Abstract
Service Oriented Architectures currently provide little or no evidence that each remote component has been implemented correctly. This is a problem for businesses hoping to exploit the potential benefits of SOA. We present a technique called Trustable Remote Verification, which lets providers create behavioural guarantees of their web services. Our approach is flexible, using Extended Static Checking for verification and has the significant advantage of requiring no additional trusted third party.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Services Description Language (WSDL) 1.1. Technical report, W3C (March 2001), http://www.w3.org/TR/2001/NOTE-wsdl-20010315
The Trusted Computing Group: TCG Specification Architecture Overview, Revision 1.4 (August 2007), https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf
The Trusted Computing Group: TCG Glossary of Technical Terms (2008), https://www.trustedcomputinggroup.org/groups/glossary/
Poritz, J.A.: Trust[ed | in] Computing, Signed Code and the Heat Death of the Internet. In: SAC 2006: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1855–1859. ACM Press, New York (2006)
Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring About Properties, Not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)
Papazoglou, M.P., Dubray, J.j.: A Survey of Web Service Technologies. Technical Report DIT-04-058, Informatica e Telecomunicazioni, University of Trento (June 2004)
The W3C: Simple Object Access Protocol (SOAP) (April 2007), http://www.w3.org/TR/soap/
Meyer, B.: Design by Contract: Building Reliable Software. In: Object-Oriented Software Construction, pp. 331–341. Prentice Hall, Englewood Cliffs (1997)
Leavens, G., Cheon, Y.: Design by Contract with JML (2003), http://citeseer.ist.psu.edu/leavens04design.html
Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting eSC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 108–128. Springer, Heidelberg (2005)
Necula, G.: Proof-Carrying Code. Website (July 2002), http://raw.cs.berkeley.edu/pcc.html
Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT, pp. 19–28 (2006)
Munetoh, S., Nakamura, M., Yoshihama, S., Kudo, M.: Integrity Management Infrastructure for Trusted Computing. IEICE Transactions on Information and Systems E91-D(5), 1242–1251 (2008)
Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing High-Level Security Properties for Applets (2004)
Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: CCGRID 2006. Sixth IEEE International Symposium on Cluster Computing and the Grid, 2006, vol. 1, p. 8 (May 2006)
Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing. In: Virtual Machine Research and Technology Symposium, USENIX, pp. 29–41 (2004)
Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: WS-attestation: efficient and fine-grained remote attestation on Web services. In: ICWS 2005. Proceedings. 2005 IEEE International Conference on Web Services, pp. 743–750 (July 2005)
Betin-Can, A., Bultan, T.: Verifiable Web services with Hierarchical Interfaces. In: ICWS 2005. Proceedings. 2005 IEEE International Conference on Web Services, vol.1, pp. 85–94 (July 2005)
Tsai, W., Wei, X., Chen, Y., Xiao, B., Paul, R., Huang, H.: Developing and assuring trustworthy Web services. In: Autonomous Decentralized Systems, 2005. ISADS 2005. Proceedings, pp. 43–50 (April 2005)
McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Eurosys 2008: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, New York (2008)
Wei, J., Cihula, J., Wang, S.: Trusted Boot Sourceforge Project Website (2008), http://sourceforge.net/projects/tboot/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lyle, J. (2009). Trustable Remote Verification of Web Services. In: Chen, L., Mitchell, C.J., Martin, A. (eds) Trusted Computing. Trust 2009. Lecture Notes in Computer Science, vol 5471. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00587-9_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-00587-9_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00586-2
Online ISBN: 978-3-642-00587-9
eBook Packages: Computer ScienceComputer Science (R0)