Fine-Grained Modeling of Web Services for Test-Based Security Certification

We present a solution for test-based security certification of services that models the service under certification using a Symbolic Transition System (STS). The STS-based model is readily derivable from the Web Service Description Language (WSDL) and Web Service Conversation Language (WSCL) of the service, and can be enriched with details about test-based conditions on inputs and outputs, implementation details, and security specifications. In addition, we show how such fine-grained modeling can be included in a test-based security certification process. Finally, we discuss how this process can be integrated within the Web service life-cycle and used for matching users' preferences and comparing certificates of different services.

[1]  Chengying Mao A specification-based testing framework for Web service-based software , 2009, 2009 IEEE International Conference on Granular Computing.

[2]  Dong Wang,et al.  Extending WSDL to facilitate Web services testing , 2002, 7th IEEE International Symposium on High Assurance Systems Engineering, 2002. Proceedings..

[3]  Jan Tretmans,et al.  Towards Model-Based Testing of Web Services , 2006 .

[4]  Mike P. Papazoglou,et al.  Web Services and Business Transactions , 2003, World Wide Web.

[5]  Sungwon Kang,et al.  Generating Test Cases for Web Services Using Extended Finite State Machine , 2006, TestCom.

[6]  Jan Tretmans,et al.  Test Generation Based on Symbolic Specifications , 2004, FATES.

[7]  Khaled M. Khan,et al.  Security-Oriented Service Composition and Evolution , 2006, 2006 13th Asia Pacific Software Engineering Conference (APSEC'06).

[8]  Myong H. Kang,et al.  Security Ontology for Annotating Resources , 2005, OTM Conferences.

[9]  Abbas Tarhini,et al.  A Simple Approach for Testing Web Service Based Applications , 2005, IICS.

[10]  Ernesto Damiani,et al.  Open Source Systems Security Certification , 2008 .

[11]  Malcolm Munro,et al.  An Approach for Specification-based Test Case Generation for Web Services , 2007, 2007 IEEE/ACS International Conference on Computer Systems and Applications.

[12]  Gillian Dobbie,et al.  Towards Specification Based Testing for Semantic Web Services , 2009, 2009 Australian Software Engineering Conference.

[13]  Debra S. Herrmann,et al.  Using the Common Criteria for IT Security Evaluation , 2002 .

[14]  Reiko Heckel,et al.  Towards Contract-based Testing of Web Services , 2005, Electron. Notes Theor. Comput. Sci..

[15]  Raymond A. Paul,et al.  Verification of Web services using an enhanced UDDI server , 2003, Proceedings of the Eighth International Workshop on Object-Oriented Real-Time Dependable Systems, 2003. (WORDS 2003)..

[16]  Ernesto Damiani,et al.  Defining and Matching Test-Based Certificates in Open SOA , 2011, 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops.

[17]  Gerardo Canfora,et al.  Service-Oriented Architectures Testing: A Survey , 2009, ISSSE.