A test-based security certification scheme for web services
作者: Marco Anisetti , Claudio A Ardagna , Ernesto Damiani , Francesco Saonara , None
关键词: Service provider 、 Certification 、 Non-functional requirement 、 Web service 、 Software engineering 、 Service-oriented architecture 、 Service (systems architecture) 、 Certified Information Systems Security Professional 、 Test case 、 Computer science 、 Computer security
摘要: The Service-Oriented Architecture (SOA) paradigm is giving rise to a new generation of applications built by dynamically composing loosely coupled autonomous services. Clients (i.e., software agents acting on behalf human users or service providers) implementing such complex typically search and integrate services the basis their functional requirements trust in suppliers. A major issue this scenario relates definition an assurance technique allowing clients select nonfunctional increasing confidence that selected will satisfy requirements. In article, we first present solution focuses security supports test-based certification scheme for Web driven properties be certified relies upon formal model. evidence supporting property computed using model-based testing approach that, starting from model, automatically generates test cases used certification. We also define set indexes metrics evaluate level quality process. Finally, our evaluation toolkit experimental results obtained applying financial Interactive Financial eXchange (IFX) standard.
acm.org
sci-hub.se 参考文章(54)
Lina Bentakouk, Pascal Poizat, Fatiha Zaïdi, Checking the Behavioral Conformance of Web Services with Symbolic Testing and an SMT Solver Tests and Proofs. pp. 33- 50 ,(2011) , 10.1007/978-3-642-21768-5_4
Jan Tretmans, Model-Based Testing and Some Steps towards Test-Based Modelling formal methods. pp. 297- 326 ,(2011) , 10.1007/978-3-642-21455-4_9
Marco Anisetti, Claudio A. Ardagna, Ernesto Damiani, Certifying Security and Privacy Properties in the Internet of Services Springer, Milano. pp. 221- 234 ,(2011) , 10.1007/978-88-470-1818-1_17
Roberto Gorrieri, Riccardo Focardi, Fabio Martinelli, Classification of Security Properties - Part II: Network Security. FOSAD. pp. 139- 185 ,(2002)
Lars Frantzen, Maria de las Nieves Huerta, Zsolt Gere Kiss, Thomas Wallet, On-The-Fly Model-Based Testing of Web Services with Jambition web services and formal methods. pp. 143- 157 ,(2009) , 10.1007/978-3-642-01364-5_9
Henry Muccini, Software Testing: Testing New Software Paradigms and New Artifacts Wiley Encyclopedia of Computer Science and Engineering. ,(2008) , 10.1002/9780470050118.ECSE403
Taso H.-S. Jacob, Jerry Zayu Gao, Jacob Tsao, Ye Wu, Testing and Quality Assurance for Component-Based Software ,(2003)
Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, A survey of attacks on web services Classification and countermeasures Computer Science - Research and Development. ,vol. 24, pp. 185- 197 ,(2009) , 10.1007/S00450-009-0092-6
Debra S. Herrmann, Using the Common Criteria for IT Security Evaluation ,(2002)
ChangSup Keum, Sungwon Kang, In-Young Ko, Jongmoon Baik, Young-Il Choi, Generating Test Cases for Web Services Using Extended Finite State Machine Lecture Notes in Computer Science. pp. 103- 117 ,(2006) , 10.1007/11754008_7