Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
Tisa: Towards Trustworthy Services in a Service-oriented Architecture
[go: Go Back, main page]

Department of Computer Science

Laboratory for Software Design

The research and educational activities described on these pages has been supported in part by the US National Science Foundation (NSF) under grants CCF-11-17937, CCF-10-17334, CNS-07-09217, CNS-06-27354, and a CAREER award 08-46059.

Got a question?

Got a question or comment? Contact us at (515) 294-6168 or hridesh@iastate.edu.

Tisa: Towards Trustworthy Services in a Service-oriented Architecture

By Hridesh Rajan and Mahantesh Hosamani

Abstract

Verifying whether a service implementation is conforming to its service-level agreements is important to inspire confidence in services in a service-oriented architecture. A part of these agreements, in particular those that are functional in nature, can be checked by observing the published interface of the service, but other agreements that are more non-functional in nature, are often verified by deploying a monitor that observes the execution of the service implementation.

A key problem is that such a monitor must execute in an untrusted environment (at the service provider's site). Thus, integrity of the results reported by such a monitor crucially depends on its integrity.

The key technical contribution of this article is an extension of the traditional notion of a service-oriented architecture that allows clients, brokers and providers to negotiate and validate the integrity of a requirements monitor. We describe an approach, based on hardware-based root of trust, for verifying the integrity of a requirements monitor executing in an untrusted environment. We make two basic claims: first, that it is feasible to realize our approach using existing hardware and software solutions, and second, that integrity verification can be done at a relatively small overhead. To evaluate our feasibility claim, we present a realization of our approach using a commercial requirements monitor. To measure overhead, we have conducted a case study using a collection of web service implementations available with Apache Axis implementation.

Bibliographic Information

@article{Rajan-Hosamani-08,
author = {Hridesh Rajan and Mahantesh Hosamani},
title = {Tisa: Towards Trustworthy Services in a Service-oriented Architecture},
journal = {IEEE Transactions on Services Computing (SOC)},
volume = {1},
number = {},
year = {2008},
publisher = {IEEE Computer Society},
address = {Washington, DC, USA},
}

Full paper: PDF