Skip to main content

Service-oriented Assurance — Comprehensive Security by Explicit Assurances

  • Conference paper
Quality of Protection

Part of the book series: Advances in Information Security ((ADIS,volume 23))

  • 868 Accesses

Abstract

Flexibility to adapt to changing business needs is a core requirement of today’s enterprises. This is addressed by decomposing business processes into services that can be provided by scalable service-oriented architectures. Service-oriented architectures enable requesters to dynamically discover and use subservices. Today, service selection does not consider security. In this paper, we introduce the concept of Service-Oriented Assurance (SOAS), in which services articulate their offered security assurances as well as assess the security of their sub-services. Products and services with well-specified and verifiable assurances provide guarantees about their security properties. Consequently, SOAS enables discovery of sub-services with the “right” level of security. Applied to business installations, it enables enterprises to perform a well-founded security/price tradeoff for the services used in their business processes.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. L. Baresi, R. Heckel, S. Thöne, and D. Varró. Modeling and Validation of Service-Oriented Architectures: Application vs. Style. In ESEC/FSE'03, pages 68–77. ACM Press, 2003.

    Google Scholar 

  2. T. Erl. Service-Oriented Architecture: Concepts, Technology, and Design. Prentice Hall PTR, 2005.

    Google Scholar 

  3. J. L. Griffin, T. Jaeger, R. Perez, R. Sailer, L. van Doom, and R. Cáceres. Trusted Virtual Domains: Toward secure distributed services. In Workshop on Hot Topics in System Dependability, 2005.

    Google Scholar 

  4. V. Haldar, D. Chandra, and M. Franz. Semantic remote attestation: A virtual machine directed approach to trusted computing. In USENIX Virtual Machine Research and Technology Symposium, pages 29–41, 2004.

    Google Scholar 

  5. A. Keller and H. Ludwig. The WSLA framework: Specifying and monitoring service level agreements for web services. Journal of Network and Systems Management, Special Issue on E-Business Management, 11(1), Mar. 2003. Plenum Publishing Corporation.

    Google Scholar 

  6. H. Ludwig, A. Dan, and R. Kearney. Cremona: an architecture and library for creation and monitoring of WS-agreements. In 2nd International Conference on Service Oriented Computing (ICSOC '04), pages 65–74. ACM Press, 2004.

    Google Scholar 

  7. J. S. Park, B. Montrose, and J. N. Froscher. Tools for information assurance arguments. In DARPA Information Survivability Conference and Exposition II (DISCEX'01), volume 1, pages 287–296, 2001.

    Article  Google Scholar 

  8. J. Poritz, M. Schunter, E.V. Herreweghen, and M. Waidner. Property attestation — scalable and privacy-friendly security assessment of peer computers. IBM Research Report RZ 3548, 2004.

    Google Scholar 

  9. Public Sector Outsourcing, Information & Privacy Commissioner for British Columbia. Privacy and the USA Patriot Act-Implications for British Columbia. http://www.oipcbc.org/sector_public/usa_patriot_act/pdfs/report/privacy-final.pdf, Oct. 2004.

  10. A.-R. Sadeghi and C. Stüble. Property-based attestation for computing platforms: Caring about policies, not mechanisms. In New Security Paradigm Workshop 2004, pages 67–77. ACM Press, 2005.

    Google Scholar 

  11. R. Sailer, T. Jaeger, X. Zhang, and L. van Doom. Attestation-based policy enforcement for remote access. In 11th ACM Conference on Computer and Communications Security, pages 308–317. ACM Press, 2004.

    Google Scholar 

  12. J. Skene, D. Lamanna, and W. Emmerich. Precise service level agreements. In 26th Int. Conference on Software Engineering, pages 179–188. IEEE Computer Society Press, 2004.

    Google Scholar 

  13. V. Tosci, B. Pagurek, and K. Patel. WSOL-a language for the formal specification of classes of service for web services. In International Conference on Web Services (ICWS'03), pages 375–381. CSRA Press, 2003.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer Science+Business Media, LLC.

About this paper

Cite this paper

Karjoth, G., Pfitzmann, B., Schunter, M., Waidner, M. (2006). Service-oriented Assurance — Comprehensive Security by Explicit Assurances. In: Gollmann, D., Massacci, F., Yautsiukhin, A. (eds) Quality of Protection. Advances in Information Security, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-36584-8_2

Download citation

  • DOI: https://doi.org/10.1007/978-0-387-36584-8_2

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-0-387-29016-4

  • Online ISBN: 978-0-387-36584-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics