research-article

Test-Based Security Certification of Composite Services

Authors:

Marco Anisetti,

Claudio Ardagna,

Ernesto Damiani,

Gianluca PolegriAuthors Info & Claims

ACM Transactions on the Web (TWEB), Volume 13, Issue 1

Article No.: 3, Pages 1 - 43

https://doi.org/10.1145/3267468

Published: 04 December 2018 Publication History

Abstract

The diffusion of service-based and cloud-based systems has created a scenario where software is often made available as services, offered as commodities over corporate networks or the global net. This scenario supports the definition of business processes as composite services, which are implemented via either static or runtime composition of offerings provided by different suppliers. Fast and accurate evaluation of services’ security properties becomes then a fundamental requirement and is nowadays part of the software development process. In this article, we show how the verification of security properties of composite services can be handled by test-based security certification and built to be effective and efficient in dynamic composition scenarios. Our approach builds on existing security certification schemes for monolithic services and extends them towards service compositions. It virtually certifies composite services, starting from certificates awarded to the component services. We describe three heuristic algorithms for generating runtime test-based evidence of the composite service holding the properties. These algorithms are compared with the corresponding exhaustive algorithm to evaluate their quality and performance. We also evaluate the proposed approach in a real-world industrial scenario, which considers ENGpay online payment system of Engineering Ingegneria Informatica S.p.A. The proposed industrial evaluation presents the utility and generality of the proposed approach by showing how certification results can be used as a basis to establish compliance to Payment Card Industry Data Security Standard.

References

[1]

R. Accorsi, L. Lowis, and Y. Sato. 2011. Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3, 3 (2011), 145--154.

[2]

R. Aggarwal, K. Verma, J. Miller, and W. Milnor. 2004. Constraint driven web service composition in METEOR-S. In Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04). Shangai, China.

Digital Library

[3]

M. Alrifai, T. Risse, and W. Nejdl. 2012. A hybrid approach for efficient web service composition with end-to-end QoS constraints. ACM Trans. Web 6, 2 (Jun. 2012), 1--31.

Digital Library

[4]

A. Alves et al. 2007. Web Services Business Process Execution Language Version 2.0. OASIS. Retrieved from http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.

[5]

J. H. Andrews, L. C. Briand, Y. Labiche, and A. S. Namin. 2006. Using mutation analysis for assessing and comparing testing coverage criteria. IEEE Trans. Softw. Eng. 32, 8 (Aug. 2006), 608--624.

Digital Library

[6]

M. Anisetti, C. A. Ardagna, and E. Damiani. 2011. Fine-grained modeling of web services for test-based security certification. In Proceedings of the IEEE International Conference on Services Computing (SCC’11).

Digital Library

[7]

M. Anisetti, C. A. Ardagna, and E. Damiani. 2013. Security certification of composite services: A test-based approach. In Proceedings of the 20th IEEE International Conference on Web Services (ICWS’13).

Digital Library

[8]

M. Anisetti, C. A. Ardagna, and E. Damiani. 2015. A test-based incremental security certification scheme for cloud-based systems. In Proceedings of the 12th IEEE International Conference on Services Computing (SCC’15).

Digital Library

[9]

M. Anisetti, C. Ardagna, E. Damiani, and F. Gaudenzi. 2016. A certification framework for cloud-based services. In Proceedings of the ACM Symposium on Applied Computing (SAC’16).

Digital Library

[10]

M. Anisetti, C. A. Ardagna, E. Damiani, and F. Gaudenzi. 2017. A semi-automatic and trustworthy scheme for continuous cloud service certification. IEEE Trans. Serv. Comput. (2017).

[11]

M. Anisetti, C. A. Ardagna, E. Damiani, N. El Ioini, and F. Gaudenzi. 2018. Modeling time, probability, and configuration constraints for continuous cloud service certification. Comput. Secur. 72, Supplement C (2018), 234--254.

Digital Library

[12]

M. Anisetti, C. A. Ardagna, E. Damiani, and J. Maggesi. 2012. Security certification-aware service discovery and selection. In Proceedings of 5th IEEE International Conference on Service-Oriented Computing and Applications (SOCA’12).

Digital Library

[13]

M. Anisetti, C. A. Ardagna, E. Damiani, and F. Saonara. 2013. A test-based security certification scheme for web services. ACM Trans. Web 7, 2 (May 2013), 1--41.

Digital Library

[14]

A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuéllar, P. Drielsma, P. Héam, O. Kouchnarenko, and et al. J. Mantovani. 2005. The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV’05).

Digital Library

[15]

A. R. R. Souza et al. 2009. Incorporating security requirements into service composition: From modelling to execution. In Proceedings of the 7th International Joint Conference on Service Oriented Computing (ICSOC-ServiceWave’09). Stockholm, Sweden.

Digital Library

[16]

AVANTSSAR project. 2018. The AVANTSSAR Project IST-2001-39252. Retrieved from http://www.avantssar.eu/.

[17]

Y. Bai, Y. Zhang, Y. Zhou, and L. T. Yang. 2011. A non-functional property based service selection and service verification model. In Proceedings of the 8th International Conference on Ubiquitous Intelligence and Computing (UIC’11).

Digital Library

[18]

M. Bennara, M. Mrissa, and Y. Amghar. 2014. An approach for composing RESTful linked services on the web. In Proceedings of the 23rd International Conference on World Wide Web (WWW’14).

Digital Library

[19]

L. Bentakouk, P. Poizat, and F. Zaïdi. 2009. A formal framework for service orchestration testing based on symbolic transition systems. In Proceedings of the 21th IFIP Internation Conference on Testing of Communicating Systems (TESTCOM 2009) and the 9th International Workshop on Formal Approaches to Testing of Software (FATES’09).

Digital Library

[20]

R. Berbner, M. Spahn, N. Repp, O. Heckmann, and R. Steinmetz. 2006. Heuristics for QoS-aware web service composition. In Proceedings of the IEEE International Conference on Web Services (ICWS’06).

Digital Library

[21]

B. Bernhard. 2003. Web services container. Retrieved from http://www.google.com/patents/US20030033369 US Patent App. 10/215,722.

[22]

B. Bertholon, S. Varrette, and P. Bouvry. 2011. Certicloud: A novel TPM-based approach to ensure cloud IaaS security. In Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD’11).

Digital Library

[23]

M. Burrows, M. Abadi, and R. Needham. 1990. A logic of authentication. ACM Trans. Comput. Syst. 8, 1 (Feb. 1990), 18--36.

Digital Library

[24]

A. Cavalli, T.-D. Cao, W. Mallouli, E. Martins, A. Sadovykh, S. Salva, and F. Zaïdi. 2010. WebMov: A dedicated framework for the modelling and testing of web services composition. In Proceedings of the 8th IEEE International Conference on Web Services (ICWS’10).

Digital Library

[25]

Y. Chen, J. Huang, C. Lin, and J. Hu. 2015. A partial selection methodology for efficient qos-aware service composition. IEEE Trans. Serv. Comput. 8, 3 (2015), 384--397.

[26]

T. S. Chow. 1978. Testing software design modeled by finite-state machines. IEEE Trans. Softw. Eng. 4, 3 (May 1978), 178--187.

Digital Library

[27]

L. Chung and J. C. P. Leite. 2009. Conceptual modeling: Foundations and applications. In On Non-Functional Requirements in Software Engineering, A. T. Borgida, V. K. Chaudhri, P. Giorgini, and E. S. Yu (Eds.). Springer-Verlag, Berlin, 363--379.

Digital Library

[28]

L. Chung, B. A. Nixon, E. Yu, and J. Mylopoulos. 2000. Non-Functional Requirements in Software Engineering, Vol. 5. Springer, Heidelberg.

[29]

M. R. Clarkson and F. B. Schneider. 2010. Hyperproperties. J. Comput. Secur. 18, 6 (2010), 1157--1210.

[30]

E. Damiani, C. A. Ardagna, and N. El Ioini. 2009. Open Source Systems Security Certification. Springer, New York, NY.

Digital Library

[31]

A. Dan, D. Davis, R. Kearney, A. Keller, R. King, D. Kuebler, H. Ludwig, M. Polan, M. Spreitzer, and A. Youssef. 2004. Web services on demand: WSLA-driven automated management. IBM Syst. J. 43, 1 (Jan. 2004), 136--158.

Digital Library

[32]

A. V. Dastjerdi and R. Buyya. 2014. Compatibility-aware cloud service composition under fuzzy preferences of users. IEEE Trans. Cloud Comput. 2, 1 (Jan. 2014), 1--13.

[33]

A. Datta, J. Franklin, D. Garg, L. Jia, and D. Kaynar. 2011. On adversary models and compositional security. IEEE Secur. Priv. 9, 3 (2011), 26--32.

Digital Library

[34]

S. Deng, H. Wu, D. Hu, and J. L. Zhao. 2016. Service selection for composition with QoS correlations. IEEE Trans. Serv. Comput. 9, 2 (2016), 291--303.

Digital Library

[35]

S. Dustdar and P. Fenkam. 2004. Formally designing web services for mobile team collaboration. In Proceedings of the 30th Euromicro Conference 2004. Rennes, France.

Digital Library

[36]

M. Egea, K. Mahbub, G. Spanoudakis, and M. R. Vieira. 2015. A certification framework for cloud security properties: The monitoring path. In Accountability and Security in the Cloud, M. Felici and C. Fernandez-Gago (Eds.). Springer, 63--77.

[37]

R. Focardi and R. Gorrieri. 2004. Classification of security properties (part II: Network security). In Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri (Eds.). Springer, Berlin.

[38]

L. Frantzen, J. Tretmans, and T. A. C. Willemse. 2006. A symbolic framework for model-based testing. In Proceedings of the 6th International Workshop on Formal Approaches to Testing and Runtime Verification (FATES/RV’06).

Digital Library

[39]

A. Fuchs and S. Gürgens. 2013. Preserving confidentiality in component compositions. In Proceedings of the International Conference on Software Composition (SC’13).

[40]

H. Gao and Y. Li. 2011. Generating quantitative test cases for probabilistic timed web service composition. In Proceedings of the IEEE Asia-Pacific Services Computing Conference (APSCC’11).

[41]

D. Garg, J. Franklin, D. Kaynar, and A. Datta. 2010. Compositional system security with interface-confined adversaries. Electr. Not. Theor. Comput. Sci. 265 (Sep. 2010), 49--71.

Digital Library

[42]

C. S. Gordon, M. D. Ernst, D. Grossman, and M. J. Parkinson. 2017. Verifying invariants of lock-free data structures with rely-guarantee and refinement types. ACM Trans. Program. Lang. Syst. 39, 3, Article 11 (May 2017), 54 pages.

Digital Library

[43]

B. Grobauer, T. Walloschek, and E. Stocker. 2011. Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9, 2 (Mar.-Apr. 2011), 50--57.

Digital Library

[44]

Z. Haibo and D. Prashant. 2009. Towards automated RESTful web service composition. In Proceedings of the IEEE International Conference on Web Services (ICWS’09).

Digital Library

[45]

I. J. Hayes, C. B. Jones, and R. J. Colvin. 2013. Reasoning About Concurrent Programs: Refining Rely-guarantee Thinking. Computing Science, Newcastle University.

[46]

D. S. Herrmann. 2002. Using the Common Criteria for IT Security Evaluation. Auerbach Publications.

Digital Library

[47]

W. Hummer, P. Leitner, A. Michlmayr, F. Rosenberg, and S. Dustdar. 2011. VRESCo--Vienna runtime environment for service-oriented computing. In Service Engineering, S. Dustdar and F. Li (Eds.). Springer, 299--324.

[48]

S.-Y. Hwang, E.-P. Lim, C.-H. Lee, and C.-H. Chen. 2008. Dynamic web service selection for reliable web service composition. IEEE Trans. Serv. Comput. 1, 2 (Apr. 2008), 104--116.

Digital Library

[49]

C. Irvine and T. Levin. 1999. Toward a taxonomy and costing method for security services. In Proceedings of the 15th Annual Conference on Computer Security Applications (ACSAC’99).

Digital Library

[50]

F. Kerschbaum and P. Robinson. 2009. Security architecture for virtual organizations of business web services. J. Syst. Arch. 55, 4 (Apr. 2009), 224--232.

Digital Library

[51]

K. M. Khan, A. Erradi, S. Alhazbi, and J. Han. 2012. Security oriented service composition: A framework. In Proceedings of the 8th International Conference on Innovations in Information Technology (IIT’12).

[52]

K. M. Khan and Q. Malluhi. 2010. Establishing trust in cloud computing. IT Profess. 12, 5 (Sep.-Oct. 2010), 20--27.

Digital Library

[53]

J. M. Ko, C. O. Kim, and I.-H. Kwon. 2008. Quality-of-service oriented web service composition algorithm and planning architecture. J. Syst. Softw. 81, 11 (Nov. 2008), 2079--2090.

Digital Library

[54]

D. Kourtesis, E. Ramollari, D. Dranidis, and I. Paraskakis. 2010. Increased reliability in SOA environments through registry-based conformance testing of Web services. Product. Plan. Contr. 21, 2 (Jun. 2010), 130--144.

[55]

M. Krotsiani, G. Spanoudakis, and C. Kloukinas. 2015. Monitoring-based certification of cloud service security. In Proceedings of the International Symposium on Secure Virtual Infrastructures, Cloud and Trusted Computing 2016 (C8TC’15).

[56]

M. Lallali, F. Zaidi, A. Cavalli, and I. Hwang. 2008. Automatic timed test case generation for web services composition. In Proceedings of the 6th IEEE European Conference on Web Services (ECOWS’08).

Digital Library

[57]

A. Landro. 2013. The Benefits of Cloud-based BPM. Retrieved from http://tinyurl.com/hk9jy9g.

[58]

A.L. Lemos, F. Daniel, and B. Benatallah. 2016. Web service composition: A survey of techniques and tools. Comput. Surv. 48, 3 (Feb. 2016), 33:1--33:41.

Digital Library

[59]

B. Li, D. Qiu, H. Leung, and D. Wang. 2012. Automatic test case selection for regression testing of composite service based on extensible BPEL flow graph. J. Syst. Softw. 85, 6 (Jun. 2012), 1300--1324.

Digital Library

[60]

H. Liang, X. Feng, and M. Fu. 2014. Rely-guarantee-based simulation for compositional verification of concurrent program transformations. ACM Trans. Program. Lang. Syst. 36, 1, Article 3 (Mar. 2014), 3:1--3:55 pages.

Digital Library

[61]

Sebastian Lins, Pascal Grochol, Stephan Schneider, and Ali Sunyaev. 2016. Dynamic certification of cloud services: Trust, but verify&excl; IEEE Secur. Priv. 14, 2 (2016), 66--71.

Digital Library

[62]

S. Lins, S. Schneider, and A. Sunyaev. 2016. Trust is good, control is better: Creating secure clouds by continuous auditing. IEEE Trans. Cloud Comput. 6, 3 (2018), 890--903.

[63]

Yutu Liu, Anne H. Ngu, and Liang Z. Zeng. 2004. QoS computation and policing in dynamic web service selection. In Proceedings of the 13th International World Wide Web Conference on Alternate Track Papers 8 Posters (WWW Alt.’04).

Digital Library

[64]

W. Lu, X. Hu, S. Wang, and X. Li. 2014. A multi-criteria QoS-aware trust service composition algorithm in cloud computing environments. Int. J. Grid Distrib. Comput. 7, 1 (2014), 77--88.

[65]

H. Ma, F. Bastani, I.-L. Yen, and H. Mei. 2013. QoS-driven service composition with reconfigurable services. IEEE Trans. Serv. Comput. 6, 1 (Apr. 2013), 20--34.

Digital Library

[66]

H. Mantel. 2000. Possibilistic definitions of security-an assembly kit. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00).

Digital Library

[67]

R. Mateescu and S. Rampacek. 2008. Formal modeling and discrete-time analysis of BPEL web services. In Advances in Enterprise Engineering I, J. L. G. Dietz (Ed.). Lecture Notes in Business Information Processing, Vol. 10. Springer Berlin, 179--193.

[68]

B. Medjahed, A. Bouguettaya, and A. K. Elmagarmid. 2003. Composing web services on the semantic web. VLDB J. 12, 4 (Nov. 2003), 333--351.

Digital Library

[69]

S. Mouchawrab, L. C. Briand, Y. Labiche, and M. Di Penta. 2011. Assessing, comparing, and combining state machine-based testing and structural testing: A series of experiments. IEEE Trans. Softw. Eng. 37, 2 (Mar. 2011), 161--187.

Digital Library

[70]

A. Munoz and A. Mana. 2013. Bridging the GAP between software certification and trusted computing for securing cloud computing. In Proceedings of the 9th IEEE World Congress on Services (SERVICES ;13).

Digital Library

[71]

A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web Services Security: SOAP Message Security 1.1. OASIS. Retrieved from http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.

[72]

M. Najafi, K. Sartipi, and N. Archer. 2018. Formal Verification and Validation of Web Service Composition Certifier. Retrieved August 2018 from http://www.cas.mcmaster.ca/ najafm/journal4.pdf.

[73]

Y. Ni, S.-S. Hou, L. Zhang, J. Zhu, Z. J. Li, Q. Lan, H. Mei, and J.-S. Sun. 2013. Effective message-sequence generation for testing BPEL programs. IEEE Trans. Serv. Comput. 6, 1 (Apr. 2013), 7--19.

Digital Library

[74]

OMG 2011. Business Process Model and Notation (BPMN)--Version 2.0. OMG. Retrieved from http://www.omg.org/spec/BPMN/2.0/PDF/.

[75]

OpenText 2016. BPM in the Cloud. OpenText. Retrieved October 2016 from http://tinyurl.com/jfx4pn5.

[76]

Oracle 2015. Oracle Process Cloud Service. Oracle. Retrieved from http://tinyurl.com/jj3skoa.

[77]

C. Pautasso. 2009. RESTful web service composition with BPEL for REST. Data Knowl. Eng. 68, 9 (2009), 851--866.

Digital Library

[78]

PCI Security Standards Council 2015. Payment Card Industry (PCI) Data Security Standard--Requirements and Security Assessment Procedures--Version 3.1. PCI Security Standards Council. Retrieved from http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.

[79]

S. Pearson. 2011. Toward accountability in the cloud. IEEE Internet Comput. 15, 4 (Jul.-Aug. 2011), 64--69.

Digital Library

[80]

C. Peltz. 2003. Web services orchestration and choreography. Computer 36, 10 (Oct. 2003), 46--52.

Digital Library

[81]

L. Pino and G. Spanoudakis. 2012. Finding secure compositions of software services: Towards a pattern based approach. In Proceedings of the 5th IFIP Internation Conference on New Technologies, Mobility 8 Security (NTMS’12).

[82]

A. Pnueli. 1977. The temporal logic of programs. In Proceedings of the 18th Annual Symposium on Foundations of Computer Science (SFCS’77).

Digital Library

[83]

H. Rasheed. 2014. Data and infrastructure security auditing in cloud computing environments. Int. J. Inf. Manage. 34, 3 (Jun. 2014), 364--368.

[84]

S. Rossi. 2010. Model checking adaptive multilevel service compositions. In Proceedings of the International Conference on Formal Aspects of Component Software (FACS’10).

Digital Library

[85]

D. Sanán, Y. Zhao, Z. Hou, F. Zhang, A. Tiu, and Y. Liu. 2017. CSimpl: A rely-guarantee-based framework for verifying concurrent programs. In Proceedings of the 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’17).

[86]

W. She, I.-L. Yen, B. Thuraisingham, and E. Bertino. 2013. Security-aware service composition with fine-grained information flow control. IEEE Trans. Serv. Comput. 6, 3 (Jul. 2013), 330--343.

Digital Library

[87]

P. Stephanow, G. Srivastava, and J. Schutte. 2016. Test-based cloud service certification of opportunistic providers. In Proceedings of the 9th IEEE International Conference on Cloud Computing (CLOUD’16).

[88]

H. N. Talantikitea, D. Aissanib, and N. Boudjlidac. 2009. Semantic annotations for web services discovery and composition. Comput. Stand. Interfaces 31, 6 (Nov. 2009), 1108--1117.

Digital Library

[89]

W. Tan, Y. Fan, and M.C. Zhou. 2009. A petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans. Automat. Sci. Eng. 6, 1 (Jan. 2009), 94--106.

[90]

H. Tout, A. Mourad, H. Yahyaoui, C. Talhi, and H. Otrok. 2012. Towards a BPEL model-driven approach for Web services security. In Proceedings of the 10th Annual International Conference on Privacy, Security and Trust (PST’12).

Digital Library

[91]

W.-T. Tsai, P. Zhong, J. Balasooriya, Y. Chen, X. Bai, and J. Elston. 2011. An approach for service composition and testing for cloud computing. In Proceedings of the 10th International Symposium on Autonomous Decentralized Systems (ISADS’11).

Digital Library

[92]

USA Department of Defence 1985. Department Of Defense Trusted Computer System Evaluation Criteria. USA Department of Defence. Retrieved from http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.

[93]

E. van Veenendaal. 2018. Standard Glossary of Terms Used in Software Testing Version 2.2. International Software Testing Qualifications Board. Retrieved August 2018 from http://www.astqb.org/educational-resources/glossary.php.

[94]

H. D. Vo, D. C. Phung, V. Q. Dung, and V.-H. Nguyen. 2012. Securing data in composite web services. In Proceedings of the 4th International Conference on Knowledge and Systems Engineering (KSE’12). Danang, Vietnam.

Digital Library

[95]

J. Yu, J. Han, S. O. Gunarso, and S. Versteeg. 2013. A business protocol unit testing framework for web service composition. In Proceedings of the 25th International Conference on Advanced Information Systems Engineering (CAiSE 2013). Valencia, Spain.

Digital Library

[96]

L. Zeng, B. Benatallah, A. H. H. Ngu, M. Dumas, J. Kalagnanam, and H. Chang. 2004. QoS-aware middleware for web services composition. IEEE Trans. Softw. Eng. 30, 5 (May 2004), 311--327.

Digital Library

[97]

H. Zheng, J. Yang, and W. Zhao. 2016. Probabilistic QoS aggregations for service composition. ACM Trans. Web 10, 2, Article 12 (May 2016), 12:1--12:36 pages.

Digital Library

Cited By

Anisetti MArdagna CDamiani EEl Ioini NAnisetti MArdagna CDamiani EEl Ioini N(2024)Certification of Modern Distributed SystemsA Journey into Security Certification10.1007/978-3-031-59724-4_4(41-60)Online publication date: 18-Jul-2024
https://doi.org/10.1007/978-3-031-59724-4_4
Ardagna CBena N(2023)Non-Functional Certification of Modern Distributed Systems: A Research Manifesto2023 IEEE International Conference on Software Services Engineering (SSE)10.1109/SSE60056.2023.00020(71-79)Online publication date: Jul-2023
https://doi.org/10.1109/SSE60056.2023.00020
Anisetti MArdagna CBena NDamiani E(2023)Rethinking Certification for Trustworthy Machine-Learning-Based ApplicationsIEEE Internet Computing10.1109/MIC.2023.332232727:6(22-28)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/MIC.2023.3322327
Show More Cited By

Index Terms

Test-Based Security Certification of Composite Services

Recommendations

A test-based security certification scheme for web services

The Service-Oriented Architecture (SOA) paradigm is giving rise to a new generation of applications built by dynamically composing loosely coupled autonomous services. Clients (i.e., software agents acting on behalf of human users or service providers) ...
Security Certification of Composite Services: A Test-Based Approach
ICWS '13: Proceedings of the 2013 IEEE 20th International Conference on Web Services

Accurate and lightweight evaluation of web service security properties is a key problem, especially when business processes are dynamically built by composing atomic services provided by different suppliers at runtime. In this paper, we tackle this ...
The Myth of Open Web Services: The Rise of the Service Parks

Issues of trust, reliability, and data heterogeneity make it unlikely that we'll have access to a set of free and heterogenous Web services and tools to combine them on the Internet anytime soon. The authors contend, instead, that "service parks" will ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on the Web

ACM Transactions on the Web Volume 13, Issue 1

February 2019

206 pages

ISSN:1559-1131

EISSN:1559-114X

DOI:10.1145/3297729

Editor:
Brian D. Davison
Lehigh University, USA

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2018

Accepted: 01 August 2018

Revised: 01 May 2018

Received: 01 December 2016

Published in TWEB Volume 13, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
354
Total Downloads

Downloads (Last 12 months)17
Downloads (Last 6 weeks)2

Reflects downloads up to 27 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Anisetti MArdagna CDamiani EEl Ioini NAnisetti MArdagna CDamiani EEl Ioini N(2024)Certification of Modern Distributed SystemsA Journey into Security Certification10.1007/978-3-031-59724-4_4(41-60)Online publication date: 18-Jul-2024
https://doi.org/10.1007/978-3-031-59724-4_4
Ardagna CBena N(2023)Non-Functional Certification of Modern Distributed Systems: A Research Manifesto2023 IEEE International Conference on Software Services Engineering (SSE)10.1109/SSE60056.2023.00020(71-79)Online publication date: Jul-2023
https://doi.org/10.1109/SSE60056.2023.00020
Anisetti MArdagna CBena NDamiani E(2023)Rethinking Certification for Trustworthy Machine-Learning-Based ApplicationsIEEE Internet Computing10.1109/MIC.2023.332232727:6(22-28)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/MIC.2023.3322327
Anisetti MArdagna CBerto F(2023)An assurance process for Big Data trustworthinessFuture Generation Computer Systems10.1016/j.future.2023.04.003146(34-46)Online publication date: Sep-2023
https://doi.org/10.1016/j.future.2023.04.003
Chang SDuan Y(2022)Application of Face Recognition in E-commerce Security Authentication in the Era of Big DataSecurity and Communication Networks10.1155/2022/42467502022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/4246750
Zhang PJin HDong HSong WBouguettaya A(2022)Privacy-Preserving QoS Forecasting in Mobile Edge EnvironmentsIEEE Transactions on Services Computing10.1109/TSC.2020.297701815:2(1103-1117)Online publication date: 1-Mar-2022
https://doi.org/10.1109/TSC.2020.2977018
Anisetti MArdagna CBerto FDamiani E(2022)A Security Certification Scheme for Information-Centric NetworksIEEE Transactions on Network and Service Management10.1109/TNSM.2022.316514419:3(2397-2408)Online publication date: Sep-2022
https://doi.org/10.1109/TNSM.2022.3165144
Anisetti MBerto FBanzi M(2022)Orchestration of data-intensive pipeline in 5G-enabled Edge Continuum2022 IEEE World Congress on Services (SERVICES)10.1109/SERVICES55459.2022.00025(2-10)Online publication date: Jul-2022
https://doi.org/10.1109/SERVICES55459.2022.00025
Pan MTian SYuan JChen S(2021)Simulation of Dynamic User Network Connection Anti-Interference and Security Authentication Method Based on Ubiquitous Internet of ThingsMathematical Problems in Engineering10.1155/2021/56872082021(1-8)Online publication date: 21-Jun-2021
https://doi.org/10.1155/2021/5687208
Jahan SGamble R(2021)Applying Security-Awareness to Service-Based Systems2021 IEEE International Conference on Autonomic Computing and Self-Organizing Systems Companion (ACSOS-C)10.1109/ACSOS-C52956.2021.00041(118-124)Online publication date: Sep-2021
https://doi.org/10.1109/ACSOS-C52956.2021.00041
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents