The challenges of secure and trustworthy service composition in the Future Internet

The development of the Future Internet will see a move towards widespread use of services as a way of networked interaction. However, while the technologies for deploying services are well established, methods for ensuring trust and security are less well developed. In particular, current service security standards and technologies tend to be focussed on specific areas, such as security at the communication level. In order for users to be confident that their security requirements are being satisfied, a more holistic approach is required. For example, the security claims of a service should be known in advance, and a user should be able to make judgements about the trustworthiness of a service and its likelihood of fulfilling these claims. This should apply to services running in isolation, as well as those comprised of other services from different providers. We present a high level design of the Aniketos platform that aims to address some of these challenges, providing capabilities for managing trust, security and threats in relation to services in the Future Internet. While still at an early stage, this high level design provides an insight into how the platform is expected to develop in the future.

[1]  Qi Shi,et al.  System-of-systems boundary check in a public event scenario , 2010, 2010 5th International Conference on System of Systems Engineering.

[2]  Madjid Merabti,et al.  A Framework for Providing a Secure System of Systems Composition , 2011 .

[3]  Jan Schaffner,et al.  Mixed initiative use cases for semi-automated service composition: a survey , 2006, SOSE '06.

[4]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[5]  Mohsen Guizani,et al.  NIS01-4: Trust Aware Routing in Mobile Ad Hoc Networks , 2006, IEEE Globecom 2006.

[6]  Gian Luigi Ferrari,et al.  Enforcing secure service composition , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[7]  Fabio Martinelli,et al.  Secure Service Composition with Symbolic Effects , 2009, 2009 Fourth South-East European Workshop on Formal Methods.

[8]  Ulrich Lang,et al.  Model Driven Development of Security Aspects , 2007, Electron. Notes Theor. Comput. Sci..

[9]  Guisheng Fan,et al.  Aspect Oriented Approach to Building Secure Service Composition , 2010, 2010 Asia Pacific Software Engineering Conference.

[10]  Nicola Zannone The Si* Modeling Framework: Metamodel and Applications , 2009, Int. J. Softw. Eng. Knowl. Eng..

[11]  David Llewellyn-Jones,et al.  A Reputation Based Scheme to Deter Identity Based Attacks for Clustered MANETs , 2009 .

[12]  Fabio Massacci,et al.  Extending Security-by-Contract with Quantitative Trust on Mobile Devices , 2010, 2010 International Conference on Complex, Intelligent and Software Intensive Systems.

[13]  Rajeev Motwani,et al.  The PageRank Citation Ranking : Bringing Order to the Web , 1999, WWW 1999.

[14]  Eric Dubois,et al.  Towards a Decision Model Based on Trust and Security Risk Management , 2009, AISC.

[15]  Inger Anne Tøndel,et al.  An Architectural Foundation for Security Model Sharing and Reuse , 2009, 2009 International Conference on Availability, Reliability and Security.

[16]  Peter A. Jarvis,et al.  PASSAT: A User-centric Planning Framework , 2002 .

[17]  Yuan Gao,et al.  A Routing Protocol Based on Trust for MANETs , 2005, GCC.