A security framework that combines static analysis based on the information provided by the contract and run-time enforcement mechanisms in accordance with the policy in order to guarantee that a system is secure.
Published in Chapter:
Mitigating Security Risks in Web Service Invocations: Contract-Based Approaches
Gabriele Costa (University of Genova, Italy), Roberto Mandati (Institute of Informatics and Telematics of CNR, Italy), Fabio Martinelli (Institute of Informatics and Telematics of CNR, Italy), Ilaria Matteucci (Institute of Informatics and Telematics of CNR, Italy), and Artsiom Yautsiukhin (Institute of Informatics and Telematics of CNR, Italy)
Copyright: © 2014
|Pages: 16
DOI: 10.4018/978-1-4666-6178-3.ch021
Abstract
The pervasiveness of Web services increases the necessity for consumers to access and use them in a secure way. Besides secure communications, consumer security also involves providing strong guarantees that a requested security policy is satisfied. Needless to say, remote services are adverse to most techniques of analysis and control that usually require direct access to either the implementation or the execution. In this chapter, the authors classify service execution paradigms and provide a characterization of the security threats that may affect a Web service infrastructure depending on the elements composing it. In particular, the authors provide a discussion of the threat models for several different Web service paradigms involving service consumers, providers, and platforms, and illustrate how and when contract-based security approaches and its variants can be applied for mitigating risks in service integrations in the identified paradigms.