Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/24474' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Warning: pg_query(): Query failed: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 in /dati/webiit-old/includes/database.pgsql.inc on line 138 Warning: ERROR: missing chunk number 0 for toast value 29512337 in pg_toast_2619 query: SELECT data, created, headers, expire, serialized FROM cache_page WHERE cid = 'https://www-old.iit.cnr.it/en/node/24474' in /dati/webiit-old/includes/database.pgsql.inc on line 159 Contract-based Approaches for Securing Web Services | IIT - CNR - Istituto di Informatica e Telematica
IIT Home Page CNR Home Page

Contract-based Approaches for Securing Web Services

The pervasiveness of web services increases the necessity for consumers to access and use them in a secure way. Consumers should require strong guarantees that their security policies are satised. Unfortunately, Service Oriented Computing (SOC) is adverse to most techniques of control and analysis which, usually, require the direct access to either execution or implementation.

Here, we classify dierent service execution paradigms and their participants. According to the amount of available information about the service we identify the existing threats and the security supports the service consumers can rely on for obtaining actual guarantees. Following our classication, we considered the possibility of applying the Security-by-Contract-with-Trust framework. If correctly implemented, it can mitigate the security risks in the most service composition paradigms.

 


IGI Global, 2013

External authors: Gabriele Costa (Dipartimento di Informatiche, Bioingegneria, Robotica e Ingegneria dei Sistemi Genova)
IIT authors:

Roberto Mandati

Foto di Roberto Mandati

Type: Article in non-ISI Journal with international referees
Field of reference: Computer Science & Engineering