How to Trust a Web Service Monitor Deployed in an Untrusted Environment?

PDF Download Download Paper

Abstract

In a service oriented architecture, certain requirements can be tested by observing the interface of the service whereas other requirements such as data privacy, confidentiality and integrity cannot be tested in this way. After deployment, a requirements monitor is used to analyze the conformance of a web service to such requirements. The integrity of the reported conformance results is as good as of the integrity of the monitor especially when the requirements monitor is executing in an untrustworthy environment. In this paper, we propose a hardware-based dynamic attestation mechanism to validate the integrity of the requirements monitor. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis implementation. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrustworthy environment.

Bib Info


@inproceedings{hosamani07nwesp,
  author={Mahantesh Hosamani and Harish Narayanappa and Hridesh Rajan},
  title = {How to Trust Web Services Monitor Executing in an Untrusted Environment?},
  booktitle = {3rd International Conference on Next Generation Web Services Practices},
  location = {Seoul, Korea},
  month = {Oct},
  year = {2007},
  publisher = {IEEE Computer Society},
  address = {Washington, DC},
  pages = {To appear},
}