Abstract
Certification is a well-established approach for the provision of assertions on security and privacy properties of entities (products, systems, services). People using (or other entities interacting with) certified entities can rely on the asserted properties, provided that the process of certification is known to produce sufficient evidence for the validity of the property for the certified entity. Today, business processes are increasingly implemented via run-time selection and composition of remote components provided by service suppliers. On the future Internet of Services, service purchasers will like (i) to have certified evidence that the remote services possess some desired non-functional properties, including service security, reliability, and quality, (ii) to be able to infer process-level properties across certified services’ composition. In this chapter, we provide a first analysis of the challenges to be faced toward security certification in the Internet of services, outlining possible solutions and future research directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Note that software assurance involves different activities carried out throughout the software development process. The outcome of these activities is made known to the user via written documentation that, in some cases, may be certified by an accredited, trusted third party.
- 2.
Alternatively, \(T\) codomain could be the interval [\(0,1\)]. For the sake of simplicity, we consider a discrete codomain.
- 3.
The same is valid for the evidence, that is, \(T(p, E_{EB}) \ge T(p, E_s)\).
- 4.
References
Agrawal, R.: Privacy cognizant information systems. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, DC, USA, October (2003)
Agrawal, R., Evfimievski, A.V., Srikant, R.: Information sharing across private databases. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, San Diego, CA, USA, June (2003)
Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, Dallas, TX, USA, May (2000)
Ardagna, C.A., De Capitani di Vimercati, S.: A comparison of modeling strategies in defining XML-based access control language. Comput. Syst. Sci. Eng. J. 19(3), 141–149 (2004)
Bai, X., Dong, W., Tsai, W.-T., Chen, Y.: WSDL-based automatic test case generation for Web services testing. In: Proceedings of the IEEE International Conference on Service-Oriented System Engineering (SOSE 2005), Beijing, China, October (2005)
Berardi, D., Calvanese, D., De Giacomo, G., Hull, R., Mecella, M.: Automatic composition of transition-based semantic Web services with messaging. In: Proceedings of the 31st International Conference on Very Large Data Bases (VLDB 2005), Trondheim, Norway, August–September (2005)
Bhargavan, K., Fournet, C., Gordon, A. D.: Verifying policy-based security for Web services. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), Washington, DC, USA, October (2004)
Cardoso, J., Voigt, K., Winkler, M.: Service engineering for the internet of services. In: Proceedings of the 10th International Conference on Enterprise Information Systems, Barcelona, Spain, June (2008)
Chang, E., Hussain, F., Dillon, T.: Trust and Reputation for Service-Oriented Environments: Technologies For Building Business Intelligence and Consumer Confidence. Wiley, Chichester (2006)
Damiani, E., Ardagna, C.A., El Ioini, N.: Open Source Systems Security Certification. Springer, New York (2009)
Damiani, E., El Ioini, N., Sillitti, A., Succi, G.: Ws-certificate. In: Proceedings of the IEEE Congress on Services, Part I (SERVICES I 2009), Los Angeles, CA, USA, July (2009)
Damiani, E., Maña, A.: Toward ws-certificate. In: Proceedings of the ACM Workshop on Secure Web Services (SWS 2009), Chicago, IL, USA, November (2009)
Deng, T., Huai, J., Li, X., Du, Z., Guo, H.: Automated synthesis of composite services with correctness guarantee. In: Proceedinds of the 18th International World Wide Web Conference (WWW 2009), Madrid, Spain, April (2009)
Dong, W.-L., Yu, H.: Web service testing method based on fault-coverage. In: Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW 2006), Hong Kong, China, October (2006)
Dragoni, N., Massacci, F.: Security-by-contract for Web services. In: Proceedings of the 4th ACM Workshop On Secure Web Services (SWS 2007), Fairfax, VA, USA, November (2007)
Fu, X., Bultan, T., Su, J.: Formal verification of e-services and workflows. In: Proceedings of the International Workshop on Web Services, E-Business, and the Semantic Web (WES 2002): Foundations, Models, Architecture, Engineering and Applications, Toronto, Canada, May (2002)
Galbraith, B., Hankinson, W., Hiotis, A., Janakiraman, M., Prasad, D.V., Trivedi, R., Whitney, D.: Professional Web Services Security. Wrox Press Ltd., Birmingham (2002)
Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. Auerbach Publications, Boca Raton (2002)
Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on Web services. Comput. Sci.—R&D 24(4), 185–197 (2009)
Kolaczek, G., Juszczyszyn, K.: Smart security assessment of composed Web services. Cybern. Syst. 41(1), 46–61 (2010)
Meredith, L.G., Bjorg, S.: Contracts and types. Commun. ACM 46(10), 41–47 (2003)
Milanovic, N., Malek, M.: Verifying correctness of Web services composition. In: Proceedings of the 11th Infofest, Budva, Montenegro, September–October (2004)
Necula, G.: Proof-carrying code. In: Proceedings of the ACM Principles of Programming Languages (POPL 1997), Paris, France, January (1997)
Papazoglou, M.P.: Web services and business transactions. World Wide Web 6(1), 49–91 (2003)
Papazoglou, M.P., Traverso, P., Dustdar, S., Leymann, F.: Service-oriented computing: State of the art and research challenges. Computer 40(11), 38–45 (2007)
Rahaman, M.A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM Workshop On Secure Web Services (SWS 2006), Alexandria, VA, USA, November (2006)
Schroth, C., Janner, T.: Web 2.0 and SOA: Converging concepts enabling the internet of services. IT Professional 9(3), 36–41 (2007)
Securing Web services for army SOA. http://www.sei.cmu.edu/solutions/softwaredev/securing-web-services.cfm
Sinha, S.K., Benameur, A.: A formal solution to rewriting attacks on SOAP messages. In: Proceedings of the 5th ACM Workshop On Secure Web Services (SWS 2008), Alexandria, VA, USA, October (2008)
Tsai, T., Paul, R., Cao, Z., Yu, L., Saimi, A., Xiao, B.: Verification of Web services using an enhanced UDDI server. In: Proceedings of the 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2003), Guadalajara, Mexico, January (2003)
Tsai, W.T., Xinyu, Z., Yinong, C., Xiaoying, B.: On testing and evaluating service-oriented software. Computer 41(8), 40–46 (2008)
UDDI OASIS standard. http://uddi.xml.org/
Xu, W., Venkatakrishnan, V.N., Sekar, R., Ramakrishnan, I.V.: A framework for building privacy-conscious composite Web services. In: Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), Chicago, IL, USA, September (2006)
Acknowledgements
This work was partly funded by the European Commission under the project ASSERT4SOA (contract no. FP7-257351). We would like to thank Volkmar Lotz and all partners in the project for their help and fruitful discussions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Italia Srl
About this chapter
Cite this chapter
Anisetti, M., Ardagna, C.A., Damiani, E. (2011). Certifying Security and Privacy Properties in the Internet of Services. In: Salgarelli, L., Bianchi, G., Blefari-Melazzi, N. (eds) Trustworthy Internet. Springer, Milano. https://doi.org/10.1007/978-88-470-1818-1_17
Download citation
DOI: https://doi.org/10.1007/978-88-470-1818-1_17
Published:
Publisher Name: Springer, Milano
Print ISBN: 978-88-470-1817-4
Online ISBN: 978-88-470-1818-1
eBook Packages: EngineeringEngineering (R0)