Trustable Remote Verification of Web Services

  • John Lyle
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5471)

Abstract

Service Oriented Architectures currently provide little or no evidence that each remote component has been implemented correctly. This is a problem for businesses hoping to exploit the potential benefits of SOA. We present a technique called Trustable Remote Verification, which lets providers create behavioural guarantees of their web services. Our approach is flexible, using Extended Static Checking for verification and has the significant advantage of requiring no additional trusted third party.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Christensen, E., Curbera, F., Meredith, G., Weerawarana, S.: Web Services Description Language (WSDL) 1.1. Technical report, W3C (March 2001), http://www.w3.org/TR/2001/NOTE-wsdl-20010315
  2. 2.
    The Trusted Computing Group: TCG Specification Architecture Overview, Revision 1.4 (August 2007), https://www.trustedcomputinggroup.org/groups/TCG_1_4_Architecture_Overview.pdf
  3. 3.
    The Trusted Computing Group: TCG Glossary of Technical Terms (2008), https://www.trustedcomputinggroup.org/groups/glossary/
  4. 4.
    Poritz, J.A.: Trust[ed | in] Computing, Signed Code and the Heat Death of the Internet. In: SAC 2006: Proceedings of the 2006 ACM Symposium on Applied Computing, pp. 1855–1859. ACM Press, New York (2006)Google Scholar
  5. 5.
    Sadeghi, A.R., Stüble, C.: Property-based Attestation for Computing Platforms: Caring About Properties, Not Mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM Press, New York (2004)Google Scholar
  6. 6.
    Papazoglou, M.P., Dubray, J.j.: A Survey of Web Service Technologies. Technical Report DIT-04-058, Informatica e Telecomunicazioni, University of Trento (June 2004)Google Scholar
  7. 7.
    The W3C: Simple Object Access Protocol (SOAP) (April 2007), http://www.w3.org/TR/soap/
  8. 8.
    Meyer, B.: Design by Contract: Building Reliable Software. In: Object-Oriented Software Construction, pp. 331–341. Prentice Hall, Englewood Cliffs (1997)Google Scholar
  9. 9.
    Leavens, G., Cheon, Y.: Design by Contract with JML (2003), http://citeseer.ist.psu.edu/leavens04design.html
  10. 10.
    Cok, D.R., Kiniry, J.R.: ESC/Java2: Uniting eSC/Java and JML. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 108–128. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Necula, G.: Proof-Carrying Code. Website (July 2002), http://raw.cs.berkeley.edu/pcc.html
  12. 12.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: Policy-Reduced Integrity Measurement Architecture. In: SACMAT, pp. 19–28 (2006)Google Scholar
  13. 13.
    Munetoh, S., Nakamura, M., Yoshihama, S., Kudo, M.: Integrity Management Infrastructure for Trusted Computing. IEICE Transactions on Information and Systems E91-D(5), 1242–1251 (2008)CrossRefGoogle Scholar
  14. 14.
    Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.L.: Enforcing High-Level Security Properties for Applets (2004)Google Scholar
  15. 15.
    Cooper, A., Martin, A.: Towards a secure, tamper-proof grid platform. In: CCGRID 2006. Sixth IEEE International Symposium on Cluster Computing and the Grid, 2006, vol. 1, p. 8 (May 2006)Google Scholar
  16. 16.
    Haldar, V., Chandra, D., Franz, M.: Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing. In: Virtual Machine Research and Technology Symposium, USENIX, pp. 29–41 (2004)Google Scholar
  17. 17.
    Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: WS-attestation: efficient and fine-grained remote attestation on Web services. In: ICWS 2005. Proceedings. 2005 IEEE International Conference on Web Services, pp. 743–750 (July 2005)Google Scholar
  18. 18.
    Betin-Can, A., Bultan, T.: Verifiable Web services with Hierarchical Interfaces. In: ICWS 2005. Proceedings. 2005 IEEE International Conference on Web Services, vol.1, pp. 85–94 (July 2005)Google Scholar
  19. 19.
    Tsai, W., Wei, X., Chen, Y., Xiao, B., Paul, R., Huang, H.: Developing and assuring trustworthy Web services. In: Autonomous Decentralized Systems, 2005. ISADS 2005. Proceedings, pp. 43–50 (April 2005)Google Scholar
  20. 20.
    McCune, J.M., Parno, B.J., Perrig, A., Reiter, M.K., Isozaki, H.: Flicker: an execution infrastructure for tcb minimization. In: Eurosys 2008: Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008, pp. 315–328. ACM, New York (2008)CrossRefGoogle Scholar
  21. 21.
    Wei, J., Cihula, J., Wang, S.: Trusted Boot Sourceforge Project Website (2008), http://sourceforge.net/projects/tboot/

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • John Lyle
    • 1
  1. 1.Computing LaboratoryOxford UniversityOxfordUK

Personalised recommendations