A test-based security certification scheme for Web services

ACM Transactions on the Web

Volumn 7, Issue 2, 2013, Pages

  Anisetti, Marco ^a   Ardagna, Claudio A ^a   Damiani, Ernesto ^a   Saonara, Francesco ^b  

^a UNIVERSITY OF MILAN   (Italy)

^b Research and Development Department Rototype SpA   (Italy)

Author keywords

Model based testing; Security certification; Service Oriented Architecture; Symbolic transition systems; Web services

Indexed keywords

CERTIFICATION PROCESS; COMPLEX APPLICATIONS; FUNCTIONAL REQUIREMENT; MODEL BASED TESTING; MODEL-BASED TESTING APPROACHES; NON-FUNCTIONAL REQUIREMENTS; SECURITY CERTIFICATION; SYMBOLIC TRANSITION SYSTEMS;

INFORMATION SERVICES; SERVICE ORIENTED ARCHITECTURE (SOA); WEBSITES;

WEB SERVICES;

EID: 84879910325     PISSN: 15591131     EISSN: 1559114X     Source Type: Journal    
DOI: 10.1145/2460383.2460384     Document Type: Article

References (68)

1. th International Conference on Software Engineering Advances (ICSEA'10).
2. ANISETTI, M.,ARDAGNA, C. A., AND DAMIANI, E. 2011a. Certifying security and privacy properties in the Internet of services. In Trustworthy Internet, G. Bianchi, N. Blefari, and L. Salgarelli, Eds., Springer.
3. th International Conference on Service Computing (SCC'11).
4. BARESI, L. AND DI NITTO, E. 2007. Test and Analysis of Web Services. Springer.
5. BELINFANTE, A. AND FRANTZEN, L. 2012. JTorX - A tool for model-based testing. http://fmt.cs.utwente.nl/ redmine/projects/jtorx
6. th International Conference on Tests and Proofs (TAP'11).
7. BOZKURT, M.,HARMAN, M., AND HASSOUN, Y. 2010. Testing web services: A survey. Tech. rep. TR-10-01. Department of Computer Science, King's College London.
8. CANFORA, G. AND DI PENTA, M. 2009. Service-oriented architectures testing: A survey. Softw. Engin Int. Summer Schools 1, 78-105.
9. th Annual Hawaii International Conference on System Sciences (HICSS'04).
10. CHOWDHURYA, I. AND ZULKERNINE, M. 2011. Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Archit. 57, 3, 294-313.
11. CHUNG, L. AND LEITE, J. C. P. 2009. Non-functional requirements in software engineering. In Conceptual Modeling: Foundations and Applications. Springer, 363-379.
12. th International Conference on Software Engineering (ICSE'95).
13. CHUNG, L.,NIXON, B. A., YU, E., AND MYLOPOULOS, J. 2000. Non-functional Requirements in Software Engineering vol. 5, Springer.
14. DAMIANI, E., ARDAGNA, C. A., AND EL IOINI, N. 2009a. Open Source Systems Security Certification. Springer.
15. th International Conference on World Wide Web (WWW'01).
16. DAMIANI, E., EL IOINI, N., SILLITTI, A., AND SUCCI, G. 2009b.WS-certificate. In Proceedings of the IEEE Congress on Services (SERVICESI'09). Part 1.
17. DAMIANI, E. AND MANA, A. 2009. Toward WS-certificate. In Proceedings of the ACM Workshop on SecureWeb Services (SWS'09).
18. th IEEE International Conference of Service Computing (SCC'11).
19. FALKENBERG, A., JENSEN,M., AND SCHWENK, J. 2012. WS-attacks.org. http://clawslab.nds.rub.de/wiki/index.php/.
20. FOCARDI, R., GORRIERI, R., AND MARTINELLI, F. 2004. Classification of security properties (Part II: Network security). In Foundations of Security Analysis and Design II - Tutorial Lectures, R. Focardi and R. Gorrieri, Eds., Springer.
21. th International Workshop on Web Services and Formal Methods (WS-FM'08).
22. FRANTZEN, L., TRETMANS, J., AND DE VRIES, R. 2006a. Towards model-based testing of web services. In Proceedings of the International Workshop on Web Services - Modeling and Testing (WS-MaTe'06).
23. th International Workshop on Formal Approaches to Software Testing (FATES'04). Lecture Notes in Computer Science, vol. 3395, Springer, 1-15.
24. th InternationalWorkshop on Formal Approaches to Testing and Runtime Verification (FATES/RV'06).
25. GAO, J. Z., TSAO, J.,WU, Y., AND JACOB, T. 2003. Testing and Quality Assurance for Component-Based Software. Artech House, Norwood, M.A.
26. HANNA, S. AND MUNRO, M. 2007. An approach for specification-based test case generation for web services. In Proceedings of the IEEE/ACS International Conference on Computer Systems and Applications (AICCSA'07).
27. HAO, Y., ZHANG, Y., AND CAO, J. 2012. A novel QoS model and computation framework in web service selection. World Wide Web 15, 5-6, 663-684.
28. HECKEL, R. AND LOHMANN, M. 2004. Towards contract-based testing of web services. In Proceedings of the International Workshop on Test and Analysis of Component Based Systems (TACoS'04).
29. th Annual Conference on Computer Security Applications (ACSAC'99).
30. JENSEN, M. 2011. Analysis of Attacks and Defenses in the Context ofWeb Services. Ph.D. thesis, Ruhr-Universit at Bochum, Bochum, Germany.
31. JENSEN, M.,GRUSCHKA, N., AND HERKENHONER, R. 2009. A survey of attacks on web services: Classification and countermeasures. Comput. Sci. Res. Devel. 24, 4, 185-197.
32. th Australian Software Engineering Conference (ASWEC'09).
33. JURJENS, J. 2008. Model-based security testing using UMLsec: A case study. Electron. Not. Theor. Comput. Sci. 220, 1, 93-104.
34. th IFIP International Conference on Testing Communicating Systems (TestCom'06).
35. th International Conference on Ontologies, Databases, and Applications of Semantics (ODBASE'05).
36. KOURTESIS, D.,RAMOLLARI, E., DRANIDIS, D., AND PARASKAKIS, I. 2010. Increased reliability in SOA environments through registry-based conformance testing of web services. Product. Plan. Control 21, 2, 130-144.
37. rd Annual IEEE International Computer Software and Applications Conference (COMPSAC'09).
38. MAO, C. 2009a. A specification-based testing framework for web service-based software. In Proceedings of the IEEE International Conference on Granular Computing (GRC'09).
39. th ACIS International Conference on Software Engineering Research, Management and Applications (SERA'09).
40. MCCABE, T. J. 1976. A complexity measure. IEEE Trans. Softw. Engin. SE-2, 4, 308-320.
41. MENS, T. AND VAN GORP, P. 2005. A taxonomy of model transformation. In Proceedings of the International Workshop on Graph and Model Transformation (GraMoT'05).
42. MICROSOFT 2007. Web services security specifications. Microsoft. http://msdn.microsoft.com/en-us/library/ ms951273.aspx.
43. MUCCINI, H. 2008. Software testing: Testing new software paradigms and new artifacts. InWiley Encyclopedia of Computer Science and Engineering, Wiley, 117.
44. nd Ed. John Wiley and Sons, Hoboken, NJ
45. NADALIN, A.,GOODNER,M., GUDGIN,M., BARBIR, A., AND GRANQVIST, H. 2007. WS-secure conversation 1.3. OASIS. http://docs.oasis-open.org/ws-sx/ws- secureconversation/200512/ws-secureconversation-1.3-os.html.
46. NADALIN, A., KALER, C., MONZILLO, R., AND HALLAM-BAKER, P. 2006. Web services security: SOAP message security 1.1. OASIS. http://www.oasis-open.org/ committees/download.php/16790/wss-v1.1-spec-os- SOAPMessageSecurity.pdf.
47. NOORIAN, Z., FLEMING, M., AND MARSH, S. 2012. Preference-oriented QoS-based service discovery with dynamic trust and reputation management. In Proceedings of the ACM Symposium on Applied Computing (SAC'12).
48. PAPAZOGLOU, M. P. 2003. Web services and business transactions. World Wide Web 6, 1, 49-91. (Pubitemid 39020671)
49. PAPAZOGLOU, M. P., ANDRIKOPOULOS, V., AND BENBERNOU, S. 2011. Managing evolving services. IEEE Softw. 28, 3, 49-55.
50. PAPAZOGLOU, M. P., TRAVERSO, P., DUSTDAR, S., AND LEYMANN, F. 2007. Service-oriented computing: State of the art and research challenges. Comput. 40, 11, 38-45.
51. RAJENDRAN, T., BALASUBRAMANIE, P., AND CHERIAN, R. 2010. An efficient WS-QoS broker based architecture for web services selection. Int. J. Comput. Appl. 1, 9, 79-84.
52. RAN, S. 2003. A model for web services discovery with QoS. ACM SIGecom Exchanges 4, 1, 1-10.
53. RYU, S. H.,CASATI, F.,SKOGSRUD, H.,BETANALLAH, B., AND SAINT-PAUL, R. 2008. Supporting the dynamic evolution of web service protocols in service-oriented architectures. ACM Trans. Web 2, 2, 13:1-13:46.
54. th European Workshop on Dependable Computing (EWDC'09).
55. SCHROTH, C. AND JANNER, T. 2007. Web 2.0 and SOA: Converging concepts enabling the Internet of services. IT Professional 9, 3, 36-41. (Pubitemid 46853333)
56. SEI. 2011. Securing web services for army SOA. http://www.sei.cmu.edu/ solutions/softwaredev/securingwebservices. cfm.
57. SERHANI, M. A., DSSOULI, R., HAFID, A., AND SAHRAOUI, H. 2005. A QoS broker based architecture for efficient web services selection. In Proceedings of the IEEE International Conference on Web Services (ICWS'05).
58. th International Workshop on Innovative Internet Community Systems (IICS'05).
59. th International School on Formal Methods for Eternal Networked Software Systems (SFM'11).
60. th IEEE International Workshop on Object-Oriented Real- Time Dependable Systems (WORDS'03).
61. th IEEE International Symposium on High Assurance Systems Engineering (HASE'02).
62. th IEEE International Symposium on High Assurance Systems Engineering (HASE'07).
63. USA DEPARTMENT OF DEFENCE. 1985. Department Of Defense Trusted Computer System Evaluation Criteria. USA Department of Defence. http://csrc.nist.gov/ publications/secpubs/rainbow/std001.txt.
64. VAN VEENENDAAL, E. 2012. Standard glossary of terms used in software testing version 2.2. International Software Testing Qualifications Board. http://www.astqb.org/documents/ISTQB glossary of testing terms 2.2.pdf.
65. VECELLIO, G. AND THOMAS, W. M. 2001. Issues in the Assurance of Component-Based Software. Mitre. http://www.mitre.org/news/edge perspectives/march 01/vecellio.html.
66. VEDAMUTHU, A. S., ORCHARD, D., HIRSCH, F., HONDO, M., YENDLURI, P., BOUBEZ, T., AND YALCINALP, U. 2007. Web services policy 1.5 - Framework. World Wide Web Consortium (W3C). http://www.w3.org/TR/ws-policy/.
67. WEB SERVICES WORKING GROUP. 2012. IFX web services. Web Services Working Group (WSWG). http://www.ifxforum.org/standards/wswg.
68. th International Conference on Computer Safety, Reliability and Security (SAFECOMP'09).