Container-level security certification of services

Marco Anisetti; Claudio A. Ardagna; Ernesto Damiani

doi:10.1007/978-3-642-32439-0_6

Container-level security certification of services

Marco Anisetti, Claudio A. Ardagna, Ernesto Damiani

Electrical Engineering

Università degli Studi di Milano

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

The increasing success of the Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.

Original language	British English
Title of host publication	Business System Management and Engineering
Subtitle of host publication	From Open Issues to Applications
Pages	93-108
Number of pages	16
DOIs	https://doi.org/10.1007/978-3-642-32439-0_6
State	Published - 2012
Event	International Workshop on Business System Management and Engineering, BSME 2010 - Malaga, Spain Duration: 28 Jun 2010 → 28 Jun 2010

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7350 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Workshop on Business System Management and Engineering, BSME 2010
Country/Territory	Spain
City	Malaga
Period	28/06/10 → 28/06/10

Access to Document

10.1007/978-3-642-32439-0_6

Cite this

Anisetti, M., Ardagna, C. A., & Damiani, E. (2012). Container-level security certification of services. In Business System Management and Engineering: From Open Issues to Applications (pp. 93-108). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7350 LNCS). https://doi.org/10.1007/978-3-642-32439-0_6

@inproceedings{7e39b12d3058440c81f85152565f30b5,

title = "Container-level security certification of services",

abstract = "The increasing success of the Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.",

author = "Marco Anisetti and Ardagna, {Claudio A.} and Ernesto Damiani",

year = "2012",

doi = "10.1007/978-3-642-32439-0_6",

language = "British English",

isbn = "9783642324383",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "93--108",

booktitle = "Business System Management and Engineering",

note = "International Workshop on Business System Management and Engineering, BSME 2010 ; Conference date: 28-06-2010 Through 28-06-2010",

}

Anisetti, M, Ardagna, CA & Damiani, E 2012, Container-level security certification of services. in Business System Management and Engineering: From Open Issues to Applications. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7350 LNCS, pp. 93-108, International Workshop on Business System Management and Engineering, BSME 2010, Malaga, Spain, 28/06/10. https://doi.org/10.1007/978-3-642-32439-0_6

Container-level security certification of services. / Anisetti, Marco; Ardagna, Claudio A.; Damiani, Ernesto.
Business System Management and Engineering: From Open Issues to Applications. 2012. p. 93-108 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7350 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Container-level security certification of services

AU - Anisetti, Marco

AU - Ardagna, Claudio A.

AU - Damiani, Ernesto

PY - 2012

Y1 - 2012

N2 - The increasing success of the Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.

AB - The increasing success of the Service-Oriented Architecture (SOA) paradigm has fostered the implementation of complex services, including business processes, via dynamic selection and composition of remote services providing single functionality. Run-time selection and composition of services require the deployment of high-level security standards for the SOA infrastructure, to increase the confidence of both service consumers and providers that the services satisfy their security requirements and behave as expected. In this context, certification can play a fundamental role and provide the evidence that a set of properties hold for a given service. Security certification of services can involve two different aspects: i) the evaluation of the container in which the service is deployed, in terms of compliance with web service security standards and policies; ii) the verification and validation of the service implementation. In this chapter, we focus on the first aspect and we propose an overview of container-level certification of services.

UR - http://www.scopus.com/inward/record.url?scp=84866390935&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-32439-0_6

DO - 10.1007/978-3-642-32439-0_6

M3 - Conference contribution

AN - SCOPUS:84866390935

SN - 9783642324383

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 93

EP - 108

BT - Business System Management and Engineering

T2 - International Workshop on Business System Management and Engineering, BSME 2010

Y2 - 28 June 2010 through 28 June 2010

ER -

Container-level security certification of services

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this