How to Trust a Web Service Monitor Deployed in an Untrusted Environment?

In a service oriented architecture, certain requirements can be tested by observing the interface of the service whereas other requirements such as data privacy, confidentiality and integrity cannot be tested in this way. After deployment, a requirements monitor is used to analyze the conformance of a web service to such requirements. The integrity of the reported conformance results is as good as of the integrity of the monitor especially when the requirements monitor is executing in an untrustworthy environment. In this paper, we propose a hardware-based dynamic attestation mechanism to validate the integrity of the requirements monitor. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrustworthy environment.

[1]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[2]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[3]  John Hatcliff,et al.  Kaveri: Delivering the Indus Java Program Slicer to Eclipse , 2005, FASE.

[4]  George Spanoudakis,et al.  Run-time monitoring of requirements for systems composed of Web-services: initial implementation and evaluation experience , 2005, IEEE International Conference on Web Services (ICWS'05).

[5]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[6]  Michael D. Schroeder Engineering a security kernel for Multics , 1975, SOSP.

[7]  Mark O'Neill,et al.  Web Services Security , 2003 .

[8]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[9]  S. Uchitel,et al.  Monitoring and control in scenario-based requirements analysis , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[10]  Marco Pistore,et al.  Run-Time Monitoring of Instances and Classes of Web Service Compositions , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[11]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[12]  Geoffrey C. Fox Grids of grids of simple services , 2004 .

[13]  Hridesh Rajan,et al.  Monitoring the monitor: an approach towards trustworthiness in service oriented architecture , 2007, IW-SOSWE '07.

[14]  Fabio Casati,et al.  Managing Impacts of Security Protocol Changes in Service-Oriented Applications , 2007, 29th International Conference on Software Engineering (ICSE'07).

[15]  William N. Robinson,et al.  Monitoring software requirements using instrumented code , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[16]  Bob Atkinson Web Services Security (WS-Security) , 2003 .