Trustable Remote Verification of Web Services

Service Oriented Architectures currently provide little or no evidence that each remote component has been implemented correctly. This is a problem for businesses hoping to exploit the potential benefits of SOA. We present a technique called Trustable Remote Verification, which lets providers create behavioural guarantees of their web services. Our approach is flexible, using Extended Static Checking for verification and has the significant advantage of requiring no additional trusted third party.

[1]  David R. Cok,et al.  ESC/Java2: Uniting ESC/Java and JML , 2004, CASSIS.

[2]  Andrew P. Martin,et al.  Towards a secure, tamper-proof grid platform , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).

[3]  Jean-Louis Lanet,et al.  Enforcing High-Level Security Properties for Applets , 2004, CARDIS.

[4]  Tevfik Bultan,et al.  Verifiable Web services with hierarchical interfaces , 2005, IEEE International Conference on Web Services (ICWS'05).

[5]  Mike P. Papazoglou,et al.  A Survey of Web service technologies , 2004 .

[6]  Raymond A. Paul,et al.  Developing and assuring trustworthy Web services , 2005, Proceedings Autonomous Decentralized Systems, 2005. ISADS 2005..

[7]  George C. Necula,et al.  Proof-Carrying Code , 2011, Encyclopedia of Cryptography and Security.

[8]  Gary T. Leavens,et al.  Design by Contract with JML , 2006 .

[9]  Michael K. Reiter,et al.  Flicker: an execution infrastructure for tcb minimization , 2008, Eurosys '08.

[10]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[11]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[12]  Michael Franz,et al.  Awarded Best Paper! Semantic Remote Attestation - Virtual Machine Directed Approach to Trusted Computing , 2004, Virtual Machine Research and Technology Symposium.

[13]  Stephen Gilmore,et al.  Mobile Resource Guarantees for Smart Devices , 2004, CASSIS.

[14]  Erik Christensen,et al.  WSDL: Web Service Description Language , 2001 .

[15]  Tim Ebringer,et al.  WS-attestation: efficient and fine-grained remote attestation on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[16]  Jonathan A. Poritz,et al.  Trust[ed | in] computing, signed code and the heat death of the internet , 2006 .

[17]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[18]  Seiji Munetoh,et al.  Integrity Management Infrastructure for Trusted Computing , 2008, IEICE Trans. Inf. Syst..

[19]  D. Box,et al.  Simple object access protocol (SOAP) 1.1 , 2000 .