Advanced Security Service cERTificate for SOA: Certified Services go Digital

Pazzaglia, J-C.; Lotz, Volkmar; Cerda, V. Campos; Damiani, Ernesto; Ardagna, Claudio Agostino; Gürgens, Sigrid; Maña, Antonio; Pandolfo, Claudia; Spanoudakis, George; Guida, F.; Menicocci, Renato

doi:10.1007/978-3-8348-9788-6_15

Cited by 2 publications

(2 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The key characteristic of this platform, which is being developed in the context of the ASSERT4SOA 1 project, is the use of machinereadable, signed statements, called asserts [21], that certify the security properties owned by a service. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service.…”

Section: Introductionmentioning

confidence: 99%

An architecture for certification-aware service discovery

Bezzi¹,

Sabetta²,

Spanoudakis

2011

2011 1st International Workshop on Securing Services on the Cloud (IWSSC)

View full text Add to dashboard Cite

This is the unspecified version of the paper.This version of the publication may differ from the final published version. Abstract-Service-orientation is an emerging paradigm for building complex systems based on loosely coupled components, deployed and consumed over the network. Despite the original intent of the paradigm, its current instantiations are limited to a single trust domain (e.g., a single organization). Also, some of the key promises of service-orientation -such as the dynamic orchestration of externally provided software services, using runtime service discovery and deployment -are still unachieved. One of the main reasons for this is the trust gap that normally arises when software services, offered by previously unknown providers, are to be selected at run-time, without any human intervention. Permanent repository linkTo close this gap, the concept of machine-readable security certificates (called asserts) has been recently introduced, which paves the way to automated processing about security properties of services. Similarly to current security certification schemes, the assessment of the security properties of a service is delegated to an independent third party (certification authority), who issues a corresponding assert, bound to the service. In this paper, we propose an architecture, which exploits the assert concept to realise a certification-aware service discovery framework. The architecture supports the discovery of single services based on certified security properties (in additional to the usual functional properties), as well as the dynamic synthesis of service compositions, that satisfy the given security properties. The architecture is extensible, thus allowing for a range of domainspecific matchmaking components, to cover dimensions related to, e.g., performance, cost and other non-functional characteristics.

show abstract

Section: Introductionmentioning

confidence: 99%

An architecture for certification-aware service discovery

Bezzi¹,

Sabetta²,

Spanoudakis

2011

2011 1st International Workshop on Securing Services on the Cloud (IWSSC)

View full text Add to dashboard Cite

show abstract

“…Certification has a long history as a mechanism for verifying properties and increasing trust in software systems. While traditional certification techniques apply mostly to monolithic systems, recent research demonstrates the feasibility of security certification for service based systems and processes [11]. Research on service certification has focused on the use of certificates at design time, without addressing the question of how to certify inter-dependent software services running at all layers of the cloud stack.…”

mentioning

confidence: 99%