This report has been written to obtain the degree of Master of Science at the University of Twente.

The rise of service oriented computing as a popular software development paradigm brings the inability to compose security properties back into the spotlights. Since the modular nature of services is one of the key concepts within service oriented architectures (SOAs), a lot of security efforts in this field are rendered useless. This is amplified by the fact that services are built upon an uncoupled architecture.

Additionally, service oriented systems need to be able to bootstrap trust in real time, as another main feature of service oriented systems is the opaqueness of the services. As no prior communication or knowledge further than a standardised application programming interface (API) can be assumed due to the uncoupled nature of services, making an informed decision about the honesty of a specific service very hard. Therefore, a trust infrastructure or other means of coping with dishonest services is mandatory.

The present research will tackle both the composition problem and the issue of trust within a service oriented context. It is aimed at enabling the techniques for proving security properties within standard SOAs and finding security properties for use within this architecture while posing only realistic assumptions on the service oriented environment. Furthermore, a concise and effective model for bootstrapping trust will be introduced.

A precise model for services and service compositions is built using partially ordered multisets (pomsets). This model conforms to the characteristics of service oriented computing, with an emphasis on the uncoupled nature and opaqueness of services. The secure protocol composition framework of Datta et al. (2003) is adapted to a service oriented context. This is done by overcoming the differences between service oriented computing and protocols, and combining the framework with our model of service oriented computing. The resulting framework solves the problem of secure service composition.

Finally, certification and reputation-based trust infrastructures are discussed and proposed to solve the issue of trust raised by opaque services. By using trust infrastructures to bootstrap trust in the honesty of individual services, it becomes possible to make informed decisions on which services to trust. As means of mitigating the issue of trust against a trustworthy majority, the problem of the Byzantine generals of Lamport, Shostak and Pease (1982) is discussed and adapted to our model of service compositions. This approach minimises the effect of dishonest services by normalising anomalies caused by service poisoning.

In conclusion, the present research proposes a framework for the secure composition of services. Additionally, trust infrastructures are proposed to decide upon the honesty of services, and an adaptation of the Byzantine generals problem is used to mitigate service poisoning.

Download this report.

Leave a Reply

Your email address will not be published. Required fields are marked *