Abstract
Web services require complex middleware in order to communicate using XML standards. However, this software increases vulnerability to runtime attack and makes remote attestation difficult. We propose to solve this problem by dividing services onto two platforms, an untrusted front-end, implementing the middleware, and a trustworthy back-end with a minimal trusted computing base.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Schellekens, D., Wyseur, B., Preneel, B.: Remote Attestation on Legacy Operating Systems With Trusted Platform Modules. ENTCS 197(1), 59–72 (2008)
The Trusted Computing Group: Website (2009)
Lyle, J., Martin, A.: On the feasibility of remote attestation for web services. In: SecureCom 2009, vol. 3, pp. 283–288 (2009)
Watanabe, Y., Yoshihama, S., Mishina, T., Kudo, M., Maruyama, H.: Bridging the Gap Between Inter-communication Boundary and Internal Trusted Components. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 65–80. Springer, Heidelberg (2006)
Bangerter, E., Djackov, M., Sadeghi, A.R.: A demonstrative ad hoc attestation system. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol. 5222, pp. 17–30. Springer, Heidelberg (2008)
Gasmi, Y., Sadeghi, A.R., Stewin, P., Unger, M., Asokan, N.: Beyond secure channels. In: STC, pp. 30–40. ACM, New York (2007)
OASIS: Web services security: Soap message security 1.1 (2004), http://docs.oasis-open.org/wss/v1.1/
Demchenko, Y., Gommans, L., de Laat, C., Oudenaarde, B.: Web services and grid security vulnerabilities and threats analysis and model. In: GRID. IEEE, Los Alamitos (2005)
Bhalla, N., Kazerooni, S.: Web service vulnerabilities (2007), http://www.blackhat.com/presentations/bh-europe-07/Bhalla-Kazerooni/Whitepaper/bh-eu-07-bhalla-WP.pdf
Gray, N.A.B.: Comparison of web services, java-rmi, and corba service implementation. In: Australasian Workshop on Software and System Architectures (2004)
Wei, J., Singaravelu, L., Pu, C.: A secure information flow architecture for web service platforms. IEEE Trans. on Services Computing 1(2), 75–87 (2008)
Jiang, S., Smith, S., Minami, K.: Securing web servers against insider attack. In: ACSAC, p. 265. IEEE, Los Alamitos (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lyle, J., Martin, A. (2010). Engineering Attestable Services. In: Acquisti, A., Smith, S.W., Sadeghi, AR. (eds) Trust and Trustworthy Computing. Trust 2010. Lecture Notes in Computer Science, vol 6101. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13869-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-13869-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13868-3
Online ISBN: 978-3-642-13869-0
eBook Packages: Computer ScienceComputer Science (R0)