Behavioral Attestation for Web Services Based Business Processes

Authors:
Masoom Alam;Mohammad Nauman;Xinwen Zhang;Tamleek Ali;Patrick C. K. Hung;Quratulain Alam
Affiliations:
Institute of Management Sciences, Pakistan;Institute of Management Sciences, Pakistan;Samsung Information Systems America, USA;Institute of Management Sciences, Pakistan;University of Ontario Institute of Technology, Canada;Institute of Management Sciences, Pakistan
Venue:
International Journal of Web Services Research
Year:
2010

Citing 14
Cited 0

SecureFlow: a secure Web-enabled workflow management system

RBAC '99 Proceedings of the fourth ACM workshop on Role-based access control
Securing XML Documents with Author-X

IEEE Internet Computing
First experiences using XACML for access control in distributed systems

Proceedings of the 2003 ACM workshop on XML security
Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging and More

Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging and More
Property-based attestation for computing platforms: caring about properties, not mechanisms

NSPW '04 Proceedings of the 2004 workshop on New security paradigms
A Trust-Based Context-Aware Access Control Model for Web-Services

Distributed and Parallel Databases
Trusted Computing Platforms: TCPA Technology in Context

Trusted Computing Platforms: TCPA Technology in Context
SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)

SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series)
Design and implementation of a TCG-based integrity measurement architecture

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Modelling, specifying and implementing workflow security in Cyberspace

Journal of Computer Security
A Model-Driven Framework for Trusted Computing Based Systems

EDOC '07 Proceedings of the 11th IEEE International Enterprise Distributed Object Computing Conference
Adaptive Secure Access to Remote Services in Mobile Environments

IEEE Transactions on Services Computing
A Secure Information Flow Architecture for Web Service Platforms

IEEE Transactions on Services Computing
Eclipse: a platform for integrating development tools

IBM Systems Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Service Oriented Architecture SOA is an architectural paradigm that enables dynamic composition of heterogeneous, independent, multi-vendor business services. A prerequisite for such inter-organizational workflows is the establishment of trustworthiness, which is mostly achieved through non-technical measures, such as legislation, and/or social consent that businesses or organizations pledge themselves to adhere. A business process can only be trustworthy if the behavior of all services in it is trustworthy. Trusted Computing Group TCG has defined an open set of specifications for the establishment of trustworthiness through a hardware root-of-trust. This paper has three objectives: firstly, the behavior of individual services in a business process is formally specified. Secondly, to overcome the inherent weaknesses of trust management through software alone, a hardware root of-trust devised by the TCG, is used for the measurement of the behavior of individual services in a business process. Finally, a verification mechanism is detailed through which the trustworthiness of a business process can be verified.