This Article 
 Bibliographic References 
 Add to: 
Tisa: Toward Trustworthy Services in a Service-Oriented Architecture
October-December 2008 (vol. 1 no. 4)
pp. 201-213
Hridesh Rajan, Iowa State University, Ames
Mahantesh Hosamani, Iowa State University, Ames
Verifying whether a service implementation is conforming to its service-level agreements is important to inspire confidence in services in a service-oriented architecture (SoA). Functional agreements can be checked by observing the published interface of the service, but other agreements that are more non-functional in nature, are often verified by deploying a monitor that observes the execution of the service implementation. A problem is that such a monitor must execute in an untrusted environment. Thus, integrity of the results reported by such a monitor crucially depends on its integrity. We contribute an extension of the traditional SoA, based on hardware-based root of trust, that allows clients, brokers and providers to negotiate and validate the integrity of a requirements monitor executing in an untrusted environment. We make two basic claims: first, that it is feasible to realize our approach using existing hardware and software solutions, and second, that integrity verification can be done at a relatively small overhead. To evaluate feasibility, we have realized our approach using current software and hardware solutions. To measure overhead, we have conducted a case study using a collection of web service implementations available with Apache Axis implementation.

[1] L.-J. Zhang and D.A. Grier, “Service Oriented Computing Is Overrated: Information Infrastructure Problems Cannot be Solved by Service Oriented Computing (soc) Alone. Pro or Con?” Business Week, Nov. 2008.
[2] M.P. Papazoglou and D. Georgakopoulos, “Service-Oriented Computing: Introduction,” Comm. ACM, vol. 46, no. 10, pp. 24-28, 2003.
[3] E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana, “Web Services Description Language (WSDL) 1.1,” technical report, World Wide Web Consortium, 2001.
[4] L. Baresi, C. Ghezzi, and S. Guinea, “Smart Monitors for Composed Services,” Proc. Int'l Conf. Service Oriented Computing (ICSOC '04), pp. 193-202, 2004
[5] F. Barbon, P. Traverso, M. Pistore, and M. Trainotti, “Run-Time Monitoring of Instances and Classes of Web Service Compositions,” Proc. Int'l Conf. Web Services (ICWS '06), pp. 63-71, 2006.
[6] K. Mahbub and G. Spanoudakis, “Run-Time Monitoring of Requirements for Systems Composed of Web-Services: Initial Implementation and Evaluation Experience,” Proc. Int'l Conf. Web Services (ICWS '05), pp. 257-265, 2005.
[7] D. Kuo, A. Fekete, P. Greenfield, S. Nepal, J. Zic, S. Parastatidis, and J. Webber, “Expressing and Reasoning about Service Contracts in Service-Oriented Computing,” Proc. Int'l Conf. Web Services (ICWS '06), pp.915-918, 2006.
[8] M.S. Feather, S. Fickas, A.V. Lamsweerde, and C. Ponsard, “Reconciling System Requirements and Runtime Behavior,” Proc. Int'l Work. Software Specifications & Design (IWSSD '98), p. 50, 1998.
[9] S. Fickas and M.S. Feather, “Requirements Monitoring in Dynamic Environments,” Proc. IEEE Int'l Conf. Requirements Eng. (RE '95), p.140, 1995.
[10] E. Letier, J. Kramer, J. Magee, and S. Uchitel, “Monitoring and Control in Scenario-Based Requirements Analysis,” Proc. Int'l Conf. Software Eng. (ICSE '05), pp. 382-391, 2005.
[11] W. Robinson, “Monitoring Software Requirements Using Instrumented Code,” Proc. Hawaii Int'l Conf. System Sciences (HICSS '02), p. 276.2, 2002.
[12] R. Sailer, X. Zhang, T. Jaeger, and L. van Doorn, “Design and Implementation of a TCG-Based Integrity Measurement Architecture,” Proc. 13th Usenix Security Symp., pp. 223-238, Aug. 2004.
[13] R. Sailer, L. van Doorn, and J.P. Ward, “The Role of TPM in Enterprise Security,” Technical Report, IBM Research, Oct. 2004.
[14] M. Hosamani, H. Narayanappa, and H. Rajan, “How to Trust Web Services Monitor Executing in an Untrusted Environment?” Proc. Third Int'l Conf. Next Generation Web Services Practices, pp. 79-84, Oct. 2007.
[15] M. Hosamani, H. Narayanappa, and H. Rajan, “Monitoring the Monitor: An Approach Towards Trustworthiness in Service Oriented Architecture,” Proc. Second Int'l Workshop Service Oriented Software Eng. (IW-SOSWE '07), pp. 42-46, Sept. 2007.
[16] C. Kaler et al., “Web Services Security (ws-security),” html ws-security.asp, 2008.
[17] S. Anderson et al., “Web Services Trust Language (wstrust),” , 2008.
[18] H. Skogsrud, B. Benatallah, F. Casati, and F. Toumani, “Managing Impacts of Security Protocol Changes in Service-Oriented Applications,” Proc. IEEE Int'l Conf. Software Eng., 2007.
[19] “Trusted Computing Group,” http:/www.trustedcomputing, 2009.
[20] “TPM Main Part 1 Design Principles Specification Version 1.2,” TPM, 2009.
[21] “Microsoft Next-Generation Secure Computing Base,”, 2008.
[22] S. Bajikar, “Trusted Platform Module (TPM) Based Security on Notebook PCs—white paper,” Technical Report, Mobile Platforms Group Intel Corporation, June 2002.
[23] R. Anderson, “Cryptography and Competition Policy: Issues with 'Trusted Computing',” Proc. 22nd Ann. Symp. Principles of Distributed Computing (PODC '03), pp. 3-10, 2003.
[24] B. Pfitzmann, J. Riordan, C. Stuble, M. Waidner, and A. Weber, “The Perseus Architecture,” Technical Report RZ3335 (#93381), IBM Research Division, Apr. 2001.
[25] A. Sadeghi and C. Stuble, “Taming Trusted Platforms by Operating System Design,” Proc. Fourth Int'l Workshop, Information Security Applications, vol. 2908, 2003.
[26] X. Wang, Y.L. Yin, and H. Yu, “Collision Search Attacks on SHA1,” http://www.cryptome.orgsha-attacks.htm, 2008.
[27] A. Pnueli, “The Temporal Logic of Programs,” Technical Report, Weizmann Science Press, 1997.
[28] E. Tews and M. Hermanowski, “Projektvorstellung tpm4java Trusted Computing fur Java,” http:/, 2009.
[29] “CodeMonitor$^{\rm TM}$ ,” http:/, 2009.
[30] G. Jayaraman, V.P. Ranganath, and J. Hatcliff, “Kaveri: Delivering Indus Java Program Slicer,” Fundamental Approaches to Software Eng., Apr. 2005.
[31] M. Weiser, “Program Slicing,” Proc. Fifth Int'l Conf. Software Eng. (ICSE '81), pp. 439-449, 1981.
[32] K.J. Ottenstein and L.M. Ottenstein, “The Program Dependence Graph in a Software Development Environment,” Proc. Symp. Practical Software Development Environments, pp. 177-184, 1984.
[33] T.W. Reps and W. Yang, “The Semantics of Program Slicing and Program Integration,” Proc. Int'l Conf. Theory and Practice of Software Development (TAPSOFT '89), pp. 360-374, 1989.
[34] H. Rajan, J. Tao, S.M. Shaner, and G.T. Leavens, “Tisa: A Language Design and Modular Verification Technique for Temporal Policies in Web Services,” Technical Report, Mar. 2009.
[35] J. Edmund, M. Clarke, O. Grumberg, and D.A. Peled, Model Checking. MIT Press, 1999.
[36] BCEL Homepage, http://jakarta.apache.orgbcel, 2009.
[37] G. Kiczales, E. Hilsdale, J. Hugunin, M. Kersten, J. Palm, and W.G. Griswold, “An Overview of AspectJ,” Proc. (ECOOP '01), pp. 327-353, 2001.
[38] M. Mezini and K. Ostermann, “Conquering Aspects with Caesar,” Proc. Second Int'l Conf. Aspect-Oriented Software Development (AOSD'03), pp. 90-99, 2003.
[39] H. Rajan and K.J. Sullivan, “Need for Instance Level Aspect Language with Rich pointcut Language,” SPLAT: Software Eng. Properties of Languages for Aspect Technologies, Mar. 2003.
[40] H. Rajan and K.J. Sullivan, “Eos: Instance-Level Aspects for Integrated System Design,” Proc. European Software Eng. Conf. held jointly with the 11th ACM SIGSOFT Int'l Symp. Foundations of Software E ngineering (ESEC/FSE-11), pp. 297-306, Sept. 2003.
[41] R. Dyer and H. Rajan, “Nu: A Dynamic Aspect-Oriented Intermediate Language Model and Virtual Machine for Flexible Runtime Adaptation,” Proc. Seventh Int'l Conf. Aspect-Oriented Software Development (AOSD '08), 2008.
[42] C. Bockisch, M. Haupt, M. Mezini, and K. Ostermann, “Virtual Machine Support for Dynamic Join Points,” Proc. Third Int'l Conf. Aspect-Oriented Software Development (AOSD '04), pp. 83-92, 2004.
[43] V. Haldar and M. Franz, “Symmetric Behavior-Based Trust: A New Paradigm for Internet Computing,” Proc. Workshop New Security Paradigms (NSPW '04), pp. 79-84, 2004.
[44] S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, and H. Maruyama, “WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services,” Proc. IEEE Int'l Conf. Web Services (ICWS '05), July 2005.
[45] Y. Katsuno, Y. Watanabe, S. Yoshihama, T. Mishina, and M. Kudoh, “Layering Negotiations for Flexible Attestation,” Proc. First ACM Workshop Scalable Trusted Computing, Nov. 2006.
[46] S. Park, L. Liu, C. Pu, M. Srivatsa, and J. Zhang, “Resilient Trust Management for Web Service Integration,” Proc. IEEE Int'l Conf. Web Services (ICWS '05), pp. 499-506, 2005.
[47] A. Rezgui, M. Ouzzani, A. Bouguettaya, and B. Medjahed, “Preserving Privacy in Web Services,” Proc. ACM Workshops Web Information and Data Management (WIDM '02), pp. 56-62, 2002.
[48] H. Wada, J. Suzuki, and K. Oba, “Modeling Non-Functional Aspects in Service Oriented Architecture,” Proc. IEEE Int'l Conf. Services Computing (SCC '06), pp. 222-229, 2006.
[49] G. Canfora and M.D. Penta, “Testing Services and Service-Centric Systems: Challenges and Opportunities,” IT Professional, vol. 8, no. 2, pp. 1-17, 2006.
[50] M. Abadi and A.D. Gordon, “A Calculus for Cryptographic Protocols: The Spi Calculus,” Proc. Fourth ACM Conf. Computer and Comm. Security (CCS '97), pp. 36-47, 1997.
[51] A.D. Gordon and R. Pucella, “Validating a Web Service Security Abstraction by Typing,” Formal Aspects of Computing, vol. 17, no. 3, pp. 277-318, Oct. 2005.

Index Terms:
Assertion checkers, assertion languages, performance, Verification, Monitors, Domain-specific architectures, Validation
Hridesh Rajan, Mahantesh Hosamani, "Tisa: Toward Trustworthy Services in a Service-Oriented Architecture," IEEE Transactions on Services Computing, vol. 1, no. 4, pp. 201-213, Oct.-Dec. 2008, doi:10.1109/TSC.2008.18
Usage of this product signifies your acceptance of the Terms of Use.