Advanced Security Service cERTificate for SOA: Certified Services go Digital
Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms like Mashup or SaaS.
Assessing the trustworthiness of such complex and continuously evolving systems is a challenging task since a) methodologies – mainly based on certification processes – developed for assessing conventional static systems can hardly handle the dynamicity and variety of SOA based systems, b) few artifacts can be used to support and automate the assessment of the trustworthiness of a stand-alone service, and no means exist to assess the trustworthiness of composite applications, c) there is no mechanism to express and confront claimed security properties.
To address these issues and to realize our vision of bringing Certification-based Assurance to Service-based Systems, ASSERT4SOA has 3 main objectives: 1) to develop methods and tools to support certification of SOA based software by providing abstract models for these systems that capture their peculiarities and the security properties they satisfy ; 2) to develop schemes for expressing certification claims in the SOA lifecycle and mechanisms for handling them; 3) to provide mechanisms and tools enabling to reason about ASSERTs (Advanced Security Service cERTificates) in order to assess the trustworthiness of service based systems at runtime.
KeywordsService Discovery Security Property Certification Scheme Certification Process Composite Application
Unable to display preview. Download preview PDF.
- Common Criteria Evaluated Products, http://www.commoncriteriaportal.org/products_STAT.html, accessed October 2009
- “Economic Assessment of the Barriers for the Internal Market for Services”, Copenhagen Economics, 2005.Google Scholar
- Common Methodology for Information Technology Security Evaluation. http://www.commoncriteriaportal.org/files/ccfiles/cemv2.4r256.pdf
- E. Damiani, C.A. Ardagna, and N. El Ioini, “Open Source Security Certification”. Springer, December 2008.Google Scholar
- Report GAO–06–392. United States Government Accountability Office. http://www.gao.gov/new.items/d06392.pdf. Retrieved 2006–07–10.
- J.J. Robinson, Demand for software–as–a–service still growing, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, May 2009. accessed October 2009
- Software as a Service Market Will Expand Rather than Contract Despite the Economic Crisis, IDC Finds, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, accessed October 2009
- Securing Web Services for Army SOA.http://www.sei.cmu.edu/solutions/softwaredev/securingweb-services.cfm