Towards a Trustworthy Service Marketplace for the Future Internet

  • Francesco Di Cerbo
  • Michele Bezzi
  • Samuel Paul Kaluvuri
  • Antonino Sabetta
  • Slim Trabelsi
  • Volkmar Lotz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7281)

Abstract

Digital economy is moving towards offering advanced business services, integrated into different applications and consumed from heterogeneous devices. Considering the success of actual software marketplaces, it is possible to foresee that Service Marketplaces (SM) will play a key role for the future Internet of Services. At present, on all offered software, marketplace operators define requirements that are common, and are validated before admitting them. However, the requirements, the validation process, and its results are not completely evident to the service consumers, resulting in a significant shortcoming especially with respect to security characteristics. In addition, having common security requirements for all services and applications makes the validation possibly inadequate to address the specific requirements that consumers may have.

In order to address these points, we propose the concept of a trustworthy service marketplace for the upcoming Internet of Services, where the security characteristics of services are certified and treated as first-class entities, represented in a machine-processable format. This allows service consumers – either human end-users or computer agents – to reason about these security features and to match them with their specific security requirements.

Keywords

Security Trustworthiness Trust Service Marketplace 

References

  1. 1.
  2. 2.
    Anisetti, M., Ardagna, C.A., Guida, F., Gürgens, S., Lotz, V., Maña, A., Pandolfo, C., Pazzaglia, J.-C.R., Pujol, G., Spanoudakis, G.: ASSERT4SOA: Toward Security Certification of Service-Oriented Applications. In: Meersman, R., Dillon, T., Herrero, P. (eds.) OTM 2010. LNCS, vol. 6428, pp. 38–40. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
  4. 4.
    Apple inc. Official apple online store, http://store.apple.com/us
  5. 5.
    Barrera, D., van Oorschot, P.: Secure software installation on smartphones. IEEE Security & Privacy 99, 1 (2010)Google Scholar
  6. 6.
    Bezzi, M., Sabetta, A., Spanoudakis, G.: An architecture for certification-aware service discovery. In: Proc. of IWSSC (co-located with NSS 2011) (2011)Google Scholar
  7. 7.
    Cantor, S., Kemp, I., Philpott, N., Maler, E.: Assertions and protocols for the oasis security assertion markup language. OASIS Standard (March 2005)Google Scholar
  8. 8.
    O. W. S. S. Committee. OASIS web services security (WSS) TC OASIS, http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss
  9. 9.
    Doraswamy, N., Harkins, D.: IPSec: the new security standard for the Internet, intranets, and virtual private networks. Prentice Hall (2003)Google Scholar
  10. 10.
    Gilbert, P., Chun, B., Cox, L., Jung, J.: Vision: automated security validation of mobile apps at app markets. In: Proceedings of the Second International Workshop on Mobile Cloud Computing and Services, pp. 21–26 (2011)Google Scholar
  11. 11.
    Google inc. Evaluate a marketplace app’s security, https://support.google.com
  12. 12.
    Herzog, A., Shahmehri, N., Duma, C.: An ontology of information security. International Journal of Information Security 1(4), 1–23 (2007)CrossRefGoogle Scholar
  13. 13.
    Martin, D., Burstein, M., Hobbs, J., Lassila, O., McDermott, D., McIlraith, S., Narayanan, S., Paolucci, M., Parsia, B., Payne, T., et al.: OWL-S: semantic markup for web services. W3C Member Submission 22, 200704 (2004)Google Scholar
  14. 14.
    McDaniel, P., Enck, W.: Not so great expectations: Why application markets haven’t failed security. IEEE Security & Privacy 8(5), 76–78 (2010)CrossRefGoogle Scholar
  15. 15.
  16. 16.
    Microsoft inc. Windows azure: Terms of use, https://datamarket.azure.com/terms
  17. 17.
    Microsoft inc. Windows marketplace, http://www.windowsphone.com/marketplace
  18. 18.
    Nasuni. Security and control are greatest concerns preventing enterprises from adopting cloud storage, http://www.nasuni.com/news/press_releases/
  19. 19.
    Nokia. Nokia ovi store content guidelines, http://support.publish.nokia.com
  20. 20.
    Nokia. Packaging and signing, http://www.developer.nokia.com/
  21. 21.
    Pedrinaci, C., Leidig, T.: Linked-USDL, http://linked-usdl.org/ns/usdl-core
  22. 22.
    RIM inc. BlackBerry app world, http://us.blackberry.com/developers/appworld/
  23. 23.
  24. 24.
    Szyperski, C., Gruntz, D., Murer, S.: Component software: beyond object-oriented programming. Addison-Wesley Professional (2002)Google Scholar
  25. 25.
    Zhou, C., Ramacciotti, S.: Common criteria: Its limitations and advice on improvement. Information Systems Security Association ISSA Journal, 24–28 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Francesco Di Cerbo
    • 1
  • Michele Bezzi
    • 1
  • Samuel Paul Kaluvuri
    • 1
  • Antonino Sabetta
    • 1
  • Slim Trabelsi
    • 1
  • Volkmar Lotz
    • 1
  1. 1.SAP ResearchMouginsFrance

Personalised recommendations