Selecting IT services in the cloud based on security requirements is a difficult task in current marketplaces/app stores. The impact of this can be two-fold, from the user’s side trustworthiness will be hard to discern and from the malevolent service provider’s side this type of environment facilitates the proliferation
of malware. Difficulties increase when considering security requirements for service compositions, and even more looking at large-scale service-based systems, where each service is providing a focused functionality and is orchestrated with a large number of other services to provide application functionality.

SAP Applied Research Security & Trust program will develop answers to these questions such as:

Which security features are exposed by a service composition? 

Are different service providers’ claims enough to infer security features for a complex composition?

...whilst focusing on increasing customer trust in service discovery and provisioning, by providing means to evaluate which service to choose for a composition, according to its security “trustworthiness”.

SAP Applied Research Security and Trust program will come up with methods, concepts and a prototype for a trustworthy service marketplace and application store. SAP will extend this with the usage of service / application certificates that make security properties visible to the consumer and allow for analyzing the security impact of consuming this service or service compositions.

We will contribute to these ideas from its experience in an integrated and multi-disciplinary approach illustrating the drivers of trust and confidence in
Cloud services/applications. Its Trust research is demonstrated by the participation to a number of relevant projects in the area: PRIMELIFE, TAS3, ASSERT4SOA and its participation in the target project FI-WARE.

For more information about research in the area of trust in the cloud please contact stuart.short@sap.com , francesco.di.cerbo@sap.com, Michele.bezzi@dsap.com