Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services
ESOP '09 Proceedings of the 18th European Symposium on Programming Languages and Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Discovering software process and product quality criteria in software as a service
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Hi-index | 0.00 |
In a service oriented architecture, certain requirements can be tested by observing the interface of the service whereas other requirements such as data privacy, confidentiality and integrity cannot be tested in this way. After deployment, a requirements monitor is used to analyze the conformance of a web service to such requirements. The integrity of the reported conformance results is as good as of the integrity of the monitor especially when the requirements monitor is executing in an untrustworthy environment. In this paper, we propose a hardware-based dynamic attestation mechanism to validate the integrity of the requirements monitor. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrustworthy environment.