The software marketplace metaphor is increasingly pervasive in today’s digital economy. A software marketplace is a virtual place, where software providers can advertise their services or apps, and customers can browse them; software marketplaces offer a centralized application distribution mechanism that reaches immediately many potential customers, all over the world. Marketplaces dedicated to specific devices or operating environments are nowadays proliferating and they represent a valuable business opportunity for software vendors. In many cases, like for the Apple App Store, Windows Marketplace, or the Amazon Kindle Store, they are evolving to become gateways to entire ecosystems, with a potential audience of millions.
Similarly to apps, services can leverage on the marketplace distribution channel. Service based solutions offer enormous benefits to consumers by insulating them from the complexity of maintaining the IT infrastructure and providing them with large scale inter-organizational inter-operability. However, in the process, important information about the quality of the software is hidden from the consumers, thereby creating a trust deficit on the security of the service that is provided. In addition, the centralized nature of most of software marketplaces results in a “one size fits all” approach towards security checks that are performed on the service by the marketplace operators. This is not appropriate for many security critical applications that are typically characterized by domain- and application-specific requirements. These challanges are hindering the wider adoption of the service marketplace paradigm. We aim to address these challenges
leading to a Service Marketplace (SM) that is suitable for hosting a larger class of security and business critical services. This is the Trustworthy Service Marketplace (TSM).
A number of challenges have to be addressed in order to realize the vision of the TSM. Currently marketplace operators perform admission checks (vetting processes) before admitting an application on the marketplace. However this approach does not scale for different software provisioning scenarios i.e., moving from stand-alone applications with limited interactions and communications to service based systems that are compostions of different services that together offer a specific application functionality.
Consider the example of Dropbox, a file versioning, synchronization and storage service. The Dropbox client that is installed on a device (mobile, pc or browser based) interacts with the Dropbox service which performs versioning operations and stores the data in Amazon S3 by using the service offered by Amazon. In such scenario admission checks can only be performed to ensure the security of the client. For example, Apple App Store admission checks are possible only on the client that is installed on the iOS, but not on the Dropbox service nor on the third party service that is used by Dropbox(amazon s3).
Hence, current admission checks are possible only when the execution environment is under the control of the marketplace operator (such as iOS, Andriod etc), but this may not be the case for future marketplaces, especially service marketplaces.This implies that the current admission checks cannot provide an end-to-end assurance for an application. And so, the security properties that a service provides should be evaluated and consequently be certified by specialized trusted third party entities that have the required domain and application-specific knowledge.
Current certification schemes such as Common Critiera, though widely accepted and successful in providing assurance in monolithic software systems, suffer from severe limitations when applied in a service environment due to economic and technological factors. In addition, the stakeholders, the consumption models of the current certification schemes are modelled for monolithic software and hence are inadequate in a service environment. Some of the short comings of the current certification schemes are due to conceptual reasons. Schemes such as Common Criteria are intentionally designed to be flexible and generic in order to be able to certify different products ranging from software, firmware to hardware. However, this flexibility prevents the schemes from being prescriptive and comparing different products becomes complex. In addition, the current certification schemes are designed in a manner that they cater to a software paradigm where the consumer has control over the operation and exeuction of the product. However, in the service environment, the consumer does not have this capability.
The certification process, and results of the evaluation are captured in a human readable form that do not allow automated reasoning and processing to be performed. This is one of the major challenges that hampers the usage of current security certification schemes to service marketplaces where the security requirements of the consumers must be easily matched with the security properties of the services.
Security Certification of Service – ASSERT4SOA:
Current certification schemes have to tackle new challenges when approaching Internet of Services (IoS), for expressing, evaluating and certifying security properties for service-oriented applications. Therefore, novel models, techniques and tools are much needed; the ASSERT4SOA project aims at providing answers to these requests, defining a specific methodology as well as companion artefacts and tools.
A core feature of the ASSERT4SOA approach is a language, designed to express the security properties of a service as machine-readable, digitally signed statements (Asserts). Another feature is the ASSERT Service Discovery framework which enables consumers to express their functional and security requirements for a service through a dedicated query language and find services that match their requirements using a discovery engine.
In the current SMs, the consumer cannot discover this service, as service discovery based on security properties of services is not supported. Even if the consumer is able to discover the service s, there is still a lack of assurance that the security property of the service is indeed implemented correctly. We aim to overcome these limitations through the concept of Trustworthy Service Marketplace (TSM).
A TSM should augment tradtional service discovery frameworks with the ASSERT Service discovery (ASD) framework that discovers services based on their functional and security properties. The ASD framework allows the SM to discover certified services based on their security and assurance requirements and present them to the consumer. The ASD framework employs a matchmaking system that ranks services based on their “degree of fit” to the consumer’s requirements.
Trustworthy Service Marketplaces can represent a key factor for opening new market perspectives for the future Internet of Services, especially with respect to sensitive critical services and service composition. Trustworthy SMs will serve all their stakeholders with advanced and more secure services, as well as with transparent and evidence-based vetting processes. They will enable refined service discovery operations in marketplaces, also according to specific security requirements. Candidate services shall be then presented to users, along with their security certificates and evidences. In this way, a customer could evaluate each alternative according to her specific operational scenario. We believe that trustworthy SMs can increase the trust and confidence in Internet-based systems, thus enabling even more sensitive operations to take place, in a secure, reliable and effective way.
This work is partially supported by Assert4Soa project (Grant No. 257351 – www.assert4soa.eu).