Advertisement

Advanced Security Service cERTificate for SOA: Certified Services go Digital

  • J-C. Pazzaglia
  • V. Lotz
  • V. Campos Cerda
  • E. Damiani
  • C. Ardagna
  • S. Gürgens
  • A. Maña
  • C. Pandolfo
  • G. Spanoudakis
  • F. Guida
  • R. Menicocci

Abstract

Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms like Mashup or SaaS.

Assessing the trustworthiness of such complex and continuously evolving systems is a challenging task since a) methodologies – mainly based on certification processes – developed for assessing conventional static systems can hardly handle the dynamicity and variety of SOA based systems, b) few artifacts can be used to support and automate the assessment of the trustworthiness of a stand-alone service, and no means exist to assess the trustworthiness of composite applications, c) there is no mechanism to express and confront claimed security properties.

To address these issues and to realize our vision of bringing Certification-based Assurance to Service-based Systems, ASSERT4SOA has 3 main objectives: 1) to develop methods and tools to support certification of SOA based software by providing abstract models for these systems that capture their peculiarities and the security properties they satisfy ; 2) to develop schemes for expressing certification claims in the SOA lifecycle and mechanisms for handling them; 3) to provide mechanisms and tools enabling to reason about ASSERTs (Advanced Security Service cERTificates) in order to assess the trustworthiness of service based systems at runtime.

Keywords

Service Discovery Security Property Certification Scheme Certification Process Composite Application 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Common Criteria Evaluated Products, http://www.commoncriteriaportal.org/products_STAT.html, accessed October 2009
  2. “Economic Assessment of the Barriers for the Internal Market for Services”, Copenhagen Economics, 2005.Google Scholar
  3. Common Methodology for Information Technology Security Evaluation. http://www.commoncriteriaportal.org/files/ccfiles/cemv2.4r256.pdf
  4. E. Damiani, C.A. Ardagna, and N. El Ioini, “Open Source Security Certification”. Springer, December 2008.Google Scholar
  5. Report GAO–06–392. United States Government Accountability Office. http://www.gao.gov/new.items/d06392.pdf. Retrieved 2006–07–10.
  6. J.J. Robinson, Demand for software–as–a–service still growing, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, May 2009. accessed October 2009
  7. Software as a Service Market Will Expand Rather than Contract Despite the Economic Crisis, IDC Finds, http://www.idc.com/getdoc.jsp?containerId=prUS21641409, accessed October 2009

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • J-C. Pazzaglia
    • 1
  • V. Lotz
    • 2
  • V. Campos Cerda
    • 3
  • E. Damiani
    • 4
  • C. Ardagna
    • 5
  • S. Gürgens
    • 6
  • A. Maña
    • 7
  • C. Pandolfo
    • 8
  • G. Spanoudakis
    • 9
  • F. Guida
    • 10
  • R. Menicocci
    • 11
  1. 1.SAP ResearchFrance
  2. 2.SAP ResearchFrance
  3. 3.SAP ResearchFrance
  4. 4.SESAR LabUniversità degli Studi di MilanoItaly
  5. 5.SESAR LabUniversità degli Studi di MilanoItaly
  6. 6.Fraunhofer Institute for Secure Information TechnologyGermany
  7. 7.Fraunhofer Institute for Secure Information TechnologyGermany
  8. 8.Engineering Ingegneria InformaticaItaly
  9. 9.City University of LondonLondonUK
  10. 10.Fondazione Ugo BordoniItaly
  11. 11.Fondazione Ugo BordoniItaly

Personalised recommendations