Modular plans for secure service composition

Service Oriented Computing (SOC) is a programming paradigm aiming at characterising Service Networks. Services are entities waiting for requests from clients and they often result from the composition of many (sub-) services. We address here the problem of statically guaranteeing security of open services, i.e., services with unknown components. Security constraints are expressed by policies that service components must obey. e present here a type and effect system that safely over-approximates the possible run-time behaviour of open services, collecting partial information on the behaviour of their components. From such an approximation, we then extract a (partial) plan that drives executions of an open system that raises no security violations when plugged in any context.