Existing certification schemes implement continuous verification techniques aiming to prove non-functional (e.g., security) properties of software systems over time. These schemes provide different re-certification techniques for managing the certificate life cycle, though their strong assumptions make them ineffective against modern service-based distributed systems. Re-certification techniques are in fact built on static system models, which do not properly represent the system evolution, and on static detection of system changes, which results in an inaccurate planning of re-certification activities. In this paper, we propose a continuous certification scheme that departs from a static certificate life cycle management and provides a dynamic approach built on the modeling of the system behavior that reduces the amount of unnecessary re-certification. The quality of the proposed scheme is experimentally evaluated using an ad hoc dataset built on publicly-available datasets.

Continuous Certification of Non-functional Properties Across System Changes / M. Anisetti, C.A. Ardagna, N. Bena (LECTURE NOTES IN COMPUTER SCIENCE). - In: Service-Oriented Computing. Part 1 / [a cura di] F. Monti, S. Rinderle-Ma, A. Ruiz Cortés, Z. Zheng, M. Mecella. - [s.l] : Springer, 2023. - ISBN 978-3-031-48420-9. - pp. 3-18 (( Intervento presentato al 21. convegno International Conference on Service-Oriented Computing tenutosi a Roma nel 2023 [10.1007/978-3-031-48421-6_1].

Continuous Certification of Non-functional Properties Across System Changes

M. Anisetti
Primo
;
C.A. Ardagna
Secondo
;
N. Bena
Ultimo
2023

Abstract

Existing certification schemes implement continuous verification techniques aiming to prove non-functional (e.g., security) properties of software systems over time. These schemes provide different re-certification techniques for managing the certificate life cycle, though their strong assumptions make them ineffective against modern service-based distributed systems. Re-certification techniques are in fact built on static system models, which do not properly represent the system evolution, and on static detection of system changes, which results in an inaccurate planning of re-certification activities. In this paper, we propose a continuous certification scheme that departs from a static certificate life cycle management and provides a dynamic approach built on the modeling of the system behavior that reduces the amount of unnecessary re-certification. The quality of the proposed scheme is experimentally evaluated using an ad hoc dataset built on publicly-available datasets.
Assurance; Continuous Certification; Machine Learning; Security
Settore INF/01 - Informatica
   SEcurity and RIghts in the CyberSpace (SERICS)
   SERICS
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA
   codice identificativo PE00000014

   MUSA - Multilayered Urban Sustainability Actiona
   MUSA
   MINISTERO DELL'UNIVERSITA' E DELLA RICERCA

   Sovereign Edge-Hub: un’architettura cloud-edge per la sovranità digitale nelle scienze della vita (SOV-EDGE-HUB)Linea Strategica 4 - Sicurezza informatica/Cloud
   SOV-EDGE-HUB
   UNIVERSITA' DEGLI STUDI DI MILANO

   One Health Action Hub: task force di Ateneo per la resilienza di ecosistemi territoriali (1H_Hub) Linea Strategica 3, Tema One health, one earth
   1H_Hub
   UNIVERSITA' DEGLI STUDI DI MILANO
2023
Book Part (author)
File in questo prodotto:
File Dimensione Formato  
AAB.ICSOC2023.pdf

accesso riservato

Tipologia: Publisher's version/PDF
Dimensione 508.06 kB
Formato Adobe PDF
508.06 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
AAB.ICSOC2023.pdf

accesso riservato

Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore)
Dimensione 667.45 kB
Formato Adobe PDF
667.45 kB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/1018841
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 0
social impact