Samuel Paul Kaluvuri

SAFAX – An Extensible Authorization Service for Cloud Environments

Cloud storage services have become increasingly popular in recent years. Users are often registered to multiple cloud storage services that suit different needs. However, the ad-hoc manner in which data sharing between users is implemented leads to issues for these users. For instance, users are required to define different access control policies for each cloud service they use and are responsible for synchronizing their policies across different cloud providers. Users do not have access to a uniform and expressive method to deal with authorization. Current authorization solutions cannot be applied as-is, since they cannot cope with challenges specific to cloud environments. In this paper, we analyze the challenges of data sharing in multi-cloud environments and propose SAFAX, an XACML based authorization service designed to address these challenges. SAFAXs architecture allows users to deploy their access control policies in a standard format, in a single location, and augment policy evaluation with information from user selectable external trust services. We describe the architecture of SAFAX, a prototype implementation based on this architecture, illustrate the extensibility through external trust services and discuss the benefits of using SAFAX from both the users and cloud providers perspectives.

Towards Security Certification Schemas for the Internet of Services

The Internet of Services (IoS) has become the dominant paradigm for building applications in an ad-hoc, dynamic fashion by composing services from a variety of different providers. While the business value of the IoS is undoubted, security and trustworthiness concerns still constitute an obstacle for uptake. In this paper we argue that security certification is a valid means to address these issues. However, existing certification schemes addressing static systems and environments do not scale to the IoS and, thus, cannot be straightforwardly adapted. We investigate into the reasons for the lack of scale and conclude that three areas need to be addressed: explicit representation, machine readability, and advanced composition support. For each of these areas, we sketch solutions and identify further challenges.

Towards a trustworthy service marketplace for the future internet

Digital economy is moving towards offering advanced business services, integrated into different applications and consumed from heterogeneous devices. Considering the success of actual software marketplaces, it is possible to foresee that Service Marketplaces (SM) will play a key role for the future Internet of Services. At present, on all offered software, marketplace operators define requirements that are common, and are validated before admitting them. However, the requirements, the validation process, and its results are not completely evident to the service consumers, resulting in a significant shortcoming especially with respect to security characteristics. In addition, having common security requirements for all services and applications makes the validation possibly inadequate to address the specific requirements that consumers may have. In order to address these points, we propose the concept of a trustworthy service marketplace for the upcoming Internet of Services, where the security characteristics of services are certified and treated as first-class entities, represented in a machine-processable format. This allows service consumers --- either human end-users or computer agents --- to reason about these security features and to match them with their specific security requirements.

A Data-Centric Approach for Privacy-Aware Business Process Enablement

In a SOA context, enterprises can use workflow technologies to orchestrate available business processes and their corresponding services and apply business rules or policies to control how they can be used and who can use them. This approach becomes a bit more complex when a set of business processes includes services that derive outside the company’s domain and therefore can be difficult to align with existing rules/policies. In the privacy and security domain, access control and policy languages are used to define what actions can be performed on resources, by whom, for what purpose and in what context. In this paper we propose an approach for dealing with the inclusion of internal and/or external services in a business process that contains data handling policies.

Ensuring trust in service consumption through security certification

The service-based paradigm is enabling new models of software provisioning based on cloud architectures. An increasing number of organizations are either providing their software as a service or acting as enablers by providing platforms on which service providers can offer their services. However the service implementations and the characteristics of the underlying cloud architectures are often opaque to the service consumers. The resulting deficit of trust on the security of such services is hampering the adoption of these new software paradigms by the industry. In this paper, we discuss an approach for security certification of services that can help fill this trust deficit, and we analyze the challenges that we face in realizing this approach. In particular, we concentrate on the problem of ensuring a robust binding between a security certificate and the corresponding service, outlining some possible approaches to tackle this issue.

Towards a Linked Data Vocabulary for the Certification of Software Properties

In order to cater for a growing user base that requires varied functionalities and owns multiple devices, software providers are using cloud solutions as the preferred technical means. In fact, all major operating systems come with a tight integration to cloud services. Software solutions that have such integration with cloud services should disclose (transparency) this to the consumer. Furthermore, with mounting concerns over the security of software, consumers are demanding assurance over the software being used. Software certification can address both issues: security and transparency of software, thereby providing comprehensive assurance to consumers. However current software certifications are tailored for human consumption and represented in natural language, a major issue that hinders automated reasoning to be performed on them. Focused research efforts in the past few years have resulted in a Digital Certification concept, a machine process able representation of certifications, that can cater to different software provisioning models. We extend the notion of a Digital Certification by using the Linked Data vocabulary to express general characteristics of software systems that benefits from existing and future knowledge from the Linked Data community. This greatly increases the usability of such Digital Certifications and has a wider impact on the Software certification landscape.

A Quantitative Analysis of Common Criteria Certification Practice

The Common Criteria (CC) certification framework defines a widely recognized, multi-domain certification scheme that aims to provide security assurances about IT products to consumers. However, the CC scheme does not prescribe a monitoring scheme for the CC practice, raising concerns about the quality of the security assurance provided by the certification and questions on its usefulness. In this paper, we present a critical analysis of the CC practice that concretely exposes the limitations of current approaches. We also provide directions to improve the CC practice.

Bringing Common Criteria Certification to Web Services

Solutions based on service-oriented architecture are gaining popularity. However a wider adoption, especially for business critical functions, is hampered by the trust deficit that exists between consumers and providers, as consumers are shielded from the service architectures and the operation of the service itself. Security certification can be used as a means to bridge this trust deficit. Common Criteria for Information Technology Evaluation (CC) is a widely recognized and used security certification scheme. However, the CC scheme was tailored to provide assurance for traditional software provisioning models and hence cannot be applied to SOA solutions as is. In this paper, we present the limitations of the CC scheme when applied in SOA, the challenges that must be overcome for its adoption and possible directions through which some of those challenges can be met. In particular, we point out that CC scheme should be extended to allow for dynamic evaluation of deployed systems (which includes the operational environment) and for handling assurance of composite services.

Towards a development environment to orchestrate services with certified security properties

Because of their nature and due to the technology on which they are currently based, service-oriented systems face important challenges related to security and trust. The lack of visibility of important information about service internals and about the operational environment in which they are operated, is hampering the adoption of a truly open service-oriented paradigm to realise applications composed of services coming from outside of the boundaries of a single organisation. The Assert4Soa project is investigating ways to address this challenge by proposing a novel approach to the certification of security properties, targeting specifically software services. In this paper we introduce an integrated environment, under development in the context of Assert4Soa, that supports the implementation of service-based applications built from services with certified security properties.

A Certification-Aware Service-Oriented Architecture

The widespread development of Service-Oriented Architecture (SOA) and web services is changing the traditional view of information technology. Today, software applications are increasingly distributed and consumed as a service, and business processes are implemented by selecting and composing services provided by different suppliers at run-time and with a minimal human intervention. In this scenario, where services are usually selected on the basis of clients’ functional preferences, the risk of providing powerful but insecure applications raises, and the problem of guaranteeing and preserving the security of services and business processes becomes stringent. To this aim, we put forward the idea that security certification techniques can be adopted to provide the evidence that a service system has some security properties and behaves as expected. However, existing security certification techniques are not well-suited to the service scenario, since they are designed for static and monolithic software and then cannot support the intrinsic SOA dynamics. In this chapter, we discuss recent developments in the area of extending security certifications to web services. In particular, we first review current certification approaches, and highlight requirements and challenges for applying them to the service ecosystem. We then present an advanced methodology for security certification based on testing, as a crucial part of a novel approach for security certification developed in the context of the FP7 EU project Advanced Security Service cERTificate for SOA (Assert4Soa).