More Web Proxy on the site http://driver.im/

research-article

Access policy compliance testing in a user centric trust service infrastructure

Authors:

Guglielmo De Angelis,

Sandra WinfieldAuthors Info & Claims

QASBA '11: Proceedings of the International Workshop on Quality Assurance for Service-Based Applications

Pages 33 - 39

https://doi.org/10.1145/2031746.2031757

Published: 14 September 2011 Publication History

Abstract

Access Policy compliance testing within a trust network helps ensure that the services available to users are reliable, secure and trustworthy. In the TAS³ project Access Policy testing is a vital function of the trust network in which users and service providers interact. User-centric security management is enabled by using automated compliance testing using the TAS³ Audit Bus and OCT components to monitor service state and provide users with a new level of privacy protection in networks of services. The components have been deployed and tested in an employability scenario and present a foundation from which a new level of security for emerging service-based applications can be developed.

References

[1]

J. Alhadeff and B. Van Alsenoy, editors. D6.2: Contractual Framework. The TAS³ Consortium, Dec. 2010.

[2]

A. Bertolino. Software testing research: Achievements, challenges, dreams. In L. C. Briand and A. L. Wolf, editors, The Future of Software Engineering, 2007.

Digital Library

[3]

A. Bertolino, G. De Angelis, and A. Polini. (role)cast: A framework for on-line service testing. In Proc. of the 7th International Conference on Web Information Systems and Technologies (WEBIST 2011), May 2011.

[4]

A. Bertolino, G. De Angelis, A. Polini, and A. Sabetta. Trends and research issues in soa validation. In V. Cardellini and alt., editors, Performance and Dependability in Service Computing: Concepts, Techniques and Research Directions. IGI Global, 2011. --- to appear.

[5]

A. Bertolino, F. Lonetti, and E. Marchetti. Systematic XACML request generation for testing purposes. Software Engineering and Advanced Applications, Euromicro Conference, 0:3--11, 2010.

Digital Library

[6]

R. Bhatti, E. Bertino, and A. Ghafoor. A trust-based context-aware access control model for web-services. Distributed and Parallel Databases, 18(1), 2005.

Digital Library

[7]

M. Bozkurt, M. Harman, and Y. Hassoun. Testing web services: A survey. Technical Report TR-10-01, Dep. of Computer Science, King's College London, Jan. 2010.

[8]

T. Candia, editor. Whitepaper: Benefits of Federated Identity to Government. The Liberty Alliance Project, March 2004.

[9]

G. Canfora and M. Di Penta. Service-Oriented Architectures Testing: A Survey. In Proc. of International Summer Schools Software Engineering, volume 5413 of LNCS, pages 78--105. Springer, 2008.

[10]

M. Chu, C. Murphy, and G. Kaiser. Distributed In Vivo Testing of Software Applications. In Proc. of the International Conference on Software Testing, Verification, and Validation, pages 509--512. IEEE Computer Society, 2008.

Digital Library

[11]

J. den Hartog, C. Hütter, S. Trabelsi, and S. Lievens, editors. D5.4: Trust Tool Set. The TAS³ Consortium, Dec. 2010.

[12]

S. Elbaum and M. Diep. Profiling deployed software: assessing strategies and testing opportunities. IEEE Trans. on Software Engineering, 31(4), April 2005.

Digital Library

[13]

C. Geuer-Pollmann and J. Claessens. Web services and web service security standards. Information Security Technical Report, 10(1):15--24, 2005.

Digital Library

[14]

C. Ghezzi and S. Guinea. Run-time monitoring in service-oriented architectures. In Test and Analysis of Web Services, pages 237--264. 2007.

[15]

M. Greiler, H. G. Gross, and A. van Deursen. Evaluation of online testing for services: a case study. In Proc. of the 2nd International Workshop on Principles of Engineering Service-Oriented Systems (PESOS), pages 36--42. ACM, 2010.

Digital Library

[16]

M. J. Harrold. Testing: a roadmap. In ICSE - Future of SE Track, pages 61--72, 2000.

Digital Library

[17]

H. Hinton, M. Hondo, and B. Hutchison. Security patterns within a service-oriented architecture. Technical report, IBM white paper, 2005.

[18]

S. Kellomäki, editor. D2.1: TAS ³ Architecture. The TAS³ Consortium, June 2009.

[19]

T. Kirkham, I. Dahn, D. Chadwick, M. Santos, and S. Winfield. Aggregating policies in user centric, real-time and distributed applications. In Proc. of International Conference for Internet Technology and Secured Transactions (ICITST), pages 1--6, 2009.

[20]

D. Lee, A. N. Netravali, K. K. Sabnani, B. Sugla, and A. John. Passive Testing and Applications to Network Management. In Proc. of the International Conference on Network Protocols. IEEE CS, 1997.

Digital Library

[21]

C. Liu and D. J. Richardson. Software components with retrospectors. In International Workshop on the Role of Software Architecture in Testing and Analysis (ROSATEA), July 1998.

[22]

The OASIS Consortium. Security Assertion Markup Language (SAML) --- Technical Overview, March 2008.

[23]

A. Orso, D. Liang, M. J. Harrold, and R. J. Lipton. Gamma system: continuous evolution of software after deployment. In ISSTA, pages 65--69, 2002.

Digital Library

[24]

P. Pacyna, A. Rutkowski, A. Sarma, and K. Takahashi. Trusted identity for all: Toward interoperable trusted identity management systems. Computer, 42(5):30--32, 2009.

Digital Library

[25]

F. Raimondi, J. Skene, and W. Emmerich. Efficient online monitoring of web-service slas. In Proc. of the 16th International Symposium on Foundations of Software Engineering (FSE), pages 170--180. ACM, 2008.

Digital Library

Cited By

Hermann ELitschauer UFuß J(2012)A Formal Equivalence Classes Based Method for Security Policy Conformance CheckingMultidisciplinary Research and Practice for Information Systems10.1007/978-3-642-32498-7_12(146-160)Online publication date: 2012
https://doi.org/10.1007/978-3-642-32498-7_12

Index Terms

Access policy compliance testing in a user centric trust service infrastructure
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software organization and properties
    1. Software system structures
      1. Software architectures

Recommendations

An Experience of a Lightweight User-Centric Dynamic Service Composition Mechanism
HPCC '11: Proceedings of the 2011 IEEE International Conference on High Performance Computing and Communications

Web Service (WS) composition has become a key element for the development of Service Orient Architecture (SOA) in the Next Generation Network/Next Generation Service (NGN/NGS) Context. From the viewpoint of user centric paradigm, existing work has ...
A semantically enhanced service repository for user-centric service discovery and management

User centricity represents a new trend in the currently flourishing service oriented computing era. By upgrading end-users to prosumers (producer+consumer) and involving them in the process of service creation, both service consumers and service ...
A User-Centric Service Composition Approach
OTM '08: Proceedings of the OTM Confederated International Workshops and Posters on On the Move to Meaningful Internet Systems: 2008 Workshops: ADI, AWeSoMe, COMBEK, EI2N, IWSSA, MONET, OnToContent + QSI, ORM, PerSys, RDDS, SEMELS, and SWWS

Frequently, in SOA, there exists no single service able to perform a given task, but there is a composition of services that can. In a continuously changing world, manual service composition is unrealistic and so is a fully automatic composition process:...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

QASBA '11: Proceedings of the International Workshop on Quality Assurance for Service-Based Applications

September 2011

49 pages

ISBN:9781450308267

DOI:10.1145/2031746

Editors:
Domenico Bianculli
University of Lugano,Switzerland
,
Sam Guinea
Politecnico di MIlano, Italy
,
Andreas Metzger
University of Duisburg-Essen, Germany
,
Andrea Polini
University of Camerino, Italy

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 September 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

QASBA '11

QASBA '11: International Workshop on Quality Assurance for Service-based applications

September 14, 2011

Lugano, Switzerland

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
113
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)1

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hermann ELitschauer UFuß J(2012)A Formal Equivalence Classes Based Method for Security Policy Conformance CheckingMultidisciplinary Research and Practice for Information Systems10.1007/978-3-642-32498-7_12(146-160)Online publication date: 2012
https://doi.org/10.1007/978-3-642-32498-7_12

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents