A certification-aware service-oriented architecture

Marco Anisetti, Claudio A. Ardagna, Michele Bezzi, Ernesto Damiani, Samuel Paul Kaluvuri, Antonino Sabetta

Research output: Chapter in Book/Report/Conference proceedingChapterpeer-review

1 Scopus citations


The widespread development of Service-Oriented Architecture (SOA) and web services is changing the traditional view of information technology. Today, software applications are increasingly distributed and consumed as a service, and business processes are implemented by selecting and composing services provided by different suppliers at run-time and with a minimal human intervention. In this scenario, where services are usually selected on the basis of clients' functional preferences, the risk of providing powerful but insecure applications raises, and the problem of guaranteeing and preserving the security of services and business processes becomes stringent. To this aim, we put forward the idea that security certification techniques can be adopted to provide the evidence that a service system has some security properties and behaves as expected. However, existing security certification techniques are not well-suited to the service scenario, since they are designed for static and monolithic software and then cannot support the intrinsic SOA dynamics. In this chapter, we discuss recent developments in the area of extending security certifications to web services. In particular, we first review current certification approaches, and highlight requirements and challenges for applying them to the service ecosystem. We then present an advanced methodology for security certification based on testing, as a crucial part of a novel approach for security certification developed in the context of the FP7 EU project Advanced Security Service cERTificate for SOA (ASSERT4SOA).

Original languageBritish English
Title of host publicationAdvanced Web Services
PublisherSpringer New York
Number of pages24
ISBN (Electronic)9781461475354
ISBN (Print)1461475341, 9781461475347
StatePublished - 1 Oct 2014


Dive into the research topics of 'A certification-aware service-oriented architecture'. Together they form a unique fingerprint.

Cite this