A low-cost security certification scheme for evolving services

Anisetti, M.; Ardagna, C.A.; Damiani, E.

doi:10.1109/ICWS.2012.53

Security certification schemes for Service-Oriented Architecture (SOA) extend service specifications with the evidence that a service supports a set of security properties and provides a given level of assurance. However, services are subject to continuous refinements, and uncontrolled changes can easily invalidate existing certification results and require re-certification from scratch, with high costs and overheads on service providers. In this paper, we present an approach to manage the impact of service evolution on security certification. Our approach aims to support the incremental certification of evolving services and re-use, as much as possible, the certification evidence available from older certificates in the release of a new certificate.

A low-cost security certification scheme for evolving services / M. Anisetti, C.A. Ardagna, E. Damiani - In: 2012 IEEE 19th International conference on Web services : ICWS 2012 : 24–29 June 2012, Honolulu, Hawaii, USA : proceedings / [a cura di] C. Goble, P. Chen, J. Zhang. - Los Alamitos : Institute of electrical and electronics engineers, 2012. - ISBN 9781467321310. - pp. 122-129 (( Intervento presentato al 19. convegno IEEE International Conference on Web Services (ICWS) tenutosi a Honolulu, USA nel 2012 [10.1109/ICWS.2012.53].

A low-cost security certification scheme for evolving services

M. Anisetti^Primo;C.A. Ardagna^Secondo;E. Damiani^Ultimo

2012

Abstract

Security certification schemes for Service-Oriented Architecture (SOA) extend service specifications with the evidence that a service supports a set of security properties and provides a given level of assurance. However, services are subject to continuous refinements, and uncontrolled changes can easily invalidate existing certification results and require re-certification from scratch, with high costs and overheads on service providers. In this paper, we present an approach to manage the impact of service evolution on security certification. Our approach aims to support the incremental certification of evolving services and re-use, as much as possible, the certification evidence available from older certificates in the release of a new certificate.

Scheda breve

Scheda completa

Scheda completa (DC)

	Parole chiave
	
				Evolving services ; Model-based testing ; Security certification ; SOA
			
	Settori scientifico-disciplinari del contributo (sola visualizzazione)
	
				Settore INF/01 - Informatica
			
	Titolo del progetto
	
	Titolo Progetto
	
									Advanced Security Service cERTificate for SOA
								
	Acronimo
	
									ASSERT4SOA
								
	Nome finanziatore
	
										EUROPEAN COMMISSION
									
	Finanziamento
	
									FP7
								
	N. Contratto
	
									257351 
								
	Data di pubblicazione
	
				2012
			
	DOI
	
				https://dx.doi.org/10.1109/ICWS.2012.53
			
	Tipologia
	
				Book Part (author)
			
	Appare nelle tipologie:
	
				03 - Contributo in volume

File in questo prodotto:

File	Dimensione	Formato
AAD.ICWS2012.pdf accesso solo dalla rete interna Tipologia: Post-print, accepted manuscript ecc. (versione accettata dall'editore) Dimensione 295.03 kB Formato Adobe PDF Visualizza/Apri Richiedi una copia	295.03 kB	Adobe PDF	Visualizza/Apri Richiedi una copia

Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/203806

Citazioni

ND

24

ND

IRIS Institutional Research Information System - AIR Archivio Istituzionale della Ricerca