, R. Marciano, A. Rajasekar and M. Wan, (1999) “Data-Intensive Computing”,Morgan Kaufmann
Publishers Inc. San Francisco, USA,ISBN:1-55860-475-8, pp105- 129.
[2] I. Gorton, P. Greenfield, A. Szalay, R. Williams, (2008) “Data Intensive Computing in the 21 Century”, IEEE Computer
Society,ISSN: 0018-9162, pp30-32.
[3] J. Dean and S.Ghemawat,(2004) “MapReduce: simplified data processing on large clusters”, Google Inc. In OSDI’04:
Proceeding of the 6th conference on Symposium on Operating Systems Design & Implementation, San Francisco, CA.
[4] Hadoop MapReduce, (accessed February 2012), Available online at http://wiki.apache.org/hadoop/MapReduce
[5] R. Lammel, Data Programmability Team, Microsoft Corp, Redmond, (2007), “Google’s MapReduce programming
model – Revisited”, WA, USA, Available online at http://www.sciencedirect.com
[6] S.N.Srirama, P.Jakovits, E.Vainikko, (2011) “Adapting scientific computing problems to clouds using MapReduce”,
Future Generation Computer Systems, Vol. 28, No. 1, pp184-192.
[7] J.Shafer, S. Rixner, and A.L. Cox, (2010) “The Hadoop Distributed File system: Balancing Portability and
Performance”, IEEE International Symposium on Performance Analysis of Systems & Software (ISPASS), ISBN: 978-1-
4244-6023-6, pp122-133.
[8] C.Ranger, R.Raghuraman, A.Penmetsa, G.Bradski, CH. Kozyrakis, (2007) “Evaluating MapReduce for Multi-ore and
Multiprocessor Systems”, IEEE 13th International Symposium on High Performance Computer Architecture (HPCA),
ISBN: 1-4244-0805-9 , pp13-24.
[9] K.Talattinis, A Sidiropoulou, K.Chalkias, and G.Stephanides, (2010) “Parallel Collection of Live Data Using Hadoop”,
IEEE 14th PanHellenic Conference on Informatics (PCI), ISBN: 978-1-4244- 7838-5, pp66-71. [10] M. Armbrust , A.Fox,
R. Griffith , A.D. Joseph , R.H. Katz , A. Konwinski , G.Lee, D.A. Patterson , A. Rabkin , L. Stoica ,
M.Zaharia,(2009)“Above the Clouds: A Berkeley View of Cloud.

SPATIAL ANALYSIS ABOUT USERS COLLABORATION ON
GEO-SOCIAL NETWORKS IN A BRAZILIAN CITY
Aline Morais
1
Universidade Federal de Campina Grande, Brasil
ABSTRACT
Geo-Social Networks (GSNs) are collaborative systems that has the geolocated information as main component.
The geolocation resource integrates virtual and real worlds, allowing the comprehension about these two
scenarios at same time. Based on that, this work define a process of spatial analysis of shared information on a
GSN. The present work proposes the usage of six spatial features as feedback about collaborative behaviour on
city. The spatial analysis aims understand if users’ collaboration change among city census sectors.
Understanding how users deal with GSNs in an area, will help aboutcollaborative patterns per urban region. As
result, this work detected spatial patterns among users in theGSN Foursquare of a Brazilian city. These patterns
indicates that users’ collaboration receive influences ofextrinsic and intrinsic features of GSN and the
comprehension about their users is a complex task.
KEYWORDS
Geo-Social Networks, Spatial Analysis, Collaborative Behaviour.

REFERENCES
[1] Bao, J., Zheng, Y., Wilkie, D., & Mokbel, M. (2015). Recommendations in location-based social networks: a survey.
GeoInformatica, 19(3), 525-565.
[2] Jiang, B., & Miao, Y. (2015). The evolution of natural cities from the perspective of location-based social media. The
Professional Geographer, 67(2), 295-306.
[3] Symeonidis, Panagiotis, Dimitrios Ntempos, and Yannis Manolopoulos. Recommender Systems for Location-based
Social Networks. Springer, 2014.
[4] Davis Jr, C. A., Pappa, G. L., de Oliveira, D. R. R., & de L Arcanjo, F. (2011). Inferring the location of twitter messages
based on user relationships. Transactions in GIS, 15(6), 735-751.
[5] Silva, A. D. S. E. (2008). Alien revolt (2005-2007): A case study of the first location-based mobile game in Brazil.
Technology and Society Magazine, IEEE, 27(1), 18-28.
[6] Pinquart, M., & Sörensen, S. (2000). Influences of socioeconomic status, social network, and competence on subjective
well-being in later life: a meta-analysis. Psychology and aging, 15(2), 187
[7] Gao, H., Tang, J., Hu, X., & Liu, H. (2015, February). Content-aware point of interest recommendation on location-
based social networks. In Proceedings of the 29th AAAI Conference on Artificial Intelligence.
[8] Viren, P. P., Vogt, C. A., Kline, C., Rummel, A. M., & Tsao, J. (2015). Social network participation and coverage by
tourism industry sector. Journal of Destination Marketing & Management.
[9] Weng, L., & Menczer, F. (2015). Topicality and Impact in Social Media: Diverse Messages, Focused Messengers. PloS
one, 10(2), e0118410.
[10] Morais, A., & Andrade, N. (2014, January). The Relevance of Annotations Shared by Tourists and Residents on a Geo-
Social Network During a Large-Scale Touristic Event: The Case of São João. In COOP 2014-Proceedings of the 11th
International Conference on the Design of Cooperative Systems, 27-30 May 2014, Nice (France) (pp. 393-408). Springer
International Publishing.
[11] Ellison, N. B. (2007). Social network sites: Definition, history, and scholarship. Journal of ComputerMediated
Communication, 13(1), 210-230.
[12] Bjørn, P., Esbensen, M., Jensen, R. E., & Matthiesen, S. (2014). Does distance still matter? Revisiting the CSCW
fundamentals on distributed collaboration. ACM Transactions on Computer-Human Interaction, 21(5), 1-27.
[13] Wong, L. H., Pattison, P., & Robins, G. (2006). A spatial model for social networks. Physica A: Statistical Mechanics
and its Applications, 360(1), 99-120.
[14] Scott, J., & Carrington, P. J. (2011). The SAGE handbook of social network analysis. SAGE publications.
[15] Wilson, C., Boe, B., Sala, A., Puttaswamy, K. P., & Zhao, B. Y. (2009, April). User interactions in social networks
and their implications. In Proceedings of the 4th ACM European conference on Computer systems (pp. 205-218). Acm.
[16] Carrington, Peter J., John Scott, and Stanley Wasserman, eds. Models and methods in social network analysis. Vol. 28.
Cambridge university press, 2005. [17] Grubesic, T. H. (2006). On the application of fuzzy clustering for crime hot spot
detection. Journal of Quantitative Criminology, 22(1), 77-105.
[18] Shaker, R., Craciun, A., & Gradinaru, I. (2010). Relating land cover and urban patterns to aquatic ecological integrity:
a spatial analysis. Geographica Technica, 1, 76-90.

[19] Sales, A., Alves, L., Araújo, M., Menezes, A., Morais, A., & Andrade, N. (2013, October). O uso de uma rede
geossocial nas cidades brasileiras e sua relação com fatores socioeconômicos. In Proceedings of the 12th Brazilian
Symposium on Human Factors in Computing Systems (pp. 142- 147). Brazilian Computer Society. [20] IBGE- Instituto
Brasileiro de Geografia e Estatística. Available at: http://cidades.ibge.gov.br/painel/painel.php?codmun=250400. Acessed
in June 2015.

IMPLEMENTATION OF MOSRE FRAMEWORK FOR A
WEB APPLICATION -A CASE STUDY
P.Salini1
and S.Kanmani2
1
Department of Computer Science and Engineering, 2
Deparment of Information Technology, 1,2
Pondicherry
Engineering College, Puducherry, India
ABSTRACT
The Security Engineering discipline has become more and more important in the recent years. Security requirements
engineering is essential to assure the Quality of the resulting software. An increasing part of the communication and
sharing of information in our society utilize Web Applications. Last two years have seen a significant surge in the amount
of Web Application specific vulnerabilities that are disclosed to the public because of the importance of Security
Requirements Engineering for Web based systems and as it is still underestimated. Integration of Web and object
technologies offer a foundation for expanding the Web to a new generation of applications. In this paper, we outline our
proposed Model-Oriented Security Requirement Engineering (MOSRE)Framework for Web Applications. By applying
Object-Oriented technologies and modeling to Security Requirement phase. So the completeness, consistency, trace
ability and reusability of Security Requirements can be cost effectively improved. We implemented our MOSRE
Framework for E-Voting Application and set of Security Requirements are identified.
KEYWORDS
Object-Oriented, Security Requirements, Security Requirements Engineering and Web Applications.
Original Source URL: http://airccse.org/journal/jwsc/papers/3312ijwsc09.pdf

REFERENCES
[1] CLUSIF, Web Application Working Group, “Web application security, managing web application security risks”,
Technical Studies, http://www.clusif.asso.fr/, March 2010.
[2] Jacobson, I. (1995). Modeling with Use Cases: Formalizing Use Case Modelling. Journal of ObjectOriented
Programming.
[3] UML (2003). Unified Modeling Language. Version 1.5. www.omg.org
[4] J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan , “Improving
Web Application Security :Threats and Countermeasures”, Microsoft Corporation, Published: June 2003
[5] R. Mead, E.D. Houg, and T.R. Stehney, Security Quality Requirements Engineering (Square) Methodology, tech.
report CMU/SEI-2005-TR-009, Software Eng. Inst., Carnegie Mellon Univ., 2005.
[6] Swiderski, Frank, Syndex, “Threat Modeling”, Microsoft Press, 2004
[7] Guttorm Sindre, AndreasL.Opdah,” Eliciting security requirements with misuse cases”. Requirements Eng
(2005)10:34–44, Springer-Verlag London Limited 2004.
[8] M. José Escalona, Nora Koch. “Requirements Engineering for Web Applications – A Comparative Study”, Journal
of Web Engineering, Vol. 2, No.3 (2004) 193-212, Rinton Press.
[9] Lee, H., Lee, C., Yoo, C. (1998). A Scenario-based Object-oriented Methodology for Developing Hypermedia
Information Systems. Proceedings of 31st Annual Conference on Systems Science.
[10] Bieber M., Galnares, R., Lu, Q. (1998). Web Engineering and Flexible Hypermedia. The Second Workshop on
Adaptive Hypertext and Hypermedia, Hypertext´98, Pittsburg, USA.
[11] Olsina, L. (1998). Building a Web-based Information System applying the Hypermedia Flexible Process Modeling
Strategy. 1st International Workshop on Hypermedia Development, Hypertext´98, Pittsburg, USA. [12] Schwabe D.,
Rossi G. (1998). Developing Hypermedia Applications using OOHDM. Workshop on Hypermedia Development
Process, Methods and Models, Hypertext´98, Pittsburg, USA.
[13] Vilain, P., Schwabe, D., Sieckenius, C. (2000). A diagrammatic Tool for Representing User Interaction in UML.
Lecture Notes in Computer Science. Proc. UML’2000. York, England.
[14] Koch, N. (2001). SoftwareEngineering for Adaptive Hypermedia Applications. Ph. Thesis, FAST Reihe
Softwaretechnik Vol (12), Uni-Druck, Munich, Germany.
[15] Lowe D., Eklund J. (2002). Client Needs and the Design Process in Web Projects. Web Engineering Track of the
WWW2002 Conference.
[16] C.B. Haley, R. Laney, J.D. Moffett, and B. Nuseibeh, “Security Requirements engineering: A Framework for
Representation and Analysis,” IEEE Transaction on Software Eng. Vol 34, no. 1, pp. 133-152, Jan/Feb 2008.
[17] Eric Dubois , Haralambos Mouratidis, “Guest editorial: security requirements engineering: past, present and future”,
Requirements Eng (2010) 15:1-5, Published online: 1 January 2010, Springer-Verlag London Limited 2009.
[18] Benjamin Fabian , SedaGurses , Maritta Heisel,Thomas Santen • Holger Schmidt,” A comparison of security
requirements engineering methods”, Requirements Eng (2010) special issue security requirements engineering ,15:7-40,

Published online: 26 Nov 2009, Springer-Verlag London Limited 2009.
[19] Siv Hilde Houmb , Shareeful Islam ,Eric Knauss • Jan Jurjens • Kurt Schneider,” Eliciting security requirements
and tracing themto design: An integration of Common Criteria, heuristics, and UMLsec Requirements Eng (2010) special
issue security requirements engineering ,15:63-93, Published online: 28 Nov 2009, Springer-Verlag London Limited
2009.
[20] Dhirendra Pandey, Ugrasen Suman ,A. K. Ramani,“Security Requirement Engineering Issues in Risk Management
“, International Journal of Computer Applications (0975 – 8887)Volume 17– No.5, March 2011,pg:12-14.
[21] Donald Firesmith: “Engineering Security Requirements”, in Journal of Object Technology, vol. 2, no. 1, January-
February 2003, pages 53-68. http://www.jot.fm/issues/issue_2003_01/column6
[22] J.Jurjens.Umlsec:Extending uml for secure systems development. In ProcofUML'02, pages 412-
425.Springer,2002.
[23] T.Lodderstedt,D, A.Basin,and J.Doser, “Secureuml: A uml-based modeling language for model-driven security. In
UML'02:Proceedings of the 5th International Conference on The Unified Modeling Language,pages 426-
441,London,UK,2002.Springer-Verlag.
[24] P. Salini and S. Kanmani. “Model Oriented Security Requirements Engineering (MOSRE) Framework for Web
Applications”. In Proceedings of the Second International Conference on Advances in Computing and Information
Technology (ACITY 2012), India, July 13 - 15, 2012, Vol.2 and in Advances in Intelligent and Soft Computing book
Series, Vol.177, pp.341-353.

USER-CENTRIC OPTIMIZATION FOR CONSTRAINT
WEB SERVICE COMPOSITION USING A FUZZY-
GUIDED GENETIC ALGORITHM SYSTEM
Mahdi Bakhshi1
and Dr.Seyyed Mohsen Hashemi2
1
Department of Computer Engineering, Islamic Azad University,S hahrbabak BranchShahrbabak, Iran
2
Department of Computer Engineering, Islamic Azad University,Science and ResearchBranch, Tehran, Iran
ABSTRACT
Service-Oriented Applications (SOA) are being regarded as the main pragmatic solution for distributed
environments. In such systems, however each servicers ponds the user request independently, it is essential
to compose them for delivering a compound value-added service. Since, there may be a number of
compositions to create the requested service, it is important to find one which its properties are close to user’s
desires and meet some non -functional constraints and optimize criteria such as overall cost or response time
.In this paper, a user-centric approach his presented for evaluating the service compositions which attempts
to obtain the user desires. This approach uses fuzzy logic in order to inference based on quality criteria
ranked by user and Genetic Algorithms to optimize the QoS-aware composition problem. Results show that
the Fuzzy-based Genetic algorithm system enables user to participate in the process of web service
composition easier and more efficient
KEYWORDS
Web service, service composition, QoS, user preferences fuzzy logic, genetic algorithms
Volume Link: http://airccse.org/journal/jwsc/current2012.html

REFERENCES
[1] Li-Xin.Wang (1997) Course in fuzzy systems and control, 448 pages, Prentice Hall publisher.
[2] I.B.Arpinar, B.Aleman.meza, R.Zhang & A.Maduko, (2004) "Ontology-Driven Web Services Composition
Platform" s.l. IEEE International Conference on E-Commerce Technology (CEC'04).
[3] L.Zeng, B.Benatallah, M.Dumas, J.Kalagnanam & Q.Z.Sheng, (2003) "Quality driven web services composition."
In 12th International conference of WWW, pp. 411–421.
[4] J.Rao & X.Su, (2005) "ASurvey of Automated Web ServiceComposition Methods" s.l. ICAPS.
[5] B.Srivastava & J.Koehler, (2004) "Web ServiceComposition - Current Solutions and OpenProblems" s.l. ICAPS.
[6] Z. Liang-Jie, L.Bing, C. Tian & et al, (2003) "On demand web services-based business process composition", In
IEEE International Conference on System, Man, and Cybernetics (SMC’03), Washington, USA, pp. 4057–4064.
[7] D.AMenasce, (2002) "QoS issues in web services" In IEEE Internet Computing 6 (6) 72–75.
[8] D.A. Menasce, (2004) "Composing web services: a QoS view" In IEEE Internet Computing 8 (6) 88– 90.
[9] C.Zhou, L-T.Chia & B-S.Lee, (2005) "Semantics inservice discovery and QoS measurement" IT Professional,
7(2), 29–34.
[10] J.L.Ambite, G.Barish, C.A.Knoblock & M.Muslea, (2002) "Getting from Here to There: Interactive Planning and
Agent Execution for Optimizing Travel" s.l. Proceedings of the Fourteenth Conference on Innovative Applications of
Artificial Intelligence (IAAI-2002).
[11] J.Cardoso, (2002) "Quality of serviceand semantic composition of workflows" PhD thesis, Univ. of Georgia.
[12] J.Cardoso, A.Sheth, J.Miller, J.Arnold & K.Kochut, (2004) "Quality of service for workflows and web service
processes" Web Semantics: Science, services and Agents on the World Wide Web, 1(3):281-308, April 2004.
[13] G.Canfora, M.D.Penta, R.Esposito & M.Villani, (2005) "An approach for QoS-aware service composition based
on genetic algorithms" In Proceedings of the Genetic and Evolutionary Computation Conference (GECCO),
Washington, DC, June 2005.
[14] H.C-L & K.Yoon, (1981) "Multiple Criteria Decision Making" Lecture Notes in Economics and Mathematical
Systems, Springer-Verlag.
[15] I.E.Grossmann, (2002) "Review of nonlinear mixed-integer and disjunctive programming techniques"
Optimization and Engineering, 3(3): 227-252, September 2002.
[16] M. Srinivas & L.M. Patnaik, (1994) "Genetic algorithm: a survey" In IEEE Computer 27 (6) 17–26.
[17] M.C.Jaeger, G.Rojec-Goldmann & G.M¨uhl, (2005) "QoS Aggregation in Web Service Compositions" In:
Proceedings of IEEE International Conference one-Technology, e-Commerce and e-Service (EEE-05), China, IEEE
Press. 181–185.
[18] I.Sora, D.Todinca & C.Avram, (2009) "Translating user preferences into fuzzy rules for the automatic selection
of services" 5th International Symposium on Applied Computational Intelligence and Informatics. Timisoara,
Romania, May 2009.
[19] S.Agarwal & S.Lamparter, (2005) "User preference based automated selection of web service composition" in
Proceedings of the ICSOC Workshop on Dynamic Web Service.

[20] F. Curbera & et al, (2002) "Unravelingthe Web Services: An Introduction to SOAP, WSDL, and UDDI" In IEEE
Internet Computing, vol. 6, no. 2, Mar./Apr.
[21] ITU-T Recommendation E.800, (1994) "Terms and definitions related to quality of service and network
performance including dependability".
[22] L. A. Zadeh, (1965) "Fuzzy sets" Infor¬ma¬tion and Con¬trol, vol. 8, pp. 338–353.
[23] R.R.Yager, S.Ovchinnikov, R.M.Tong & H.T.Nguyen, (1987) "Fuzzy sets and applications" selected Papers by
L. A.Zadeh, John Wiley and Sons, New York.
[24] D.Nauck & R.Kruse, (1998) "How the learning of rule weights affects the interpretability of fuzzy systems"
Proc. of 7th IEEE International Conference on Fuzzy Systems, pp. 1235-1240.
[25] G.Wang, L.Zhang& K.Nie, (2012) "Multi-strategic approach of fast composition of web services" APWeb 2012,
LNCS 7235, pp.504-512.
[26] X.W Fang, Y.H Feng & Z.X Yin, (2011) " An Optimization Method for Constraint Web Service Composition
Based on Fuzzy Petri Net" Advanced Materials Research, pp. 1415-1420, July 2011.
[27] M. Chen & S.A.Ludwig, (2012) "Fuzzy-guided Genetic Algorithm applied to the Web Service Selection
Problem" Proceedings of the2012 IEEE International Conference on Fuzzy Systems, Brisbane, Australia, June 2012.

WEB SERVICE SELECTION BASED ON RANKING OF QOS
USING ASSOCIATIVE CLASSIFICATION
Molood Makhlughian1
, Seyyed Mohsen Hashemi2
, Yousef Rastegari3
and EmadPejman1
1
Department of Computer Engineering, Islamic Azad University-South Tehran Branch,Tehran, Iran
2
Dean of Software Engineering and Artificial Intelligence Department, Islamic AzadUniversity-
Science and Research Branch, Tehran, Iran
3
Department of Electrical and Computer Engineering, Shahid Beheshti University,Tehran, Iran
ABSTRACT
With the explosive growth of the number of services published over the Internet, it is difficult to select
satisfactory web services among the candidate web services which provide similar functionalities. Quality
of Service (QoS) is considered as the most important non-functional criterion for service selection. But this
criterion is no longer considered as the only criterion to rank web services, satisfying user’s preferences. The
similarity measure (outputs–inputs similarity) between concepts based on ontology in an inter-connected
network of semantic Web services involved in a composition can be used as a distinguishing criterion to
estimate the semantic quality of selected services for the composite service. Coupling the semantic similarity
as the functional aspect and quality of services allows us to further constrain and select services for the valid
composite services. In this paper, we present an overall service selection and ranking framework which
firstly classify candidate web services to different QoS levels respect to user’s QoS requirements and
preferences with an Associative Classification algorithm and then rank the most qualified candidate services
based on their functional quality through semantic matching. The experimental results show that proposed
framework can satisfy service requesters’ non-functional requirements.
KEYWORDS
Web Service Selection, Quality of Service (QoS), Classification Data Mining & Semantic Web Services

REFERENCES
[1] M. P. Papazoglou, P. Traverso, S. Dustdar, and F. Leymann, “Service-Oriented Computing: State of the Art and
Research Challenges,” Computer, vol.40(11), November. 2007, pp. 38-45.
[2] A. Benveniste, “Composing Web Services in an Open World: QoS Issues,” Proc. 5th Int. Conf. on Quantitative
Evaluation of Systems, 2008, p.121, doi:10.1109/QEST.2008. 49.
[3] P. M. Garey and D. Johnson, Computers and Intractability: a Guide to the Theory of NPCompleteness, W.H.
Freeman, 1979.
[4] B. T. Yu and K.-J. Lin: “Service Selection Algorithms for Composing complex Services with Multiple QoS
Constraints”. Proc. 3rd International Conference on Service-oriented Computing (ICSOC’05), Springer, Amsterdam,
Netherland, Dezember 12-15, 2005, pp. 130-143.
[5] M. C. Jaeger, G. Muhl and S. Golze: “QoS-aware composition of Web services: a look at selection algorithms.”
Proc. IEEE International Conference on Web Services (ICWS’05), IEEE Computer Society, Orlando, Florida, USA,
July 11- 15, 2005, pp. 800-808.
[6] T. Yu, Y. Zhang and K-J. Lin. “Efficient Algorithms for Web Services Selection with End-to-End QoS
Constraints,” ACM Trans. Web, 1(1):6, 2007.
[7] M. C. Jaeger and G. MuThl, “QoS-based Selection of Services: The Implementation of a Genetic Algorithm,” In
Torsten Braun, Georg Carle, and Burkhard Stiller, editors, Kommunikation in Verteilten Systemen (KiVS 2007)
Industriebetrage, Kurzbeitrage und Workshops, March 2007, pp. 359-350, Bern, Switzerland, VDE Verlag, Berlin und
Offenbach.
[8] G. Wu, J. Wei, X. Qiao, L. Li, “A Bayesian network based Qos assessment model for web services,” Proc. IEEE
International Conference on Services Computing (SCC 2007), 2007, pp. 498-505.
[9] N. B. Mabrouk, S. Beauche, E. Kuznetsova, N. Georgantas and V. Issarny, “QoS-aware Service Composition in
Dynamic Service Oriented Environments,” Proc. Middleware, 2009, pp.123-142.
[10] B. Liu, W. Hsu, and Y. Ma, “Integrating classification and association rule mining,” Proc. Knowledge Discovery
and Data Mining, 1998, pp. 80-86.
[11] Z. Liangzhao, B. Boualem, H.H. Anne, Ngu, D. Marlon, K. Jayant and C. Henry, “QoS-Aware Middleware for
Web Services Composition,” IEEE Trans, Softw. Eng, 2004, pp. 311-327.
[12] R. Agrawal and R. Srikant, “Fast algorithms for mining association rules,” Proc. Int. Conf. on Very Large
Databases, VLDB-94, SanDiago, Chile, 1994, pp. 487-499.
[13] L. Freddy and L. Alain, “A formal model for semantic web service composition,” Proc. ISWC, 2006, pp. 385–
398.
[14] A. Ankolenkar, M. Paolucci, N. Srinivasan and K. Sycara, The OWL-S coalition, OWL-S 1.1. Technical report,
2004.
[15] J. Kopecký, T. Vitvar, C. Bournez and J. Farrell, “SAWSDL: Semantic annotations for WSDL and XML
schema,” Proc. IEEE Internet Computing, 2007, pp. 60–67.
[16] D. Fensel, M. Kifer, J. deBruijn and J. Domingue.
[17] L. Freddy and M. Nikolay, “Towards Scalability of Quality Driven SemanticWeb Service Composition,” Proc.
IEEE International Conference on Web Services, 2009, pp. 469-476.

[18] E. Al-Masri, and Q. H. Mahmoud, “Discovering the best web service,” (poster), Proc. 16th International
Conference on World Wide Web (WWW), 2007, pp. 1257-1258.
[19] E. Al-Masri and Q. H., Mahmoud, “QoS-based Discovery and Ranking of Web Services,” Proc. IEEE 16th
International Conference on Computer Communications and Networks (ICCCN), 2007, pp. 529- 534.
[20] I. Horrocks, “Using an expressive description logic: Fact or fiction?,” In KR, 1998, pp. 636–649.
[21] C. Ming, W. Zhen-wu, “An Approach for Web Services Composition Based on QoS and Discrete Particle Swarm
Optimization,” Proc. IEEE Eighth ACIS International Conference on Software Engineering, Artificial Intelligence,
Networking and Parallel/Distributed Computing, 2007, pp. 37-41Web Service Modeling Ontology, W3C submission.
2005.

EXTENDING WS-CDL TO SUPPORT REUSABILITY
Farhad Mardukhi, Naser NematBaksh and Kamran Zamanifar Department
of Computer Engineering, Isfahan University, Isfahan, Isfahan
ABSTRACT
WS-CDL is a very rich language that is specially designed to describe choreography of services. However it is
very poor to adopt reusability mechanisms for making the choreography easy to design and confident to use. The
main challenge is that there is no mechanism to make a reusable sub choreography which is able to expose an
interface. Therefore, it is impossible to inject variables like exception variables from performing choreography
into performed sub choreography. In this paper, a complex element namely Templateis added to WS-CDL making
it more adequate to support reusability. A template is an abstract definition of an interaction pattern which is
appeared frequently through a family of business services choreographies. The paper is also details how to usethe
template as black box in main choreography including assigning the variables to template interface parameters.
We enhanced meta model of WS-CDL by adding template related elements, then produced a simpleengine that
loads the our enhanced meta model of WS-CDL, the file paths of main and template choreographies and
automatically generatean output file includes a compiled choreography code expressed with standard WS- CDL.
KEYWORDS
Web service, Choreography, Reusability, Interaction Pattern, Template.
Original Source URL: http://airccse.org/journal/jwsc/papers/0311wsc01.pdf

REFERENCES
[1] Alistair Barros, Marlon Dumas & Arthur ter Hofstede: Service Interaction Patterns. In Proceedings of the 3rd
International Conference on Business Process Management, Nancy, France, September 2005. Springer Verlag, pp.
302-318.
[2] M.P Papazoglou , P. Traverso, Schabram Dustdar & F. Leymann, (2007) ," Service-Oriented Computing: State of
the Art and Research Challenges", Journal of Innovative Technology for Computer Professionals, IEEE Computer
Society, November 2007.
[3] M. Etehadi, F. Mardukhi & N. Nematbakhsh, N, (2009). “A Graphical Representation for WSCDL Supporting
Multi Levels of Abstraction”. IEEE Services Computing Conference, APSCC 2009. Asia-Pacific : 7-11 Dec. 2009.
[4] M. Barros, M. Dumas & P. Oaks. (2005),”A Critical Overview of the Web Services Choreography Description
Language (WS-CDL)”, BPTrends [Online accessed: Jan, 2011]. Available: http://www.bptrends.com.
[5] E. Börger & B.Thalheim, (2008), “Modeling Workflows, Interaction Patterns, Web Services and Business
Processes: The ASM-Based Approach”, Proceedings of the 1st international conference on Abstract State Machines,
B and Z. London, UK, Springer-Verlag, p. 24-38. [Doi: 10.1007/978-3-540-87603-8_3]
[6] K. Czarnecki,(1998),”Generative Programming: Principles and Techniques of Software Engineering Based on
Automated Configuration and Fragment-Based Component Models”, Ph.D thesis, Technische Universität Ilmenau,
Germany.
[7] E. Stroulia & J.NG, (2009),”Service interaction patterns. Proceedings of the 2009 Conference of the Center for
Advanced Studies onCollaborativeResearch”. Ontario, Canada, ACM, p. 337-337. [Doi: 10.1145/1723028.1723093]
[8] W.M. Aalst, A.J. Mooij, C. Stahl & K. Wolf, (2009),”Service Interaction: Patterns, Formalization, and Analysis.
Formal Methods for Web Services”, B. Marco, P. Luca Z. Gianluigi, SpringerVerlag: 42-88. [Doi: 10.1007/978-3-
642-01918-0_2]
[9] W3C,”Web Services Choreography Description Language Version 1.0”,(2005), W3C Candidate
Recommendation, URI= http://www.w3.org/TR/2005/CR-ws-cdl-10-20051109, ( online accessed Dec, 2010).
[10] W3C, “XML Path Language (XPath) Version 1.0”,(1999), W3C Recommendation,URI=
http://www.w3.org/TR/xpath/ (online accessed= Nov, 2010)
[11] N. Russell, A.H.M. ter Hofstede, W.M.P. van der Aalst & N. Mulyar, (2006), “Workflow ControlFlow Patterns,
ARevised View”, BPM Center Report BPM-06-22 , (BPMcenter.org), (onlineaccessed= Nov, 2010).
[12] G. Decker & J. M. Zaha,(2006), ”Pattern-based evaluation of WS-CDL”, Queensland University, Australia,
URI=http://sky.fit.qut.edu.au/~dumas/LetsDance/WSCDLEval.pdf (accessed= Jan 2011).
[13] W3C, (2005) “WS-CDL XSD schema”, URI=http://www.w3.org/TR/2005/CR-ws-cdl-10- 20051109/#WS-
CDL-XSD-Schemas (online accessed = Feb 2011).
[14] F. Mardukhi & N. Nematbakhsh, (2007), ” Engineering Practices and Guidelines to Enhance Reuse Adequacy
in Software Product Line Analysis”, SETP 2007, pp:133-140
[15] Z. Li & M. Parashar,(2006), "Enabling Dynamic Composition and Coordination for Autonomic Grid
Applications using theRudder Agent Framework", The Knowledge Engineering Review, Vol. 00:0, pp: 1-15
[16] G. Decker, O. Kopp, F. Leymann & M. Weske, (2007), “BPEL4Chor: Extending BPEL for Modeling
Choreographies”. Proceedings of the IEEE 2007 International Conference on Web Services, IEEE Computer Society,
pp: 296-303.

[17] D. Roman, J. Scicluna, C. Feier, M. Stollberg & D. Fensel, “Ontology-based Choreography and Orchestration
of WSMO Services”, http://www.wsmo.org/TR/d14/v0.1/, (online accessed= Jan 2011)
[18] N. Mulyar, W. M.P. vander Aalst1, L. Aldred & N. Russell, (2007), ServiceInteraction Patterns: A Configurable
Framework”, accessed online: http://citeseerx.ist.psu.edu/viewdoc/ summary?doi=10.1.1.106.3612

MODEL-DRIVEN SECURITY ASSESSMENT AND VERIFICATION
FOR BUSINESS SERVICES
Thirumaran.M1
and Dhavachelvan.P2
and Abarna.S3
and Thanigaivel. K4 1
Department of
Computer science and Engineering, Pondicherry Engg College, India.
2
Department of Computer science and Engineering, Pondicherry University, India.
3
Department of Computer science and Engineering, Pondicherry Engg College, India.
4
Department of Computer science and Engineering, Pondicherry Engg College, India.
ABSTRACT
Information security covers many areas within an enterprise. Each area has security vulnerabilities and,
hopefully, some corresponding countermeasures that raise the security level and provide better protection. The
fundamental concepts in information security are the security model, which outlines how security is to be
implemented. Asecurity policy outlines how data is accessed, what level of security is required, and what actions
should be taken when these requirements are not met. A security model is a statement that outlines the
requirements necessary to properly support and implementa certain security policy. An important concept in the
design and analysis of securesystems is thesecurity model, because it incorporates the security policy that should
be enforced in the system. A modelis a symbolic representation of a policy. It maps the desires of the policy
makers into a set of rules that are to be followed by a computer system. In the paper we propose a modeldriven
security assessment and verification for business service. The Security Assessment and Verification verifies
whether the Application and Services are secure based on the Service Level Agreement and generates the report
on the level of security features. It is designed to help business owners, operators and staff to assess the security
of their business. It covers potential areas of vulnerability, and provides suggestions for adapting your security
to reduce the risk of crime against your business. A security policy states that noone from a lowersecurity level
should be able to view or modify information at a higher security level, the supporting security model will outline
the necessary logic and rules that need to be implemented to ensure that under no circumstances can a lower-
level subject access a higher-level object in anun authorized manner. Thesecurity
policy is an abstract term that represents the objectives and goals as system must meet and accomplish to be
deemed secureand acceptable.
KEYWORDS
Service Level Agreement (SLA), SecurityPolicies, Securityassessment and verification.
Original Source URL: http://airccse.org/journal/jwsc/papers/1210ijwsc03.pdfVolume
Link: http://airccse.org/journal/jwsc/currentissue.html

REFERENCES
[1] Christian Wolter, Michael Menzel, Andreas Schaad, Philip Miseldine and ChristophMeinel, “Model-
driven business process security requirement specification”, (ELSEVIER) Journal of Systems Architecture
55, (2009) 211-223.
[2] N. Nagaratnam, A. Nadalin, M. Hondo, M. McIntosh, P. Austel, “Business-driven application security:
from modeling to managing secureapplications”, IBM Syst. J. 44 (4) (2005).
[3] Alfonso Rodríguez, Eduardo Fernández-Medina, Mario Piattini, “Towards a UML 2.0 extension for the
modeling of security requirements in business processes”, in: TrustBus, 2006, pp. 51–61
[4] ShaziaWasimSadiq, Guido Governatori, KioumarsNamiri,” Modeling control objectives for business
process compliance”, in: BPM, 2007, pp. 149–164.
[5] Michiaki Tatsubori, Takeshi Imamura, Yuhichi Nakamura,” Best-practice patterns and tool support for
configuring secure web services messaging”, in: ICWS, IEEE Computer Society, 2004. pp. 244–251
[6] Dong Huang, “Semantic Policy-based security framework for business processes”, in: Proceedings of the
Semantic Web and Policy Workshop, 2005.
[7] Tom Goovaerts, Bart De Win, and WouterJoosen, A Flexible Architecture for Enforcing and Composing
Policies in a Service-Oriented Environment, IFIP International Federation for Information Processing 2007,
pp. 253–266.
[8] Carlos Gutiérrez , David G. Rosado and Eduardo Fernández-Medina, “The practical application of a
process for eliciting and designing security in web service systems”, Information and Software Technology
51 (2009) 1712–1738.
[9] Qi Li, Xinwen Zhang, MingweiXu and Jianping Wu,“Towards secure dynamic collaborations with
group-based RBAC model”, Computers & Security28 (2009) 260-275.
[10] Jian Cao,JinjunChen, HaiyanZhao and MingluLi, “A policybasedauthorizationmodelforworkflow-
enabled dynamic process management”, Journal of Network and Computer Applications 32 (2009) 412– 422
.
[11] David Basin, Jürgen Doser and TorstenLodderstedt, ”Model Driven Security for Process Oriented
Systems”, SACMAT’03, June2003, Italy

November 2023: Top 10 Read Articles in Web Service Computing

Recommended

Recommended

More Related Content

Similar to November 2023: Top 10 Read Articles in Web Service Computing

Similar to November 2023: Top 10 Read Articles in Web Service Computing (20)

Recently uploaded

Recently uploaded (20)

November 2023: Top 10 Read Articles in Web Service Computing