skip to main content
research-article

Test-Based Security Certification of Composite Services

Authors Info & Claims
Published:04 December 2018Publication History
Skip Abstract Section

Abstract

The diffusion of service-based and cloud-based systems has created a scenario where software is often made available as services, offered as commodities over corporate networks or the global net. This scenario supports the definition of business processes as composite services, which are implemented via either static or runtime composition of offerings provided by different suppliers. Fast and accurate evaluation of services’ security properties becomes then a fundamental requirement and is nowadays part of the software development process. In this article, we show how the verification of security properties of composite services can be handled by test-based security certification and built to be effective and efficient in dynamic composition scenarios. Our approach builds on existing security certification schemes for monolithic services and extends them towards service compositions. It virtually certifies composite services, starting from certificates awarded to the component services. We describe three heuristic algorithms for generating runtime test-based evidence of the composite service holding the properties. These algorithms are compared with the corresponding exhaustive algorithm to evaluate their quality and performance. We also evaluate the proposed approach in a real-world industrial scenario, which considers ENGpay online payment system of Engineering Ingegneria Informatica S.p.A. The proposed industrial evaluation presents the utility and generality of the proposed approach by showing how certification results can be used as a basis to establish compliance to Payment Card Industry Data Security Standard.

References

  1. R. Accorsi, L. Lowis, and Y. Sato. 2011. Automated certification for compliant cloud-based business processes. Bus. Inf. Syst. Eng. 3, 3 (2011), 145--154.Google ScholarGoogle ScholarCross RefCross Ref
  2. R. Aggarwal, K. Verma, J. Miller, and W. Milnor. 2004. Constraint driven web service composition in METEOR-S. In Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04). Shangai, China. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. M. Alrifai, T. Risse, and W. Nejdl. 2012. A hybrid approach for efficient web service composition with end-to-end QoS constraints. ACM Trans. Web 6, 2 (Jun. 2012), 1--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. A. Alves et al. 2007. Web Services Business Process Execution Language Version 2.0. OASIS. Retrieved from http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html.Google ScholarGoogle Scholar
  5. J. H. Andrews, L. C. Briand, Y. Labiche, and A. S. Namin. 2006. Using mutation analysis for assessing and comparing testing coverage criteria. IEEE Trans. Softw. Eng. 32, 8 (Aug. 2006), 608--624. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. M. Anisetti, C. A. Ardagna, and E. Damiani. 2011. Fine-grained modeling of web services for test-based security certification. In Proceedings of the IEEE International Conference on Services Computing (SCC’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Anisetti, C. A. Ardagna, and E. Damiani. 2013. Security certification of composite services: A test-based approach. In Proceedings of the 20th IEEE International Conference on Web Services (ICWS’13). Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Anisetti, C. A. Ardagna, and E. Damiani. 2015. A test-based incremental security certification scheme for cloud-based systems. In Proceedings of the 12th IEEE International Conference on Services Computing (SCC’15). Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. M. Anisetti, C. Ardagna, E. Damiani, and F. Gaudenzi. 2016. A certification framework for cloud-based services. In Proceedings of the ACM Symposium on Applied Computing (SAC’16). Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Anisetti, C. A. Ardagna, E. Damiani, and F. Gaudenzi. 2017. A semi-automatic and trustworthy scheme for continuous cloud service certification. IEEE Trans. Serv. Comput. (2017).Google ScholarGoogle Scholar
  11. M. Anisetti, C. A. Ardagna, E. Damiani, N. El Ioini, and F. Gaudenzi. 2018. Modeling time, probability, and configuration constraints for continuous cloud service certification. Comput. Secur. 72, Supplement C (2018), 234--254. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Anisetti, C. A. Ardagna, E. Damiani, and J. Maggesi. 2012. Security certification-aware service discovery and selection. In Proceedings of 5th IEEE International Conference on Service-Oriented Computing and Applications (SOCA’12). Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. M. Anisetti, C. A. Ardagna, E. Damiani, and F. Saonara. 2013. A test-based security certification scheme for web services. ACM Trans. Web 7, 2 (May 2013), 1--41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuéllar, P. Drielsma, P. Héam, O. Kouchnarenko, and et al. J. Mantovani. 2005. The AVISPA tool for the automated validation of internet security protocols and applications. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV’05). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. A. R. R. Souza et al. 2009. Incorporating security requirements into service composition: From modelling to execution. In Proceedings of the 7th International Joint Conference on Service Oriented Computing (ICSOC-ServiceWave’09). Stockholm, Sweden. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. AVANTSSAR project. 2018. The AVANTSSAR Project IST-2001-39252. Retrieved from http://www.avantssar.eu/.Google ScholarGoogle Scholar
  17. Y. Bai, Y. Zhang, Y. Zhou, and L. T. Yang. 2011. A non-functional property based service selection and service verification model. In Proceedings of the 8th International Conference on Ubiquitous Intelligence and Computing (UIC’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. M. Bennara, M. Mrissa, and Y. Amghar. 2014. An approach for composing RESTful linked services on the web. In Proceedings of the 23rd International Conference on World Wide Web (WWW’14). Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. L. Bentakouk, P. Poizat, and F. Zaïdi. 2009. A formal framework for service orchestration testing based on symbolic transition systems. In Proceedings of the 21th IFIP Internation Conference on Testing of Communicating Systems (TESTCOM 2009) and the 9th International Workshop on Formal Approaches to Testing of Software (FATES’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. R. Berbner, M. Spahn, N. Repp, O. Heckmann, and R. Steinmetz. 2006. Heuristics for QoS-aware web service composition. In Proceedings of the IEEE International Conference on Web Services (ICWS’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. B. Bernhard. 2003. Web services container. Retrieved from http://www.google.com/patents/US20030033369 US Patent App. 10/215,722.Google ScholarGoogle Scholar
  22. B. Bertholon, S. Varrette, and P. Bouvry. 2011. Certicloud: A novel TPM-based approach to ensure cloud IaaS security. In Proceedings of the 4th IEEE International Conference on Cloud Computing (CLOUD’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. M. Burrows, M. Abadi, and R. Needham. 1990. A logic of authentication. ACM Trans. Comput. Syst. 8, 1 (Feb. 1990), 18--36. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. A. Cavalli, T.-D. Cao, W. Mallouli, E. Martins, A. Sadovykh, S. Salva, and F. Zaïdi. 2010. WebMov: A dedicated framework for the modelling and testing of web services composition. In Proceedings of the 8th IEEE International Conference on Web Services (ICWS’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Y. Chen, J. Huang, C. Lin, and J. Hu. 2015. A partial selection methodology for efficient qos-aware service composition. IEEE Trans. Serv. Comput. 8, 3 (2015), 384--397.Google ScholarGoogle ScholarCross RefCross Ref
  26. T. S. Chow. 1978. Testing software design modeled by finite-state machines. IEEE Trans. Softw. Eng. 4, 3 (May 1978), 178--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. L. Chung and J. C. P. Leite. 2009. Conceptual modeling: Foundations and applications. In On Non-Functional Requirements in Software Engineering, A. T. Borgida, V. K. Chaudhri, P. Giorgini, and E. S. Yu (Eds.). Springer-Verlag, Berlin, 363--379. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. L. Chung, B. A. Nixon, E. Yu, and J. Mylopoulos. 2000. Non-Functional Requirements in Software Engineering, Vol. 5. Springer, Heidelberg.Google ScholarGoogle Scholar
  29. M. R. Clarkson and F. B. Schneider. 2010. Hyperproperties. J. Comput. Secur. 18, 6 (2010), 1157--1210. Google ScholarGoogle ScholarCross RefCross Ref
  30. E. Damiani, C. A. Ardagna, and N. El Ioini. 2009. Open Source Systems Security Certification. Springer, New York, NY. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. A. Dan, D. Davis, R. Kearney, A. Keller, R. King, D. Kuebler, H. Ludwig, M. Polan, M. Spreitzer, and A. Youssef. 2004. Web services on demand: WSLA-driven automated management. IBM Syst. J. 43, 1 (Jan. 2004), 136--158. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. A. V. Dastjerdi and R. Buyya. 2014. Compatibility-aware cloud service composition under fuzzy preferences of users. IEEE Trans. Cloud Comput. 2, 1 (Jan. 2014), 1--13.Google ScholarGoogle ScholarCross RefCross Ref
  33. A. Datta, J. Franklin, D. Garg, L. Jia, and D. Kaynar. 2011. On adversary models and compositional security. IEEE Secur. Priv. 9, 3 (2011), 26--32. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. S. Deng, H. Wu, D. Hu, and J. L. Zhao. 2016. Service selection for composition with QoS correlations. IEEE Trans. Serv. Comput. 9, 2 (2016), 291--303. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. Dustdar and P. Fenkam. 2004. Formally designing web services for mobile team collaboration. In Proceedings of the 30th Euromicro Conference 2004. Rennes, France. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. M. Egea, K. Mahbub, G. Spanoudakis, and M. R. Vieira. 2015. A certification framework for cloud security properties: The monitoring path. In Accountability and Security in the Cloud, M. Felici and C. Fernandez-Gago (Eds.). Springer, 63--77.Google ScholarGoogle Scholar
  37. R. Focardi and R. Gorrieri. 2004. Classification of security properties (part II: Network security). In Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri (Eds.). Springer, Berlin.Google ScholarGoogle ScholarCross RefCross Ref
  38. L. Frantzen, J. Tretmans, and T. A. C. Willemse. 2006. A symbolic framework for model-based testing. In Proceedings of the 6th International Workshop on Formal Approaches to Testing and Runtime Verification (FATES/RV’06). Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. A. Fuchs and S. Gürgens. 2013. Preserving confidentiality in component compositions. In Proceedings of the International Conference on Software Composition (SC’13).Google ScholarGoogle Scholar
  40. H. Gao and Y. Li. 2011. Generating quantitative test cases for probabilistic timed web service composition. In Proceedings of the IEEE Asia-Pacific Services Computing Conference (APSCC’11).Google ScholarGoogle Scholar
  41. D. Garg, J. Franklin, D. Kaynar, and A. Datta. 2010. Compositional system security with interface-confined adversaries. Electr. Not. Theor. Comput. Sci. 265 (Sep. 2010), 49--71. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. C. S. Gordon, M. D. Ernst, D. Grossman, and M. J. Parkinson. 2017. Verifying invariants of lock-free data structures with rely-guarantee and refinement types. ACM Trans. Program. Lang. Syst. 39, 3, Article 11 (May 2017), 54 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. B. Grobauer, T. Walloschek, and E. Stocker. 2011. Understanding cloud computing vulnerabilities. IEEE Secur. Priv. 9, 2 (Mar.-Apr. 2011), 50--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Z. Haibo and D. Prashant. 2009. Towards automated RESTful web service composition. In Proceedings of the IEEE International Conference on Web Services (ICWS’09). Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. I. J. Hayes, C. B. Jones, and R. J. Colvin. 2013. Reasoning About Concurrent Programs: Refining Rely-guarantee Thinking. Computing Science, Newcastle University.Google ScholarGoogle Scholar
  46. D. S. Herrmann. 2002. Using the Common Criteria for IT Security Evaluation. Auerbach Publications. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. W. Hummer, P. Leitner, A. Michlmayr, F. Rosenberg, and S. Dustdar. 2011. VRESCo--Vienna runtime environment for service-oriented computing. In Service Engineering, S. Dustdar and F. Li (Eds.). Springer, 299--324.Google ScholarGoogle Scholar
  48. S.-Y. Hwang, E.-P. Lim, C.-H. Lee, and C.-H. Chen. 2008. Dynamic web service selection for reliable web service composition. IEEE Trans. Serv. Comput. 1, 2 (Apr. 2008), 104--116. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. C. Irvine and T. Levin. 1999. Toward a taxonomy and costing method for security services. In Proceedings of the 15th Annual Conference on Computer Security Applications (ACSAC’99). Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. F. Kerschbaum and P. Robinson. 2009. Security architecture for virtual organizations of business web services. J. Syst. Arch. 55, 4 (Apr. 2009), 224--232. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. K. M. Khan, A. Erradi, S. Alhazbi, and J. Han. 2012. Security oriented service composition: A framework. In Proceedings of the 8th International Conference on Innovations in Information Technology (IIT’12).Google ScholarGoogle Scholar
  52. K. M. Khan and Q. Malluhi. 2010. Establishing trust in cloud computing. IT Profess. 12, 5 (Sep.-Oct. 2010), 20--27. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. J. M. Ko, C. O. Kim, and I.-H. Kwon. 2008. Quality-of-service oriented web service composition algorithm and planning architecture. J. Syst. Softw. 81, 11 (Nov. 2008), 2079--2090. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. D. Kourtesis, E. Ramollari, D. Dranidis, and I. Paraskakis. 2010. Increased reliability in SOA environments through registry-based conformance testing of Web services. Product. Plan. Contr. 21, 2 (Jun. 2010), 130--144.Google ScholarGoogle Scholar
  55. M. Krotsiani, G. Spanoudakis, and C. Kloukinas. 2015. Monitoring-based certification of cloud service security. In Proceedings of the International Symposium on Secure Virtual Infrastructures, Cloud and Trusted Computing 2016 (C8TC’15).Google ScholarGoogle Scholar
  56. M. Lallali, F. Zaidi, A. Cavalli, and I. Hwang. 2008. Automatic timed test case generation for web services composition. In Proceedings of the 6th IEEE European Conference on Web Services (ECOWS’08). Google ScholarGoogle ScholarDigital LibraryDigital Library
  57. A. Landro. 2013. The Benefits of Cloud-based BPM. Retrieved from http://tinyurl.com/hk9jy9g.Google ScholarGoogle Scholar
  58. A.L. Lemos, F. Daniel, and B. Benatallah. 2016. Web service composition: A survey of techniques and tools. Comput. Surv. 48, 3 (Feb. 2016), 33:1--33:41. Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. B. Li, D. Qiu, H. Leung, and D. Wang. 2012. Automatic test case selection for regression testing of composite service based on extensible BPEL flow graph. J. Syst. Softw. 85, 6 (Jun. 2012), 1300--1324. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. H. Liang, X. Feng, and M. Fu. 2014. Rely-guarantee-based simulation for compositional verification of concurrent program transformations. ACM Trans. Program. Lang. Syst. 36, 1, Article 3 (Mar. 2014), 3:1--3:55 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Sebastian Lins, Pascal Grochol, Stephan Schneider, and Ali Sunyaev. 2016. Dynamic certification of cloud services: Trust, but verify! IEEE Secur. Priv. 14, 2 (2016), 66--71. Google ScholarGoogle ScholarDigital LibraryDigital Library
  62. S. Lins, S. Schneider, and A. Sunyaev. 2016. Trust is good, control is better: Creating secure clouds by continuous auditing. IEEE Trans. Cloud Comput. 6, 3 (2018), 890--903.Google ScholarGoogle ScholarCross RefCross Ref
  63. Yutu Liu, Anne H. Ngu, and Liang Z. Zeng. 2004. QoS computation and policing in dynamic web service selection. In Proceedings of the 13th International World Wide Web Conference on Alternate Track Papers 8 Posters (WWW Alt.’04). Google ScholarGoogle ScholarDigital LibraryDigital Library
  64. W. Lu, X. Hu, S. Wang, and X. Li. 2014. A multi-criteria QoS-aware trust service composition algorithm in cloud computing environments. Int. J. Grid Distrib. Comput. 7, 1 (2014), 77--88.Google ScholarGoogle ScholarCross RefCross Ref
  65. H. Ma, F. Bastani, I.-L. Yen, and H. Mei. 2013. QoS-driven service composition with reconfigurable services. IEEE Trans. Serv. Comput. 6, 1 (Apr. 2013), 20--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  66. H. Mantel. 2000. Possibilistic definitions of security-an assembly kit. In Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW’00). Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. R. Mateescu and S. Rampacek. 2008. Formal modeling and discrete-time analysis of BPEL web services. In Advances in Enterprise Engineering I, J. L. G. Dietz (Ed.). Lecture Notes in Business Information Processing, Vol. 10. Springer Berlin, 179--193.Google ScholarGoogle Scholar
  68. B. Medjahed, A. Bouguettaya, and A. K. Elmagarmid. 2003. Composing web services on the semantic web. VLDB J. 12, 4 (Nov. 2003), 333--351. Google ScholarGoogle ScholarDigital LibraryDigital Library
  69. S. Mouchawrab, L. C. Briand, Y. Labiche, and M. Di Penta. 2011. Assessing, comparing, and combining state machine-based testing and structural testing: A series of experiments. IEEE Trans. Softw. Eng. 37, 2 (Mar. 2011), 161--187. Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. A. Munoz and A. Mana. 2013. Bridging the GAP between software certification and trusted computing for securing cloud computing. In Proceedings of the 9th IEEE World Congress on Services (SERVICES ;13). Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web Services Security: SOAP Message Security 1.1. OASIS. Retrieved from http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SOAPMessageSecurity.pdf.Google ScholarGoogle Scholar
  72. M. Najafi, K. Sartipi, and N. Archer. 2018. Formal Verification and Validation of Web Service Composition Certifier. Retrieved August 2018 from http://www.cas.mcmaster.ca/ najafm/journal4.pdf.Google ScholarGoogle Scholar
  73. Y. Ni, S.-S. Hou, L. Zhang, J. Zhu, Z. J. Li, Q. Lan, H. Mei, and J.-S. Sun. 2013. Effective message-sequence generation for testing BPEL programs. IEEE Trans. Serv. Comput. 6, 1 (Apr. 2013), 7--19. Google ScholarGoogle ScholarDigital LibraryDigital Library
  74. OMG 2011. Business Process Model and Notation (BPMN)--Version 2.0. OMG. Retrieved from http://www.omg.org/spec/BPMN/2.0/PDF/.Google ScholarGoogle Scholar
  75. OpenText 2016. BPM in the Cloud. OpenText. Retrieved October 2016 from http://tinyurl.com/jfx4pn5.Google ScholarGoogle Scholar
  76. Oracle 2015. Oracle Process Cloud Service. Oracle. Retrieved from http://tinyurl.com/jj3skoa.Google ScholarGoogle Scholar
  77. C. Pautasso. 2009. RESTful web service composition with BPEL for REST. Data Knowl. Eng. 68, 9 (2009), 851--866. Google ScholarGoogle ScholarDigital LibraryDigital Library
  78. PCI Security Standards Council 2015. Payment Card Industry (PCI) Data Security Standard--Requirements and Security Assessment Procedures--Version 3.1. PCI Security Standards Council. Retrieved from http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.Google ScholarGoogle Scholar
  79. S. Pearson. 2011. Toward accountability in the cloud. IEEE Internet Comput. 15, 4 (Jul.-Aug. 2011), 64--69. Google ScholarGoogle ScholarDigital LibraryDigital Library
  80. C. Peltz. 2003. Web services orchestration and choreography. Computer 36, 10 (Oct. 2003), 46--52. Google ScholarGoogle ScholarDigital LibraryDigital Library
  81. L. Pino and G. Spanoudakis. 2012. Finding secure compositions of software services: Towards a pattern based approach. In Proceedings of the 5th IFIP Internation Conference on New Technologies, Mobility 8 Security (NTMS’12).Google ScholarGoogle Scholar
  82. A. Pnueli. 1977. The temporal logic of programs. In Proceedings of the 18th Annual Symposium on Foundations of Computer Science (SFCS’77). Google ScholarGoogle ScholarDigital LibraryDigital Library
  83. H. Rasheed. 2014. Data and infrastructure security auditing in cloud computing environments. Int. J. Inf. Manage. 34, 3 (Jun. 2014), 364--368.Google ScholarGoogle ScholarCross RefCross Ref
  84. S. Rossi. 2010. Model checking adaptive multilevel service compositions. In Proceedings of the International Conference on Formal Aspects of Component Software (FACS’10). Google ScholarGoogle ScholarDigital LibraryDigital Library
  85. D. Sanán, Y. Zhao, Z. Hou, F. Zhang, A. Tiu, and Y. Liu. 2017. CSimpl: A rely-guarantee-based framework for verifying concurrent programs. In Proceedings of the 23rd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’17).Google ScholarGoogle Scholar
  86. W. She, I.-L. Yen, B. Thuraisingham, and E. Bertino. 2013. Security-aware service composition with fine-grained information flow control. IEEE Trans. Serv. Comput. 6, 3 (Jul. 2013), 330--343. Google ScholarGoogle ScholarDigital LibraryDigital Library
  87. P. Stephanow, G. Srivastava, and J. Schutte. 2016. Test-based cloud service certification of opportunistic providers. In Proceedings of the 9th IEEE International Conference on Cloud Computing (CLOUD’16).Google ScholarGoogle Scholar
  88. H. N. Talantikitea, D. Aissanib, and N. Boudjlidac. 2009. Semantic annotations for web services discovery and composition. Comput. Stand. Interfaces 31, 6 (Nov. 2009), 1108--1117. Google ScholarGoogle ScholarDigital LibraryDigital Library
  89. W. Tan, Y. Fan, and M.C. Zhou. 2009. A petri net-based method for compatibility analysis and composition of web services in business process execution language. IEEE Trans. Automat. Sci. Eng. 6, 1 (Jan. 2009), 94--106.Google ScholarGoogle ScholarCross RefCross Ref
  90. H. Tout, A. Mourad, H. Yahyaoui, C. Talhi, and H. Otrok. 2012. Towards a BPEL model-driven approach for Web services security. In Proceedings of the 10th Annual International Conference on Privacy, Security and Trust (PST’12). Google ScholarGoogle ScholarDigital LibraryDigital Library
  91. W.-T. Tsai, P. Zhong, J. Balasooriya, Y. Chen, X. Bai, and J. Elston. 2011. An approach for service composition and testing for cloud computing. In Proceedings of the 10th International Symposium on Autonomous Decentralized Systems (ISADS’11). Google ScholarGoogle ScholarDigital LibraryDigital Library
  92. USA Department of Defence 1985. Department Of Defense Trusted Computer System Evaluation Criteria. USA Department of Defence. Retrieved from http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt.Google ScholarGoogle Scholar
  93. E. van Veenendaal. 2018. Standard Glossary of Terms Used in Software Testing Version 2.2. International Software Testing Qualifications Board. Retrieved August 2018 from http://www.astqb.org/educational-resources/glossary.php.Google ScholarGoogle Scholar
  94. H. D. Vo, D. C. Phung, V. Q. Dung, and V.-H. Nguyen. 2012. Securing data in composite web services. In Proceedings of the 4th International Conference on Knowledge and Systems Engineering (KSE’12). Danang, Vietnam. Google ScholarGoogle ScholarDigital LibraryDigital Library
  95. J. Yu, J. Han, S. O. Gunarso, and S. Versteeg. 2013. A business protocol unit testing framework for web service composition. In Proceedings of the 25th International Conference on Advanced Information Systems Engineering (CAiSE 2013). Valencia, Spain. Google ScholarGoogle ScholarDigital LibraryDigital Library
  96. L. Zeng, B. Benatallah, A. H. H. Ngu, M. Dumas, J. Kalagnanam, and H. Chang. 2004. QoS-aware middleware for web services composition. IEEE Trans. Softw. Eng. 30, 5 (May 2004), 311--327. Google ScholarGoogle ScholarDigital LibraryDigital Library
  97. H. Zheng, J. Yang, and W. Zhao. 2016. Probabilistic QoS aggregations for service composition. ACM Trans. Web 10, 2, Article 12 (May 2016), 12:1--12:36 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Test-Based Security Certification of Composite Services

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!