This paper introduces a framework for security-oriented software service composition and evolution. Key building blocks of the framework are a semantic model for specifying the security objectives and properties at the service and system levels, the negotiation and re-negotiation techniques for service composition and evolution, and the analysis techniques for checking the security compatibility between services and the satisfaction of system-level security goals. It focuses on developing techniques that allow system developers to design required security into service compositions with predictability and to maintain or adapt service compositions in changed security contexts.
Jun Han, Khaled M. Khan