Advertisement

Ensuring Trustworthiness and Security in Service Compositions

Conference paper
  • 820 Downloads
Part of the Communications in Computer and Information Science book series (CCIS, volume 470)

Abstract

Future Internet applications can be dynamically composed of atomic services, which exhibit different trustworthiness and security requirements, when being integrated into complex service chains. In that respect, research in the security field works around solutions that can ensure that security characteristics are well addressed in modern, Web-based, ICT environments, aiming to establish a level of trust and confidence on the service consumers. Towards this direction, this paper showcases the results of the EU-funded FP7 Aniketos project, in order to support the secure development life cycle of Web-based service compositions. It elaborates on the design time and runtime capabilities of the Aniketos platform to support security and trust in the specification of composite service processes, by offering service developers the ability to efficiently express their security requirements and service providers the capability to track security breaches and threats and support decisions on the appropriate mitigation actions.

Keywords

Secure service development Composition of public services Trust property 

References

  1. 1.
    Meland, P.H., Guerenabarrena, J.B., Llewellyn-Jones, D.: The challenges of secure and trustworthy service composition in the Future Internet. In: 2011 6th International Conference on Proceeding of System of Systems Engineering (SoSE). IEEE Computer Society (2011)Google Scholar
  2. 2.
    FP7-257930 Aniketos project. www.aniketos.eu
  3. 3.
    Georgia Institute of Technology, “Emerging Cyber Threats Report 2014”. Georgia Tech Cyber Security Summit 2013Google Scholar
  4. 4.
    Pajaa, E., Choprab, A.K., Giorgini, P.: Trust-based specification of sociotechnical systems. Data Knowl. Eng. 87, 339–353 (2013). doi: 10.1016/j.datak.2012.12.005. ElsevierCrossRefGoogle Scholar
  5. 5.
    Paja, E., Dalpiaz, F., Giorgini, P.: Managing security requirements conflicts in socio-technical systems. In: Ng, W., Storey, V.C., Trujillo, J.C. (eds.) ER 2013. LNCS, vol. 8217, pp. 270–283. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Object Management Group(OMG), Business Process Modelling and Notation (BPMN) specification v2.0, January 2011. www.bpmn.org
  7. 7.
    Brucker, A.D., Malmignati, F., Merabti, M., Qi, S., Bo, Z.: A Framework for Secure Service Composition. In: Proceedings of the International Conference on Social Computing 2013 (SocialCom), IEEE, pp. 647–652, doi: 10.1109/SocialCom.2013.97
  8. 8.
    Ayed, D., Asim, M., Llewellyn-Jones, D.: An event processing approach for threats monitoring of service compositions. In: Proceedings of the 2013 International Conference on Risks and Security of Internet and Systems (CRiSIS), IEEE, pp. 1–10, doi: 10.1109/CRiSIS.2013.6766363
  9. 9.
    Hall, R.S., Pauls, K., McCulloch, S., Savage, D.: OSGi in Action. Manning Publications Co., Greenwich (2011)Google Scholar
  10. 10.
    Cummins, H., Ward, T.: Enterprise OSGi in Action. Manning Publications Co., Birmingham (2013)Google Scholar
  11. 11.
    Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Proceedings of STAST’11, pp. 1–8 (2011)Google Scholar
  12. 12.
    Brucker, A.D.: Integrating security aspects into business process models. IT Inf. Technol. 55(6), 239–246 (2013). ISSN: 2196-7032. doi: 10.1524/itit.2013.2004. http://www.brucker.ch/bibliography/abstract/brucker-securebpmn-2013. Special Issue on Security in Business Processes

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.Athens Technology Center S.AAthensGreece
  2. 2.DAEMAthensGreece

Personalised recommendations