Security certification schemes for Service-Oriented Architecture (SOA) extend service specifications with the evidence that a service supports a set of security properties and provides a given level of assurance. However, services are subject to continuous refinements, and uncontrolled changes can easily invalidate existing certification results and require re-certification from scratch, with high costs and overheads on service providers. In this paper, we present an approach to manage the impact of service evolution on security certification. Our approach aims to support the incremental certification of evolving services and re-use, as much as possible, the certification evidence available from older certificates in the release of a new certificate.
A low-cost security certification scheme for evolving services / M. Anisetti, C.A. Ardagna, E. Damiani - In: 2012 IEEE 19th International conference on Web services : ICWS 2012 : 24–29 June 2012, Honolulu, Hawaii, USA : proceedings / [a cura di] C. Goble, P. Chen, J. Zhang. - Los Alamitos : Institute of electrical and electronics engineers, 2012. - ISBN 9781467321310. - pp. 122-129 (( Intervento presentato al 19. convegno IEEE International Conference on Web Services (ICWS) tenutosi a Honolulu, USA nel 2012.
Titolo: | A low-cost security certification scheme for evolving services |
Autori: | ANISETTI, MARCO (Primo) ARDAGNA, CLAUDIO AGOSTINO (Secondo) DAMIANI, ERNESTO (Ultimo) |
Autori: | M. Anisetti, C.A. Ardagna, E. Damiani |
Numero degli autori: | 3 |
Lingua: | English |
Parole Chiave: | Evolving services ; Model-based testing ; Security certification ; SOA |
Settore Scientifico Disciplinare: | Settore INF/01 - Informatica |
Tipo: | Intervento a convegno |
Progetto: | Advanced Security Service cERTificate for SOA |
Titolo del libro: | 2012 IEEE 19th International conference on Web services : ICWS 2012 : 24–29 June 2012, Honolulu, Hawaii, USA : proceedings |
Tutti i curatori: | C. Goble, P. Chen, J. Zhang |
Luogo di pubblicazione: | Los Alamitos |
Editore: | Institute of electrical and electronics engineers |
Data di pubblicazione: | 2012 |
Pagina iniziale: | 122 |
Pagina finale: | 129 |
ISBN: | 9781467321310 |
Rilevanza: | Volume a diffusione internazionale |
Nome del convegno: | IEEE International Conference on Web Services (ICWS) |
Luogo del convegno: | Honolulu, USA |
Anno del convegno: | 2012 |
Numero del convegno: | 19 |
Tipo di convegno: | Convegno internazionale |
Sezione: | Intervento inviato |
Digital Object Identifier (DOI): | http://dx.doi.org/10.1109/ICWS.2012.53 |
Tipologia: | Book Part (author) |
Full-text (pubblici): | restricted |
Tipologia MIUR: | 273 |
Citazione: | A low-cost security certification scheme for evolving services / M. Anisetti, C.A. Ardagna, E. Damiani - In: 2012 IEEE 19th International conference on Web services : ICWS 2012 : 24–29 June 2012, Honolulu, Hawaii, USA : proceedings / [a cura di] C. Goble, P. Chen, J. Zhang. - Los Alamitos : Institute of electrical and electronics engineers, 2012. - ISBN 9781467321310. - pp. 122-129 (( Intervento presentato al 19. convegno IEEE International Conference on Web Services (ICWS) tenutosi a Honolulu, USA nel 2012. |
Codice identificativo Scopus: | 2-s2.0-84866356137 |
Abstract: | Security certification schemes for Service-Oriented Architecture (SOA) extend service specifications with the evidence that a service supports a set of security properties and provides a given level of assurance. However, services are subject to continuous refinements, and uncontrolled changes can easily invalidate existing certification results and require re-certification from scratch, with high costs and overheads on service providers. In this paper, we present an approach to manage the impact of service evolution on security certification. Our approach aims to support the incremental certification of evolving services and re-use, as much as possible, the certification evidence available from older certificates in the release of a new certificate. |
Appare nelle tipologie: | 03 - Contributo in volume |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
AAD.ICWS2012.pdf | Post-print, accepted manuscript ecc. (versione accettata dall'editore) | UNIVERSITY_NETWORK Richiedi una copia |