Skip to main content
SpringerLink
Log in

Certifying Security and Privacy Properties in the Internet of Services

  • Chapter
  • First Online:
Trustworthy Internet

Abstract

Certification is a well-established approach for the provision of assertions on security and privacy properties of entities (products, systems, services). People using (or other entities interacting with) certified entities can rely on the asserted properties, provided that the process of certification is known to produce sufficient evidence for the validity of the property for the certified entity. Today, business processes are increasingly implemented via run-time selection and composition of remote components provided by service suppliers. On the future Internet of Services, service purchasers will like (i) to have certified evidence that the remote services possess some desired non-functional properties, including service security, reliability, and quality, (ii) to be able to infer process-level properties across certified services’ composition. In this chapter, we provide a first analysis of the challenges to be faced toward security certification in the Internet of services, outlining possible solutions and future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Note that software assurance involves different activities carried out throughout the software development process. The outcome of these activities is made known to the user via written documentation that, in some cases, may be certified by an accredited, trusted third party.

  2. 2.

    Alternatively, \(T\) codomain could be the interval [\(0,1\)]. For the sake of simplicity, we consider a discrete codomain.

  3. 3.

    The same is valid for the evidence, that is, \(T(p, E_{EB}) \ge T(p, E_s)\).

  4. 4.

    Other examples of obfuscation can be found in [13].

References

  1. Agrawal, R.: Privacy cognizant information systems. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), Washington, DC, USA, October (2003)

    Google Scholar 

  2. Agrawal, R., Evfimievski, A.V., Srikant, R.: Information sharing across private databases. In: Proceedings of the 2003 ACM SIGMOD International Conference on Management of Data, San Diego, CA, USA, June (2003)

    Google Scholar 

  3. Agrawal, R., Srikant, R.: Privacy-preserving data mining. In: Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, Dallas, TX, USA, May (2000)

    Google Scholar 

  4. Ardagna, C.A., De Capitani di Vimercati, S.: A comparison of modeling strategies in defining XML-based access control language. Comput. Syst. Sci. Eng. J. 19(3), 141–149 (2004)

    Google Scholar 

  5. Bai, X., Dong, W., Tsai, W.-T., Chen, Y.: WSDL-based automatic test case generation for Web services testing. In: Proceedings of the IEEE International Conference on Service-Oriented System Engineering (SOSE 2005), Beijing, China, October (2005)

    Google Scholar 

  6. Berardi, D., Calvanese, D., De Giacomo, G., Hull, R., Mecella, M.: Automatic composition of transition-based semantic Web services with messaging. In: Proceedings of the 31st International Conference on Very Large Data Bases (VLDB 2005), Trondheim, Norway, August–September (2005)

    Google Scholar 

  7. Bhargavan, K., Fournet, C., Gordon, A. D.: Verifying policy-based security for Web services. In: Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), Washington, DC, USA, October (2004)

    Google Scholar 

  8. Cardoso, J., Voigt, K., Winkler, M.: Service engineering for the internet of services. In: Proceedings of the 10th International Conference on Enterprise Information Systems, Barcelona, Spain, June (2008)

    Google Scholar 

  9. Chang, E., Hussain, F., Dillon, T.: Trust and Reputation for Service-Oriented Environments: Technologies For Building Business Intelligence and Consumer Confidence. Wiley, Chichester (2006)

    Book  Google Scholar 

  10. Damiani, E., Ardagna, C.A., El Ioini, N.: Open Source Systems Security Certification. Springer, New York (2009)

    Book  Google Scholar 

  11. Damiani, E., El Ioini, N., Sillitti, A., Succi, G.: Ws-certificate. In: Proceedings of the IEEE Congress on Services, Part I (SERVICES I 2009), Los Angeles, CA, USA, July (2009)

    Google Scholar 

  12. Damiani, E., Maña, A.: Toward ws-certificate. In: Proceedings of the ACM Workshop on Secure Web Services (SWS 2009), Chicago, IL, USA, November (2009)

    Google Scholar 

  13. Deng, T., Huai, J., Li, X., Du, Z., Guo, H.: Automated synthesis of composite services with correctness guarantee. In: Proceedinds of the 18th International World Wide Web Conference (WWW 2009), Madrid, Spain, April (2009)

    Google Scholar 

  14. Dong, W.-L., Yu, H.: Web service testing method based on fault-coverage. In: Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference Workshops (EDOCW 2006), Hong Kong, China, October (2006)

    Google Scholar 

  15. Dragoni, N., Massacci, F.: Security-by-contract for Web services. In: Proceedings of the 4th ACM Workshop On Secure Web Services (SWS 2007), Fairfax, VA, USA, November (2007)

    Google Scholar 

  16. Fu, X., Bultan, T., Su, J.: Formal verification of e-services and workflows. In: Proceedings of the International Workshop on Web Services, E-Business, and the Semantic Web (WES 2002): Foundations, Models, Architecture, Engineering and Applications, Toronto, Canada, May (2002)

    Google Scholar 

  17. Galbraith, B., Hankinson, W., Hiotis, A., Janakiraman, M., Prasad, D.V., Trivedi, R., Whitney, D.: Professional Web Services Security. Wrox Press Ltd., Birmingham (2002)

    Google Scholar 

  18. Herrmann, D.S.: Using the Common Criteria for IT Security Evaluation. Auerbach Publications, Boca Raton (2002)

    Book  Google Scholar 

  19. Jensen, M., Gruschka, N., Herkenhöner, R.: A survey of attacks on Web services. Comput. Sci.—R&D 24(4), 185–197 (2009)

    Google Scholar 

  20. Kolaczek, G., Juszczyszyn, K.: Smart security assessment of composed Web services. Cybern. Syst. 41(1), 46–61 (2010)

    Article  MathSciNet  Google Scholar 

  21. Meredith, L.G., Bjorg, S.: Contracts and types. Commun. ACM 46(10), 41–47 (2003)

    Article  Google Scholar 

  22. Milanovic, N., Malek, M.: Verifying correctness of Web services composition. In: Proceedings of the 11th Infofest, Budva, Montenegro, September–October (2004)

    Google Scholar 

  23. Necula, G.: Proof-carrying code. In: Proceedings of the ACM Principles of Programming Languages (POPL 1997), Paris, France, January (1997)

    Google Scholar 

  24. Papazoglou, M.P.: Web services and business transactions. World Wide Web 6(1), 49–91 (2003)

    Article  Google Scholar 

  25. Papazoglou, M.P., Traverso, P., Dustdar, S., Leymann, F.: Service-oriented computing: State of the art and research challenges. Computer 40(11), 38–45 (2007)

    Article  Google Scholar 

  26. Rahaman, M.A., Schaad, A., Rits, M.: Towards secure SOAP message exchange in a SOA. In: Proceedings of the 3rd ACM Workshop On Secure Web Services (SWS 2006), Alexandria, VA, USA, November (2006)

    Google Scholar 

  27. Schroth, C., Janner, T.: Web 2.0 and SOA: Converging concepts enabling the internet of services. IT Professional 9(3), 36–41 (2007)

    Article  Google Scholar 

  28. Securing Web services for army SOA. http://www.sei.cmu.edu/solutions/softwaredev/securing-web-services.cfm

  29. Sinha, S.K., Benameur, A.: A formal solution to rewriting attacks on SOAP messages. In: Proceedings of the 5th ACM Workshop On Secure Web Services (SWS 2008), Alexandria, VA, USA, October (2008)

    Google Scholar 

  30. Tsai, T., Paul, R., Cao, Z., Yu, L., Saimi, A., Xiao, B.: Verification of Web services using an enhanced UDDI server. In: Proceedings of the 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2003), Guadalajara, Mexico, January (2003)

    Google Scholar 

  31. Tsai, W.T., Xinyu, Z., Yinong, C., Xiaoying, B.: On testing and evaluating service-oriented software. Computer 41(8), 40–46 (2008)

    Article  Google Scholar 

  32. UDDI OASIS standard. http://uddi.xml.org/

  33. Xu, W., Venkatakrishnan, V.N., Sekar, R., Ramakrishnan, I.V.: A framework for building privacy-conscious composite Web services. In: Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), Chicago, IL, USA, September (2006)

    Google Scholar 

Download references

Acknowledgements

This work was partly funded by the European Commission under the project ASSERT4SOA (contract no. FP7-257351). We would like to thank Volkmar Lotz and all partners in the project for their help and fruitful discussions.

Author information

Authors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, Italy

    Marco Anisetti, Claudio A. Ardagna & Ernesto Damiani

Authors
  1. Marco Anisetti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Claudio A. Ardagna .

Editor information

Editors and Affiliations

  1. , Information Engineering, University of Brescia, Via Branze 38, Brescia, 25123, Italy

    Luca Salgarelli

  2. , Electronic Engineering, University of Rome Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Giuseppe Bianchi

  3. , Electronic Engineering, University of Rome, Tor Vergata, Via del Politecnico 1, Rome, 00133, Italy

    Nicola Blefari-Melazzi

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Italia Srl

About this chapter

Cite this chapter

Anisetti, M., Ardagna, C.A., Damiani, E. (2011). Certifying Security and Privacy Properties in the Internet of Services. In: Salgarelli, L., Bianchi, G., Blefari-Melazzi, N. (eds) Trustworthy Internet. Springer, Milano. https://doi.org/10.1007/978-88-470-1818-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-88-470-1818-1_17

  • Published:

  • Publisher Name: Springer, Milano

  • Print ISBN: 978-88-470-1817-4

  • Online ISBN: 978-88-470-1818-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation