Abstract
A service is rigorously trusted if it can provide firm evidences to its users about its behavior. The evidences ensure that the service really follows its claimed behavior to process the requests and sensitive input data from users. In this paper, we propose a framework, which can attest the behavior of web services according to the trust policies specified by users. Different users may concern different aspects of service behavior. By using policies, this framework allows user-specific behavior attestation. In addition, this framework also protects service providers. When a user sends a service request, the framework needs the user to show that he has agreed on the service behavior. A case study is used to describe the critical processing steps of the framework to deliver rigorously trusted services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Resnick, P., Kuwabara, K., Zeckhauser, R., Friedman, E.: Reputation systems. ACM Commun. 43(12), 45–48 (2000)
Parno, B., McCune, J.M., Perrig, A.: Bootstrapping trust in commodity computers. In: Proceedings of the IEEE Symposium on Security and Privacy (May 2010)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)
Haldar, V., Chandra, D., Franz, M.: Semantic remote attestation: a virtual machine directed approach to trusted computing. In: VM 2004: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, p. 3. USENIX Association, Berkeley (2004)
Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW 2004: Proceedings of the 2004 Workshop on New Security Paradigms, pp. 67–77. ACM, New York (2004)
Necula, G.C.: Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119. ACM, New York (1997)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)
Papazoglou, M.P., Georgakopoulos, D.: Service-oriented computing: Introduction. ACM Commun. 46(10), 24–28 (2003)
Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. In: Proceedings of the 13th conference on USENIX Security Symposium, p. 16 (2004)
Corbett, J., Dwyer, M., Hatcliff, J., Laubach, S., Păsăreanu, C., Robby, Z.H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 22nd International Conference on Software Engineering (2000)
Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Proceedings of the 29th ACM Symposium on Principles of Programming Languages, pp. 1–3 (2002)
Wagner, D., Dean, D.: Intrusion detection via static analysis. In: IEEE Symposium on Security and Privacy (2001)
King, J.C.: Symbolic execution and program testing. ACM Commun. 19(7), 385–394 (1976)
Higuchi, T., Ohori, A.: A static type system for jvm access control. ACM Trans. Program. Lang. Syst. 29(1), 4 (2007)
Liu, D.: Bytecode verification for enhanced jvm access control. In: ARES 2007: Proceedings of the The Second International Conference on Availability, Reliability and Security, Washington, DC, USA, pp. 162–169. IEEE Computer Society, Los Alamitos (2007)
Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., Lin, D.: Access control policy combining: theory meets practice. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 135–144 (2009)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL 1977: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252 (1977)
W3C: OWL-S: Semantic markup for web services, http://www.w3.org/Submission/OWL-S/
W3C: Web service modeling language (WSML), http://www.w3.org/Submission/WSML/
Rajan, H., Hosamani, M.: Tisa: Towards trustworthy services in a service-oriented architecture. IEEE Transactions on Services Computing (TSC) 1(4) (2008)
Xu, W., Venkatakrishnan, V.N., Sekar, R., Ramakrishnan, I.V.: A framework for building privacy-conscious composite web services. In: Proceedings of the IEEE International Conference on Web Services, pp. 655–662 (2006)
Yoshihama, S., Ebringer, T., Nakamura, M., Munetoh, S., Maruyama, H.: Ws-attestation: Efficient and fine-grained remote attestation on web services. In: Proceedings of the IEEE International Conference on Web Services (2005)
Liu, D., Zic, J.: A framework for building privacy-conscious composite web services. In: Proceedings of the IEEE International Conference on Web Services (Work-in-Progress Track), pp. 648–651 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Liu, D., Zic, J. (2010). Policy-Based Attestation of Service Behavior for Establishing Rigorous Trust. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)