Dealing with non-functional requirements: three experimental studies of a process-oriented approach
Proceedings of the 17th international conference on Software engineering
Fine grained access control for SOAP E-services
Proceedings of the 10th international conference on World Wide Web
Using the Common Criteria for It Security Evaluation
Using the Common Criteria for It Security Evaluation
Web Services and Business Transactions
World Wide Web
Toward a Taxonomy and Costing Method for Security Services
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Extending WSDL to Facilitate Web Services Testing
HASE '02 Proceedings of the 7th IEEE International Symposium on High Assurance Systems Engineering
A model for web services discovery with QoS
ACM SIGecom Exchanges
Testing and Quality Assurance for Component-Based Software
Testing and Quality Assurance for Component-Based Software
Automated Testing of Security Functions Using a Combined Model and Interface-Driven Approach
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
The Art of Software Testing
A QoS Broker Based Architecture for Efficient Web Services Selection
ICWS '05 Proceedings of the IEEE International Conference on Web Services
IEEE Transactions on Software Engineering
Test and Analysis of Web Services
Test and Analysis of Web Services
A Coverage Relationship Model for Test Case Selection and Ranking for Multi-version Software
HASE '07 Proceedings of the 10th IEEE High Assurance Systems Engineering Symposium
Supporting the dynamic evolution of Web service protocols in service-oriented architectures
ACM Transactions on the Web (TWEB)
Model-based Security Testing Using UMLsec
Electronic Notes in Theoretical Computer Science (ENTCS)
Open Source Systems Security Certification
Open Source Systems Security Certification
Service-Oriented Architectures Testing: A Survey
Software Engineering
Towards Specification Based Testing for Semantic Web Services
ASWEC '09 Proceedings of the 2009 Australian Software Engineering Conference
SERVICES '09 Proceedings of the 2009 Congress on Services - I
Towards Model-Based Automatic Testing of Attack Scenarios
SAFECOMP '09 Proceedings of the 28th International Conference on Computer Safety, Reliability, and Security
On a Classification Approach for SOA Vulnerabilities
COMPSAC '09 Proceedings of the 2009 33rd Annual IEEE International Computer Software and Applications Conference - Volume 02
Proceedings of the 2009 ACM workshop on Secure web services
Towards a Hierarchical Testing and Evaluation Strategy for Web Services System
SERA '09 Proceedings of the 2009 Seventh ACIS International Conference on Software Engineering Research, Management and Applications
Quality of Service Attributes in Web Services
ICSEA '10 Proceedings of the 2010 Fifth International Conference on Software Engineering Advances
Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities
Journal of Systems Architecture: the EUROMICRO Journal
IEEE Software
Checking the behavioral conformance of web services with symbolic testing and an SMT solver
TAP'11 Proceedings of the 5th international conference on Tests and proofs
Model-Based Testing of Service-Oriented Applications via State Models
SCC '11 Proceedings of the 2011 IEEE International Conference on Services Computing
Fine-Grained Modeling of Web Services for Test-Based Security Certification
SCC '11 Proceedings of the 2011 IEEE International Conference on Services Computing
A simple approach for testing web service based applications
IICS'05 Proceedings of the 5th international conference on Innovative Internet Community Systems
Generating test cases for web services using extended finite state machine
TestCom'06 Proceedings of the 18th IFIP TC6/WG6.1 international conference on Testing of Communicating Systems
Test generation based on symbolic specifications
FATES'04 Proceedings of the 4th international conference on Formal Approaches to Software Testing
Security ontology for annotating resources
OTM'05 Proceedings of the 2005 OTM Confederated international conference on On the Move to Meaningful Internet Systems: CoopIS, COA, and ODBASE - Volume Part II
A symbolic framework for model-based testing
FATES'06/RV'06 Proceedings of the First combined international conference on Formal Approaches to Software Testing and Runtime Verification
Preference-oriented QoS-based service discovery with dynamic trust and reputation management
Proceedings of the 27th Annual ACM Symposium on Applied Computing
A general approach for a trusted deployment of a business process in clouds
Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystems
| Hi-index | 0.00 |
The Service-Oriented Architecture (SOA) paradigm is giving rise to a new generation of applications built by dynamically composing loosely coupled autonomous services. Clients (i.e., software agents acting on behalf of human users or service providers) implementing such complex applications typically search and integrate services on the basis of their functional requirements and of their trust in the service suppliers. A major issue in this scenario relates to the definition of an assurance technique allowing clients to select services on the basis of their nonfunctional requirements and increasing their confidence that the selected services will satisfy such requirements. In this article, we first present an assurance solution that focuses on security and supports a test-based security certification scheme for Web services. The certification scheme is driven by the security properties to be certified and relies upon a formal definition of the service model. The evidence supporting a certified property is computed using a model-based testing approach that, starting from the service model, automatically generates the test cases to be used in the service certification. We also define a set of indexes and metrics that evaluate the assurance level and the quality of the certification process. Finally, we present our evaluation toolkit and experimental results obtained applying our certification solution to a financial service implementing the Interactive Financial eXchange (IFX) standard.