Tisa: A Specification Language Design and Modular Verification Technique for Web Services.


These pages describes work carried out on specification and modular verification of such non-functional properties as trust, data privacy for web services and service-oriented architectures. The PI is Hridesh Rajan and much of the work is carried out by Mehdi Bagherzadeh, Cavell Rodrigues, and Robert Dyer. This is a collaborative project with Gary T. Leavens from University of Central Florida.

News

Jan 2009: ESOP'09 paper on Tisa

Dec 2008: IEEE transactions on services computing (SOC) paper on Tisa

July 2008: New TR on greybox specification for web services.

Oct 2007: Mahantesh and Harish's paper accepted for NWeSP 2007.

Jun 2007: Mahantesh and Harish's paper accepted for IWSOSE 2007.

How to Trust Web Services Monitor Executing in an Untrusted Environment?

By Mahantesh Hosamani, Harish Narayanappa, and Hridesh Rajan

Abstract

In a service oriented architecture, certain requirements can be tested by observing the interface of the service whereas other requirements such as data privacy, confidentiality and integrity cannot be tested in this way. After deployment, a requirements monitor is used to analyze the conformance of a web service to such requirements. The integrity of the reported conformance results is as good as of the integrity of the monitor especially when the requirements monitor is executing in an untrustworthy environment. In this paper, we propose a hardware-based dynamic attestation mechanism to validate the integrity of the requirements monitor. To evaluate our approach, we have conducted a case study using a commercial requirements monitor and a collection of web service implementations available with Apache Axis implementation. Our case study demonstrates the feasibility of verifying the conformance of a web service executing in an untrustworthy environment.

Bibliographic Information

@inproceedings{hosamani07nwesp,
author={Mahantesh Hosamani and Harish Narayanappa and Hridesh Rajan},
title = {How to Trust Web Services Monitor Executing in an Untrusted Environment?},
booktitle = {3rd International Conference on Next Generation Web Services Practices},
location = {Seoul, Korea},
month = {Oct},
year = {2007},
publisher = {IEEE Computer Society},
address = {Washington, DC},
pages = {To appear},
} 

Full Paper: PDF