The pervasiveness of web services increases the necessity for consumers to access and use them in a secure way. Consumers should require strong guarantees that their security policies are satised. Unfortunately, Service Oriented Computing (SOC) is adverse to most techniques of control and analysis which, usually, require the direct access to either execution or implementation. Here, we classify dierent service execution paradigms and their participants. According to the amount of available information about the service we identify the existing threats and the security supports the service consumers can rely on for obtaining actual guarantees. Following our classication, we considered the possibility of applying the Security-by-Contract-with-Trust framework. If correctly implemented, it can mitigate the security risks in the most service composition paradigms.
Contract-based Approaches for Securing Web Services
Fabio Martinelli;Ilaria Matteucci;Artsiom Yautsiukhin
2013
Abstract
The pervasiveness of web services increases the necessity for consumers to access and use them in a secure way. Consumers should require strong guarantees that their security policies are satised. Unfortunately, Service Oriented Computing (SOC) is adverse to most techniques of control and analysis which, usually, require the direct access to either execution or implementation. Here, we classify dierent service execution paradigms and their participants. According to the amount of available information about the service we identify the existing threats and the security supports the service consumers can rely on for obtaining actual guarantees. Following our classication, we considered the possibility of applying the Security-by-Contract-with-Trust framework. If correctly implemented, it can mitigate the security risks in the most service composition paradigms.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.