Advanced Security Service cERTificate for SOA. (ASSERT4SOA )
Today’s certification schemes simply do not provide, from an end-user perspective, a reliable way to assess the trustworthiness of a composite applications in the context where (and at the time when) it will be actually executed. ASSERT4SOA will fill this gap by producing novel techniques and tools fully integrated within the SOA lifecycle for expressing, assessing and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems.
Today’s certification schemes simply do not provide, from an end-user perspective, a reliable way to assess the trustworthiness of a composite applications in the context where (and at the time when) it will be actually executed. ASSERT4SOA will fill this gap by producing novel techniques and tools fully integrated within the SOA lifecycle for expressing, assessing and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems.
The research group leads WP1, which aims to define the language to capture the semantics of certification activities and results for services and service oriented applications, in a machine processable way. In particular the definition of the state-of-the-art of existing certification schemes and standards, and the analysis and characterization of the ASSERT process language module. Furthermore the group is involved in design and deployment of the ASSERT aware service based system as well as the ASSERT4SOA framework.
Development of methods and tools to support certification of SOA based software by providing abstract models for these systems that capture their peculiarities and the security properties they satisfy ; Development of schemes for expressing certification claims in the SOA lifecycle and mechanisms for handling them; Mechanisms and tools enabling to reason about ASSERTs (Advanced Security Service cERTificates) in order to assess the trustworthiness of service based systems at runtime
ASSERT4SOA will produce novel techniques and tools fully integrated within the SOA lifecycle for expressing, assessing and certifying security properties for complex service-oriented applications, composed of distributed software services that may dynamically be selected, assembled and replaced, and running within complex and continuously evolving software ecosystems.
GISUM (Software Engineering Group of the University of Malaga)
Code PAIDI: TIC136
Antonio Maña Gómez. Socio.
Universidad de Málaga
Budget of Andalusian group: € 549,920.00
- SAP AG
- Universita degli Studi di Milano
- Fraunhofer-Gesellschaft Zur Foerderung der angewandten Forschung e.V.
- Engineering - Ingegneria Informatica Spa
- The City University
- Fondazione Ugo Bordon
- Universidad De Málaga
