This report has been written for a 20 ECTS internship with IBM Nederland at the University of Twente.

Nowadays, service oriented architecture (SOA) is an important type of architecture within the computer science. service oriented computing (SOC) is becoming more common on a daily basis. However, the trustworthiness of SOC is still an issue in need of a lot of research.

The Towards Trustworthy ICT Service Chains (TTISC) project is an effort of IBM Nederland, CWI, TNO, University of Groningen, and Logius, to create trustworthy information and communications technology (ICT) service chains. In order to set a first step in the right direction for achieving this goal, we will explore initial
directions for this project with a security focus.

First of all, it is important to define our scope and set our direction. Therefore, this report will extensively discuss common concepts in both the field of service chains and the field of trust. Furthermore, we will approach the project with a view based on risk management.

Within the loosely related project SeQual, there has been extensive research by Almeida to quality of service (QoS) aspects of service chains, notably in a performance related sense. This research will focus on security related aspects of QoS.

As trust is one of the pillars within the TTISC project, it is of importance to quantify trust. Therefore, we will contribute a model of trust with means of quantifying trust. Given the risk oriented approach within the TTISC project, we will amend this model to risk-based trust. Thus, we will measure trust based on risk analysis.

In order to find the security risks inherent to SOC we will take two approaches. In the first approach, we will discuss the distinctive properties of a SOA and see how these properties influence security. The second approach is to map all the parts of a SOA that may be attacked. Using these – potentially vulnerable – parts, we will survey security risks of these parts.

Finally, we will propose directions for the future research within the TTISC project. This will be done by proposing research questions that build upon the surveyed topics within this report.

Download this report.

Leave a Reply

Your email address will not be published. Required fields are marked *