Web Service Assurance: The Notion and the Issues
Abstract
:1. Introduction
2. Expressing Service Security Requirements
3. Security Certification of Services
3.1. Model-Based Testing
- initial state, no inputs have been received;
- intermediate state, the inputs have been received but the outputs have not been produced yet;
- final state, the outputs have been generated and returned to the counterpart.
3.2. Security Assurance Certificates
- Self-certificate (SC):
- SCs are characterized by a four-way interaction between service provider () and consumer (C). First of all, C sends a request to specifying the list of security properties to be certified on the service. already mapped to each service consistent test suites, including functional and QoS-based test cases; those tests are then used to build the reply, sending to C the test cases related to the specified set of properties. If the reply is satisfactory, C can directly execute the test cases on the service and analyze the results. It is important to note that this mechanism does not require a trust relationship between C and ; however, it reduces the number of actors involved in the certification process and, therefore, the certification time.
- Lightweight Certificate (LC):
- This type of certificate introduces a new actor in the certification process, namely a Third-Party Certifier (). In this case, all tests are executed by the . A consumer C can send a request to specifying the requested security properties, and a list of candidate providers. Then, can contact each specific provider, supply the test cases, and apply them to services. can also play the role of certificate repository, storing available certificates for future usage.
- Collaborative Certificate (CCert):
- Certificates are generated and stored independently from C requests. An extension of the UDDI protocol could support CCert, as well as the storing and managing of test suites. Test suites are signed by during the service registration phase; then can access them periodically to verify the test results, to generate missing certifications, and to invoke one or more tests as needed to reconfirm or strengthen service quality.
4. Selection of Services
4.1. An Example of Service Discovery and Dynamic Certification
4.2. Adaptable WSD Security Certification
- Abstract Security Property (ASP): An abstract security property represents a generic security requirement for the service, such as, confidentiality, integrity, and authentication. It can also be referred as a concrete security property with no class attributes.
- Concrete Security Property (CSP): An ASP enhanced with class attributes. Given two instances of CSP, and , based on the same abstract property , is a specialization of , if a certificate proving always proves . For instance, given the abstract property integrity, and two concrete properties = (integrity,{, }) and = (integrity,{, }), a certificate proving always proves . The relation between and is called intra-property relation, because it involves properties with the same ASP and only considers the class attributes.
- Semantic Security Property (SSP): An SSP is a concrete security property. The only difference between CSPs and SSPs is that the latter refers to order and equivalence relations, called inter-property relation, involving different abstract properties. Inter-property relations are defined based on expert knowledge. As an example, given the two properties = (,{}) and = (,{}), implies meaning that each certificate for property also applies to property . ASP, CSP, and SSP form a hierarchy of security properties.
- Domain Security Property (DSP): A domain-aware security property specification. Since a hierarchy characterization of a security property could be different in different domains (both intra- and inter-property relations), a DSP enables an accurate evaluation of the security properties relevant for a given domain. This alleviates the problem of having a complex hierarchy of security properties that is suitable for all domains. Fragments of the hierarchies for Domain X and Y are depicted in Figure 2 and Figure 3, respectively.
- TestProperty: Information about the certified security properties. Each property includes the PropertyName and a set of ClassAttribute fields.
- ServiceModel: A reference (i.e., URI), named (ModelLink), to the location where the model of the service is stored, and the type of the service model (i.e., WSDL-based, WSCL-based, implementation-based) is declared in the Type element.
- TestEvidence: All artifacts related to the test cases executed on the service for its certification. It includes test class (TestClass), type (TestType), attributes (TestAttribute), specifications (TestSpecification), and the result of test case execution (TestResult). TestSpecification is the specification about the real test case that is declared through test id, description, and a link to the test model that is used to generate the test case. TestResult is a set of pairs holding a reference to the test case and a pass-fail result.
- TestMetrics: A set of metrics representing the quality of the test cases executed on the service. These measurements are used in WSD matching to compare the services by representing the result of different tests on various services.
4.3. A Conceptual Architecture for an Adaptable Assurance-Based WSD
- Service Consumer:
- The party requesting access to, or integrating a remote service, according to users’ preferences.
- Service Provider:
- The party providing remote Web services that are accessed by service consumers.
- Dynamic Repository:
- The component storing the Web services together with the security certificates awarded to them. Here, the certified services are registered and published, and periodically re-certified to assess their security properties.
- Consumer Security Management:
- The component dealing with the consumer’s security requirements and preferences. It allows service consumers to define their preferences in terms of certified properties, evidence, and tests.
- Adaptable Security Management:
- The component enabling automated run-time service certification, beyond the security implementation and pre-deployment certification of the Web service. It monitors the properties that could hold at run-time and identifies new and old security properties that need (re-)certification. The module continuously evaluates the propriety of the security properties claimed by the service.
- Security Evaluation:
- An accredited process that executes test cases for service evaluation. It generates new test cases, if needed, according to the security requirements given by the “Adaptable Security Management” component and the service security specification. If the required test evidence is not available in the service certificate, a new set of test cases is generated and executed on the service (run-time evaluation). As a result, new evidence is generated and used in the assurance process.
- Certificate Authorization:
- Services are certified using the evidence provided by the Security Evaluation phase. It generates an evidence-based certificate guaranteeing that a set of test cases is executed on the service, or on an entire business process in a service container.
- Dynamic Discovery:
- The conformance of the selected services with the consumer’s security preferences is evaluated by means of a matching process. The latter measures the degree of compliance between users’ preferences and service certificates.
5. Related Work
6. Conclusions
Acknowledgments
References
- Galbraith, B.; Hankinson, W.; Hiotis, A.; Janakiraman, M.; Prasad, D.V.; Trivedi, R.; Whitney, D. Professional Web Services Security; Wrox Press Ltd.: Birmingham, UK, 2002. [Google Scholar]
- Software Engineering Institute. Securing Web Services for Army SOA. Available online: http://www.sei.cmu.edu/solutions/softwaredev/securing-web-services.cfm (accessed on 6 February 2012).
- Damiani, E.; Maña, A. Toward WS-Certificate. In Proceedings of the ACM Workshop on Secure Web Services, Chicago, IL, USA, 13 November 2009; pp. 1–2. [Google Scholar]
- Han, J.; Kowalczyk, R.; Khan, K. Security-oriented service composition and evolution. In Proceedings of the 13th Asia Pacific Software Engineering Conference, Bangalore, India, 6–8 December 2006; pp. 71–78. [Google Scholar]
- Kim, A.; Luo, J.; Kang, M. Security ontology for annotating resources. In On the Move to Meaningful Internet Systems 2005: CoopIS, DOA, and ODBASE; Springer: Berlin, Germany, 2005; Volume 3761, pp. 1483–1499. [Google Scholar]
- Nadalin, A.; Kaler, C.; Monzillo, R.; Hallam-Baker, P. Web Services Security: SOAP Message Security 1.1. Available online: http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf (accessed on 6 February 2012).
- Nadalin, A.; Goodner, M.; Gudgin, M.; Barbir, A.; Granqvist, H. WS-SecureConversation 1.3. Available online: http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.3/ws-secureconversation.html (accessed on 6 February 2012).
- Vedamuthu, A.; Orchard, D.; Hirsch, F.; Hondo, M.; Yendluri, P.; Boubez, T.; Yalcinalp, U. Web Services Policy 1.5 - Framework. Available online: http://www.w3.org/TR/ws-policy/ (accessed on 6 February 2012).
- Anisetti, M.; Ardagna, C.; Damiani, E. Fine-grained modeling of web services for test-based security certification. In Proceedings of the 8th IEEE International Conference on Services Computing, Washington, DC, USA, 5–10 July 2011; pp. 456–463. [Google Scholar]
- Frantzen, L.; Tretmans, J.; d. Vries, R. Towards model-based testing of web services. In Proceedings of the International Workshop on Web Services—Modeling and Testing, Palermo, Italy, 6 June 2006; pp. 67–82. [Google Scholar]
- Keum, C.; Kang, S.; Ko, I.Y.; Baik, J.; Choi, Y.I. Generating test cases for web services using extended finite dtate machine. In Testing of Communicating Systems; Springer: Berlin, Germany, 2006; Volume 3964, pp. 103–117. [Google Scholar]
- Frantzen, L.; Tretmans, J.; Willemse, T. Test generation based on symbolic specifications. In Proceedings of the 4th International Workshop on Formal Approaches to Software Testing; Springer-Verlag: Linz, Austria, 2004; Volume 3395, pp. 1–15. [Google Scholar]
- Pahlevan, A.; Müller, H.A.; Cheng, M. A dynamic framework for quality web service discovery. In Proceedings of the 4th International Workshop on a Research Agenda for Maintenance and Evolution of Service-Oriented Systems; Carnegie Mellon University: Pittsburgh, PA, USA, 2010; pp. 73–89. [Google Scholar]
- Damiani, E.; El Ioini, N.; Sillitti, A.; Succi, G. WS-Certificate. In Proceedings of the IEEE Congress on Services, Part I, Los Angeles, CA, USA, 6–10 July 2009; pp. 637–644. [Google Scholar]
- Damiani, E.; Ardagna, C.; Ioini, N.E. Open Source Systems Security Certification; Springer: New York, NY, USA, 2009. [Google Scholar]
- Herrmann, D. Using the common criteria for IT security evaluation; Boca Raton, FL, USA, 2002. [Google Scholar]
- US Department of Defence. Department of Defense Trusted Computer System Evaluation Criteria. Available online: http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt (accessed on 6 February 2012).
- Canfora, G.; Penta, M.D. Testing services and service-centric systems: Challenges and opportunities. IT Prof. 2006, 8, 10–17. [Google Scholar] [CrossRef]
- Bloomberg, J. The Rational Edge Ezine for the Rational Community: Testing web services today and tomorrow. Available online: http://www.p2080.co.il/go/p2080h/files/4989377677.pdf (accessed on 6 February 2012).
- Hanna, S.; Munro, M. An approach for specification-based test case generation for web services. In Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications; IEEE CS: Amman, Jordan, 2007; pp. 16–23. [Google Scholar]
- Jokhio, M.; Dobbie, G.; Sun, J. Towards specification based testing for semantic web services. In Proceedings of the 20th Australian Software Engineering Conference; IEEE CS: Gold Coast, Australia, 2009; pp. 54–63. [Google Scholar]
- Mao, C. Towards a hierarchical testing and evaluation strategy for web services system. In Proceedings of the 7th ACIS International Conference on Software Engineering Research, Management and Applications; IEEE CS: Haikou, China, 2009; pp. 245–252. [Google Scholar]
- Noikajana, S.; Suwannasart, T. Web service test case generation based on decision table. In Proceedings of International Conference on Quality Software; IEEE CS: Oxford, UK, 2009; pp. 321–326. [Google Scholar]
- Bai, X.; Dong, W.; Tsai, W.T.; Chen, Y. WSDL-based automatic test case generation for web services testing. In Proceedings of the IEEE International Conference on Service-Oriented System Engineering; IEEE CS: Beijing, China, 2005; pp. 207–212. [Google Scholar]
- Dong, W.L.; Yu, H. Web service testing method based on fault-coverage. In Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference Workshops; IEEE CS: Hong Kong, China, 2006; pp. 43–50. [Google Scholar]
- Grefen, P.; Aberer, K.; Hoffner, Y.; Ludwig, H. CrossFlow: Cross-organizational workflow management in dynamic virtual enterprises. Int. J. Comput. Syst. Sci. Eng. 2000, 15, 277–290. [Google Scholar]
- Alves, A.; Arkin, A.; Askary, S.; Barreto, C.; Bloch, B.; Curbera, F.; Ford, M.; Goland, Y.; Guizar, A.; Kartha, N.; et al. Web services business process execution language version 2.0. Available online: http://docs.oasis-open.org/wsbpel/2.0/wsbpel-v2.0.pdf (accessed on 6 February 2012).
- Skogan, D.; Gronmo, R.; Solheim, I. Web service composition in UML. In Proceedings of the IEEE International Enterprise Distributed Object Computing Conference; IEEE CS: Monterey, CA, USA, 2004; pp. 47–57. [Google Scholar]
- Kramler, G.; Kapsammer, E.; Kappel, G.; Retschitzegger, W. Towards using UML2 for modeling web service collaboration protocols. In Interoperability of Enterprise Software and Applications; Springer: London, UK, 2005; pp. 227–238. [Google Scholar]
- Rumbaugh, J.; Jacobson, I.; Booch, G. The Unified Modeling Language Reference Manual; Addison-Wesley Professional: Indianapolis, IN, USA, 2004. [Google Scholar]
- Jürjens, J. UMLsec: Extending UML for secure systems development. In Proceedings of the 5th International Conference on The Unified Modeling Language; Springer Verlag: Dresden, Germany, 2002; pp. 412–425. [Google Scholar]
- Lodderstedt, T.; Basin, D.; Doser, J. SecureUML: A UML-based modeling language for model-driven security. In Proceedings of the 5th International Conference on The Unified Modeling Language; Springer Verlag: Dresden, Germany, 2002; pp. 426–441. [Google Scholar]
- Automated Validation of Internet Security Protocols and Applications (AVISPA). Available online: http://www.avispa-project.org/ (accessed on 6 February 2012).
- Chevalier, Y.; Compagna, L.; Cuellar, J.; Drieslma, P.H.; Mantovani, J.; Mdersheim, S.; Vigneron, L. A high level protocol specification language for industrial security-sensitive protocols. In Proceedings of Workshop on Specification and Automated Processing of Security Requirements; Austrian Computer Society: Linz, Austria, 2004; pp. 193–205. [Google Scholar]
- Automated Validation of Trust and Security of Service-oriented Architectures (AVANTSSAR). Available online: http://www.avantssar.eu/ (accessed on 6 February 2012).
- Armando, A.; Compagna, L. SATMC: A SAT-based Model Checker for Security Protocols. In Proceedings of the 9th European Conference on Logics in Artificial Intelligence; Springer: London, UK, 2004; Volume 3229, pp. 730–733. [Google Scholar]
- Compagna, L. SAT-based model-checking of security protocols. Ph.D. Thesis, Università degli Studi di Genova, Genova, Itay, the University of Edinburgh, Edinburgh, UK, September 2005. [Google Scholar]
- Armando, A.; Carbone, R.; Compagna, L.; Cuellar, J.; Tobarra, L. Formal analysis of SAML 2.0 web browser single sign-on: Breaking the SAML-based single sign-on for Google apps. In Proceedings of the 6th ACM workshop on Formal methods in security engineering; ACM: Alexandria, VA, USA, 2008; pp. 1–10. [Google Scholar]
- Secure Provision and Consumption in the Internet of Services (SPaCIoS). Available online: http://www.spacios.eu/ (accessed on 6 February 2012).
- Ensuring Trustworthiness and Security in Service Composition (ANIKETOS). Available online: http://aniketos.eu/ (accessed on 6 February 2012).
- Advanced Security Service cERTificate for SOA (ASSERT4SOA). Available online: http://www.assert4soa.eu/ (accessed on 6 February 2012).
- Gürgens, S.; Ochsenschläger, P.; Rudolph, C. Role based specification and security analysis of cryptographic protocols using asynchronous product automata. In Proceedings of IEEE International Workshop on Trust and Privacy in Digital Business; IEEE CS: Aix-en-Provence, France, 2002; pp. 473–482. [Google Scholar]
- Gürgens, S.; Rudolph, C. Security Analysis of (Un-)Fair Non-repudiation Protocols. Lect. Notes Comput. Sci. 2003, 2629/2003, 229–232. [Google Scholar]
- Gürgens, S.; Rudolph, C.; Scheuermann, D.; Atts, M.; Plaga, R. Security Evaluation of Scenarios based on the TCG’s TPM Specification. Lect. Notes Comput. Sci. 2007, 4734/2007, 438–453. [Google Scholar]
- Fraunhofer Institute for Secure Information Technology SIT, D. Simple Homomorphism Verification Tool—Manual. Available online: http://publica.fraunhofer.de/starweb/servlet.starweb?path=pub0.web&search=N-47349 (accessed on 6 February 2012).
- Tsai, W.; Paul, R.; Cao, Z.; Yu, L.; Saimi, A.; Xiao, B. Verification of Web services using an enhanced UDDI server. In 8th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2003); IEEE CS: Guadalajara, Mexico, 2003; pp. 131–138. [Google Scholar]
- Ran, S. A model for web services discovery with QoS. ACM SIGecom Exch. 2003, 4, 1–10. [Google Scholar] [CrossRef]
- Serhani, M.; Dssouli, R.; Hafid, A.; Sahraoui, H. A QoS broker based architecture for efficient Web services selection. In Proceedings of the IEEE International Conference on Web Services; IEEE CS: Orlando, FL, USA, 2005; pp. 113–120. [Google Scholar]
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2012 by the authors; licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0/.)
Share and Cite
Anisetti, M.; Ardagna, C.A.; Damiani, E.; Frati, F.; Müller, H.A.; Pahlevan, A. Web Service Assurance: The Notion and the Issues. Future Internet 2012, 4, 92-109. https://doi.org/10.3390/fi4010092
Anisetti M, Ardagna CA, Damiani E, Frati F, Müller HA, Pahlevan A. Web Service Assurance: The Notion and the Issues. Future Internet. 2012; 4(1):92-109. https://doi.org/10.3390/fi4010092
Chicago/Turabian StyleAnisetti, Marco, Claudio A. Ardagna, Ernesto Damiani, Fulvio Frati, Hausi A. Müller, and Atousa Pahlevan. 2012. "Web Service Assurance: The Notion and the Issues" Future Internet 4, no. 1: 92-109. https://doi.org/10.3390/fi4010092
APA StyleAnisetti, M., Ardagna, C. A., Damiani, E., Frati, F., Müller, H. A., & Pahlevan, A. (2012). Web Service Assurance: The Notion and the Issues. Future Internet, 4(1), 92-109. https://doi.org/10.3390/fi4010092