Abstract
Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms like Mashup or SaaS.
Assessing the trustworthiness of such complex and continuously evolving systems is a challenging task since a) methodologies – mainly based on certification processes – developed for assessing conventional static systems can hardly handle the dynamicity and variety of SOA based systems, b) few artifacts can be used to support and automate the assessment of the trustworthiness of a stand-alone service, and no means exist to assess the trustworthiness of composite applications, c) there is no mechanism to express and confront claimed security properties.
To address these issues and to realize our vision of bringing Certification-based Assurance to Service-based Systems, ASSERT4SOA has 3 main objectives: 1) to develop methods and tools to support certification of SOA based software by providing abstract models for these systems that capture their peculiarities and the security properties they satisfy ; 2) to develop schemes for expressing certification claims in the SOA lifecycle and mechanisms for handling them; 3) to provide mechanisms and tools enabling to reason about ASSERTs (Advanced Security Service cERTificates) in order to assess the trustworthiness of service based systems at runtime.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Common Criteria Evaluated Products, http://www.commoncriteriaportal.org/products_STAT.html, accessed October 2009
“Economic Assessment of the Barriers for the Internal Market for Services”, Copenhagen Economics, 2005.
Common Methodology for Information Technology Security Evaluation. http://www.commoncriteriaportal.org/files/ccfiles/cemv2.4r256.pdf
E. Damiani, C.A. Ardagna, and N. El Ioini, “Open Source Security Certification”. Springer, December 2008.
Report GAO–06–392. United States Government Accountability Office. http://www.gao.gov/new.items/d06392.pdf. Retrieved 2006–07–10.
J.J. Robinson, Demand for software–as–a–service still growing, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, May 2009. accessed October 2009
Software as a Service Market Will Expand Rather than Contract Despite the Economic Crisis, IDC Finds, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, accessed October 2009
Securing Web Services for Army SOA.http://www.sei.cmu.edu/solutions/softwaredev/securingweb-services.cfm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH
About this chapter
Cite this chapter
Pazzaglia, JC. et al. (2011). Advanced Security Service cERTificate for SOA: Certified Services go Digital. In: Pohlmann, N., Reimer, H., Schneider, W. (eds) ISSE 2010 Securing Electronic Business Processes. Vieweg+Teubner. https://doi.org/10.1007/978-3-8348-9788-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-8348-9788-6_15
Publisher Name: Vieweg+Teubner
Print ISBN: 978-3-8348-1438-8
Online ISBN: 978-3-8348-9788-6
eBook Packages: EngineeringEngineering (R0)