Monitoring the monitor: an approach towards trustworthiness in service oriented architecture

The key notion in service-oriented architecture is decoupling clients and providers of a service based on an abstract service description, which is used by the service broker to point clients to a suitable service implementation. A client then sends service requests directly to the service implementation. A problem with the current architecture is that it does not provide trustworthy means for clients to specify, service brokers to verify, and service implementations to prove that certain desired non-functional properties are satisfied during service request processing. An example of such non-functional property is access and persistence restrictions on the data received as part of the service requests. In this work, we propose an extension of the service-oriented architecture that provides these facilities. We also discuss a prototype implementation of this architecture and report preliminary results that demonstrate the potential practical value of the proposed architecture in real-world software applications.

[1]  Athman Bouguettaya,et al.  Preserving privacy in web services , 2002, WIDM '02.

[2]  M.S. Feather,et al.  Reconciling system requirements and runtime behavior , 1998, Proceedings Ninth International Workshop on Software Specification and Design.

[3]  William N. Robinson,et al.  Monitoring software requirements using instrumented code , 2002, Proceedings of the 35th Annual Hawaii International Conference on System Sciences.

[4]  Guilherme Ottoni,et al.  RIFLE: An Architectural Framework for User-Centric Information-Flow Security , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[5]  George Spanoudakis,et al.  Run-time monitoring of requirements for systems composed of Web-services: initial implementation and evaluation experience , 2005, IEEE International Conference on Web Services (ICWS'05).

[6]  S. Uchitel,et al.  Monitoring and control in scenario-based requirements analysis , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[7]  Martin S. Feather,et al.  Requirements monitoring in dynamic environments , 1995, Proceedings of 1995 IEEE International Symposium on Requirements Engineering (RE'95).

[8]  Mike P. Papazoglou,et al.  Service oriented computing : Introduction , 2003 .

[9]  Mike P. Papazoglou,et al.  Introduction: Service-oriented computing , 2003, CACM.

[10]  Michael D. Schroeder Engineering a security kernel for Multics , 1975, SOSP.

[11]  Luciano Baresi,et al.  Smart monitors for composed services , 2004, ICSOC '04.

[12]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[13]  Mike P. Papazoglou,et al.  Service-oriented computing: concepts, characteristics and directions , 2003, Proceedings of the Fourth International Conference on Web Information Systems Engineering, 2003. WISE 2003..

[14]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[15]  Vasant Honavar,et al.  Modeling Web Services by Iterative Reformulation of Functional and Non-functional Requirements , 2006, ICSOC.

[16]  Marco Pistore,et al.  Run-Time Monitoring of Instances and Classes of Web Service Compositions , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[17]  John Zic,et al.  Expressing and Reasoning about Service Contracts in Service-Oriented Computing , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[18]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[19]  Gerardo Canfora,et al.  Testing services and service-centric systems: challenges and opportunities , 2006, IT Professional.