Fine-grained modeling of web services for test-based security certification

Anisetti, M.; Ardagna, C.A.; Damiani, E.

doi:10.1109/SCC.2011.27

We present a solution for test-based security certification of services that models the service under certification using a Symbolic Transition System (STS). The STS-based model is readily derivable from the Web Service Description Language (WSDL) and Web Service Conversation Language (WSCL) of the service, and can be enriched with details about test-based conditions on inputs and outputs, implementation details, and security specifications. In addition, we show how such fine-grained modeling can be included in a test-based security certification process. Finally, we discuss how this process can be integrated within the Web service life-cycle and used for matching users’ preferences and comparing certificates of different services.

Fine-grained modeling of web services for test-based security certification / M. Anisetti, C.A. Ardagna, E. Damiani - In: 2011 IEEE international conference on services computing : SCC 2011 : 4–9 july 2011, Washington DC, USA : proceedings / [a cura di] H.- A. Jacobsen, Y. Wang, P. Hung. - Los Alamitos : Institute of electrical and electronics engineers, 2011. - ISBN 9781457708633. - pp. 456-463 (( convegno IEEE International Conference on Services Computing (SCC) tenutosi a Washington nel 2011 [10.1109/SCC.2011.27].

Fine-grained modeling of web services for test-based security certification

M. Anisetti^Primo;C.A. Ardagna^Secondo;E. Damiani^Ultimo

2011

Abstract

We present a solution for test-based security certification of services that models the service under certification using a Symbolic Transition System (STS). The STS-based model is readily derivable from the Web Service Description Language (WSDL) and Web Service Conversation Language (WSCL) of the service, and can be enriched with details about test-based conditions on inputs and outputs, implementation details, and security specifications. In addition, we show how such fine-grained modeling can be included in a test-based security certification process. Finally, we discuss how this process can be integrated within the Web service life-cycle and used for matching users’ preferences and comparing certificates of different services.

Scheda breve

Scheda completa

Scheda completa (DC)

	Parole chiave
	
			Web services ; SOA ; Testing ; WSDL ; WSCL
		
	Settori scientifico-disciplinari del contributo
	
			Settore INF/01 - Informatica
		
	Titolo del progetto
	
	Titolo Progetto
	
									Advanced Security Service cERTificate for SOA
								
	Acronimo
	
									ASSERT4SOA
								
	Nome finanziatore
	
										EUROPEAN COMMISSION
									
	Finanziamento
	
									FP7
								
	N. Contratto
	
									257351 
								
	Data di pubblicazione
	
			2011
		
	DOI
	
			https://dx.doi.org/10.1109/SCC.2011.27
		
	Tipologia
	
			Book Part (author)
		
	Appare nelle tipologie:
	
			03 - Contributo in volume

File in questo prodotto:

Non ci sono file associati a questo prodotto.

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/161209

Citazioni

ND

19

ND

IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca