Secure and Trustworthy Service Composition

The Future Internet envisions a move toward widespread use of services as a way of networked interaction. However, while the technologies for developing and deploying services are well established, methods for ensuring trust and security are fewer and less mature. Lack of trust and confidence in composed services and in their constituent parts is reckoned to be one of the significant factors limiting widespread uptake of service-oriented computing.

This state-of-the-art survey illustrates the results of the Aniketos - Secure and Trustworthy Composite Services - project (funded under the EU 7th Research Framework Programme). The papers included in the book describe the solutions developed during the 4-year project to establish and maintain trustworthiness and secure behavior in a constantly changing service environment. They provide service developers and providers with a secure service development framework that includes methods, tools, and security services supporting the design-time creation and run-time composition of secure dynamic services, where both the services and the threats are evolving. The 16 chapters are organized in the following thematic sections: state of the art of secure and trustworthy composite services; the Aniketos platform; design-time support framework; run-time support framework; and case studies and evaluation.

Inhalt

Composite Services with Dynamic Behaviour.- Security and Trustworthiness Threats to Composite Services: Taxonomy, Countermeasures, and Research Directions.- Adopting Existing Communication Platforms for Security Enabling Technologies.- The Aniketos Platform.- The Socio-technical Security Requirements Modelling Language for Secure Composite Services.- From Consumer Requirements to Policies in Secure Services.- Security Requirements Engineering with STS-Tool.- Using SecureBPMN for Modelling Security-Aware Service Compositions.- The Aniketos Service Composition Framework: Analysing and Ranking of Secure Services.- Compliance Validation of Secure Service Compositions.- Aggregation and Optimisation of Trustworthiness of Composite Services.- Monitoring Threats to Composite Services within the Aniketos Run-Time Framework.- Security Policy Monitoring of Composite Services.- The Aniketos Design-Time Framework Applied - A Case in Air Traffic Management.- Supporting Security and Trust in Complex e-Government Services.- Characteristics and Addressed Challenges in Evaluating the Aniketos Project Outcome.