A Framework for Trustworthy Service-Oriented Computing (Short Paper)
- 1.5k Downloads
Service-oriented computing requires un-trusted and trusted software to simultaneously execute on the same hardware platform. Trusted software protects a service provider’s business model and must execute in a high assurance environment. Increasingly, hardware mechanisms are required to create high-assurance closed environments to host trusted software on open platforms. In current approaches, independent hardware vendors (IHVs) design and implement closed environments with proprietary interfaces specific to mobile phones, PCs and servers, forcing independent software vendors (ISVs) and service providers to develop non-portable software. In this paper, we present an abstract closed environment architecture that exposes its facilities via implementation-independent canonical interfaces. IHVs can use this architecture to implement platform-specific closed environments, while ISVs and service providers develop applications to the canonical interface and build portable trusted software. We discuss example implementations of our framework to demonstrate the feasibility of building scalable solutions to support trustworthy service-oriented computing.
KeywordsService Provider Service Orient Architecture Open Platform Closed Environment Security Architecture
Unable to display preview. Download preview PDF.
- 1.MacKenzie, C.M., et al.: Reference Model for Service Oriented Architecture 1.0. World Wide Web (October 2006), http://docs.oasis-open.org/soa-rm/v1.0/
- 3.Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: AEGIS: architecture for tamper-evident and tamper-resistant processing. In: ICS 2003: Proceedings of the 17th annual international conference on Supercomputing, pp. 160–171. ACM, New York (2003)Google Scholar
- 5.Alves, T., Felton, D.: TrustZone: Integrated Hardware and Software Security. World Wide Web (July 2004), http://www.arm.com/pdfs/TZ_Whitepaper.pdf
- 6.TCG: TCG mobile reference architecture specification version 1.0. World Wide Web (June 2007), https://www.trustedcomputinggroup.org/specs/mobilephone/tcg-mobilereference-architecture-1.0.pdf
- 7.Ashkenazi, A., Hartley, D.: Securing Mobile Devices with Platform Independent Security Architecture. In: Embedded Systems Conference (April 2008)Google Scholar
- 9.Chinnici, R., et al.: Web Services Description Language (WSDL) Version 2.0 Part 1: Core Language. World Wide Web (June 2007), http://www.w3.org/TR/2007/REC-wsdl20-20070626
- 10.Nadalin, A., et al.: WS-Trust 1.3. World Wide Web (March 2007), http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.doc
- 11.Ekberg, J., et al.: OnBoard Credentials Platform Design and Implementation. Technical Report NRC-TR-2008-001, Nokia Research Center (January 2008)Google Scholar
- 12.Liedtke, J.: On μ-kernel construction. In: Proc. 15th ACM Symposium on OS Principles, pp. 237–250 (December 1995)Google Scholar