**Emerging Web Informatics and Applications**

192 Emerging Informatics – Innovative Concepts and Applications

it plays an important role to enhance the level of railway management, service and images, and to ensure transport safety. This chapter first discussed the background, content and characteristics of Digital Railway construction, and established a general framework for Digital Railway and analyzed its main study content and basic information platform. Carry out depth research on Digital Railway geographic information platform important part of Digital Railway, analyze its location, function and present the overall structure and application mode. It combined with material carrier and core business of Digital Railway, put forward system composition of Digital Railway information system, including Digital Railway infrastructure and mobile, planning and design, engineering construction, transport organization, passenger and freight services and management applications. Finally, analyze and give key technologies and core information standards of Digital Railway. By the construction of Digital Railway, it will realize the digital upgrade and transform of existing railway system to achieve digital railway operation. The development and construction is a continuing process, and it will lay a foundation for intelligent, green,

[1] A. Gore, "The digital earth: Understanding our planet in the 21st century," The *Australian* 

[2] Shi Tianyun*,* Wang Yingjie and Li Ping, "Research on Digital Railway Architecture,"

[3] Yuan Jingrong*,* Li Xuewei and Wei Jigang, "Exploratory Study of the Constructure of

[4] China Ministry of Railways, "The Strategic Planning of Railway Informatization," ed:

[5] Shi Tianyun*,* Li Ping and Pei Kunshou, "Research on the System Architecture of Railway Common Information Platform," *China Railway,* vol. 8, pp. 12-15, 2007. [6] Li Ping*,* Shi Tianyun*,* Pei Kunshou, "Research on the System Structure of Railway Information Sharing Platform," *China Railway,* vol. 5, pp. 23-26, 2008. [7] Wang Yingjie*, et al.*, "Review on Applications of GIS in Railways," *China Railway Science,* 

[8] China Academy of Railway Sciences, "Research Report of Railway Geographic

[9] Jia Limin and Wang Yingjie, "Architecture of Railway Geographic Information

[10] Wang Yingjie and Shi Tianyun, "Research and Design of Railway Geographic Information

*and the Sixth International New Energy Car Innovation Development Forum*, 2009. [11] Shun GuanFu. *Geographic Information into Third Generation Sharing*. Available: http://media.ccidnet.com/art/2653/20081223/1643471\_1.html, 2008. [12] Sun Yuzhong, "*The* Revival of Virtualization," *Communication of the CCF,* vol. 4, pp. 1-3,

[13] Liu Weiguo, "The meaning of Modernization, Informatization, Digitalization, Intelligentization and their relations," *China Railway,* vol. 1, pp. 83-86, 2011.

Sharing Platform," *In Proceedings of the 5th China Intelligent Transportation Anniversary* 

System(RGIS)," *China Railway Science,* vol. 24, pp. 1-6, 2003.

Digital Railway," *China Railway,* vol. 10, pp. 19-22, 2000.

*Transportation Systems Engineering and Information Technology,* vol. 10, pp. 29-33, 2010.

and sustainable development of the modern railway.

*Surveyor*, vol. 43, pp. 89-91, 1998.

China Ministry of Railways, 2005.

Information System," 2003.

vol. 23, 2002.

2008.

**2. References** 

**0**

**11**

Sébastien Salva

*France*

*LIMOS UMR CNRS 6158, University of Auvergne*

**A Guided Web Service Security Testing Method**

For the last five years, the Internet is being revolutionized by becoming a Service-oriented platform. This tremendous inflection point in Computer Science leads to many new features in design and development such as the deployment of interoperable services accessible from Web sites or standard applications, the modelling of high level Business processes orchestrating Web Service sets, or recently the virtualization of service-based applications by

To achieve reliable Web services, which can be integrated into compositions or consumed without any risk in an open network like the Internet, more and more software development companies rely on software engineering, on quality processes, and quite obviously on testing activities. In particular, security testing approaches help to detect vulnerabilities in Web services in order to make them trustworthy. Nevertheless, it is quite surprising to notice that few security testing methods have been proposed for Web Services. This chapter addresses this issue by presenting a formal security testing method for stateful Web Services. Such services are persistent through a session and have an internal state which evolves over operation call sequences. For instance, all the Web Services using shopping carts or beginning with a login step are stateful. The proposed method aims to experiment *black box* Web Services, from which only SOAP messages (requests and responses) are observable. We do not have access to the code, Web services can be experimented only through their interfaces. Our approach is an active Model Based one: it relies on a specification formalized with a model to test Web services by means of test cases generated from the model. Model based testing approaches offer many advantages such as the description of a service without ambiguity. Accompanied with a formal method, some steps of the test can be also automated, e.g., the test case generation Rusu et al. (2005); Tretmans (2008). The use of a model also helps to define a relation between the specification and its black-box implementation to express clearly the confidence level between them. In this paper, we model Web services with Symbolic Transition Systems (STS Frantzen et al. (2005)) describing the different states, the called

In literature, for the same reasons, security policies are often described by means of formal rules, which regulate the nature and the context of actions that can be performed. Several security rule languages have been introduced in Cuppens et al. (2005); Senn et al. (2005). We have chosen Nomad (Non atomic actions and deadlines Cuppens et al. (2005)) to model abstract test patterns which can be directly derived from an existing security rule set. Nomad is well suited for expressing properties such as permissions, prohibitions or obligations and

**1. Introduction**

means of the Cloud paradigm.

operations and the associated data.
