A service software is a self-contained, modular application deployed over standard computing platforms, and readily accessible by users within or across organizational boundaries using Internet. For businesses to open up their applications for the interaction with other service software, a fundamental requirement is that there has to be sufficient choices for security provisions allowing service consumers to select and verify the actual security assurances of services. In this context, the specific research challenge is how we could design service software focusing on the consumer's specific security requirements, and provide assurances to those security needs. Clearly, the security requirements vary from consumers to consumers. This work outlines a framework focusing on the selection of service software consistent with the security requirements of consumers, and compatibility checking of the assurances provided by services. We use profile-based compatibility analysis techniques to form an essential building block towards assuring security of service software.

In our research, we envision a security profile based compatibility checking that focuses more on automatic analysis of security compatibility using formal analysis techniques of security properties of software services. Our approach is based on three main building blocks: reflection of security assurances; selection of preferred assurances; and checking of security compatibility. Clearly, our vision and research for service security based on profile based compatibility analysis will form an essential building block towards realizing the full potential of service oriented computing. We foresee that the provision of the proposed scheme for service security profiling and compatibility analysis will significantly advance the state of practice in service oriented computing. At the same time, its development represents a new and highly challenging research target in the area.

This work is of great significance to the development of future software systems that facilitate security-aware cross-organizational business activities. The envisioned capability to integrate service software across-organizational boundaries that meets security requirements of all parties involved represents a significant technological advance in enabling practical business-to-business computing, leading to new business opportunities. At the same time, the approach will make significant scientific advancement in understanding the problem of application-level system security in a service oriented computing context.


Article metrics loading...

Loading full text...

Full text loading...

This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error