Aniketos project presentation
Secure and Trustworthy Composite Services
Wind – July 13th,2012
Wind demo event – July 13th, 2012
Contents
Project overview Aniketos concepts
Security and trust in service composition Application realms (industrial case studies)
Aniketos platform Service lifecycle Capabilities: DT and RT Stakeholders
Aniketos Demo Design of a trustworthy composite service
Wind demo event – July 13th, 2012
Aniketos Project
EU (FP7/2007-2013) funded project (grant no. 257930). The project includes 17 partners from 10
different European countries. Period: Aug 2010 – Jan 2014 (42 months
duration). Aiming to achieve
Provide service developers and providers with a secure service development framework that includes methods, tools and security services that supports the design-time creation and run-time composition of secure dynamic services, where both the services and the threats are evolving.
See http://aniketos.eu for more info.
Wind demo event – July 13th, 2012
Aniketos Concepts Focusing on web services
Services offered ‘in the cloud’ from multiple service providers.
Aniketos plus and key challenges Constantly maintaining the security and
trustworthiness in a service-oriented environment evolving in the cycle of designing, provisioning, delivering and using services.
Security and trustworthiness Design Time (DT) service composition Run-Time (RT) service (re)composition Services will be designed according to
organizational and business views.
Service Provider(s)
Service end user
Trust ?Security ?
Wind demo event – July 13th, 2012
Run-TimeDesign Time
Aniketos Service lifecycleService
Providers
Service
Developers
Compose
Provide
Service
end users
Invoke
Adapt/Recompose
Component changeChange of threatsChange of environment
Discovery and composition support based on trustworthiness, security properties and metrics
Trust and security monitoringThreat notification
End user trust assurance and acceptance Identification of responsible party
Self-protectionTrust evaluationSecurity validation
Wind demo event – July 13th, 2012
Platform Overview
Trustworthiness definitionand evaluation
Trustworthiness monitoringand evaluation
Security property definitionand evaluation
Runtime validation of secure service behaviour
Composite service analysis and preparation
Composite service adaptation and recomposition
Design-time support Runtime support
The Aniketos platform
Community support
Reference architecture and patterns
End user trust and assurance
Threat analysis and notification
Aniketos market place
Service Developers
• Use community support (design, threat analysis)
• Service discovery & composition
• Ensure trust & security
Service Providers
• Use community support (submit, threat notification)
• Monitor trust & security
• Perform adaptationService end users
• Certification programme
• Single point of trust
Wind demo event – July 13th, 2012
Design Time Service Composition analysis Design-time processes
Generic design-time composition
Establish contracts
Discov er serv ice
component candidates
Deploy serv ice
Assemble serv ice
Select serv ice
components
Validate serv ice
Specify serv ice
Serv ice dev eloper
Wind demo event – July 13th, 2012
Involved modules (1 of 2)
Socio-technical security modelling tool
Model transformation module
Trustworthiness Component
Verification Component
Security property determination module
Secure composition planner module
Security policy monitoring module
Threat response recommendation
module
Service threat monitoring module
Notification module
Community support module
Threat repository module
Marketplace
Service composition framework
Training material module
Service runtime environment
Identity management service
Interaction Layer
Data Access Layer
Business Logic Layer
Security-by-Contract Component
Security Requirements Compliance Module
Wind demo event – July 13th, 2012
Involved Modules (2 of 2) STS-tool: to express security needs and requirements on
trustworthiness MTM will provide the mapping between security
requirements specification (SRS) in the STS-model and existing BPMN. The output will be a security EABPM
IdM: to use the framework the service designer must be authenticated
SCF: to design service compositions using Marketplace for store/retrieval of atomic services
Marketplace to support services discovery/announcement SCPM: to receive the composition plans from the SCF and
return those ones that fulfill the trustworthiness requirement TM: to check for the level of trustworthiness
Wind demo event – July 13th, 2012
Aniketos Case Studies
SESAR
Future telecom services
eGovernance: land buying
Air traffic service pool
Wind demo event – July 13th, 2012
Future telecom services
Wind demo event – July 13th, 2012
User story A1
The end user (Bob) owns a mobile device which is equipped with a GPS receiver and a presence enabled VoIP client when accessing the web portal of his TLC Operator.
The services involved are: a. WebShop for general electronic commerce access; b. StoreLocator for making users choose the store where to pick up items selected;
Bob accesses the WebShop application in order to purchase an electronic item he wishes.
Bob requests the help of an assistant by starting a click-to-call VoIP communication
The StoreLocator service gives users two options, 1) a manual selection of the pick-up stores that
can be selected from an offered list; 2) letting StoreLocator service propose a list of
closest stores.
Converged SIP/HTTPapplication
SIP servlets
Application Server Platform
He decides to purchase the item he was interested in
…to collect Bob’s current position information and to generate maps and addresses of the stores which are closer to Bob
Bob selects option 2) for automatic store localization. By doing so a service recomposition is started…
12
3
45
6 7Bob is finally asked to confirm his mail address (that was retrieved through the IdP) to inform him when he can pick-up the purchased item
Wind demo event – July 13th, 2012
User story A2
openAM
HSS
Presence enablerIM
S -
Tel
co
In
tern
et
Resource layer Aniketos layer
Attribute Provider
Enabler Provider
IdMProvider
atomic service
User Profile
REST
Diameter
SIP/XCAP
OMA Enabler(s)atomic service
atomicservice
Identity Providercomposite web service
- Bridging IMS and Internet identity
- Single Sign On
- Multi-factor authentication
- IMS Service Exposure (e.g. user’s attributes and presence)
Marketplace
Wind demo event – July 13th, 2012
Aniketos Benefits
Aniketos provides a powerful platform that will bring benefits to the main actors involved (and related stakeholders) Service Designers / Developers: to support the creation and the delivery
of new innovative services. In general, these developments are commissioned and sponsored by projects funded by Service Providers.
Service Providers: to enhance their portfolio of services and consequently increase the chance for incrementing revenues by attracting new customers or increasing customer retention.
End Users: to increase the appeal for services that are intrinsically secure and reliable, having a single point-of-trust with a clear customer’s relationship.
The exploitation of the project’s results is an important part of the project, since Aniketos set up 4 work packages dedicated to outreach: training, demonstration, communities and dissemination.
Wind demo event – July 13th, 2012
Aniketos Market Segments
Public market: on-line and social shopping but in general all e-Business environments that will offer and deliver services fulfilling security and trustworthiness constraints (i.e. Tourism, Banking, …)
Industry: convergence of ICT and Telco domains, supporting the growing demand for new advanced services to be sold by Service Providers to their customers.
Central and local government: public administrations will face the growing need for offering services to citizens in perfect synergy with the European directives.
Given the nature and potential of the platform we could envisage a gradual introduction in the market either by adopting a pay-per-use mechanism or a periodic fee for Aniketos services offered by the Service Provider to its customers (PaaS could be a possible form of future commercialization).
Aniketos Demo:
Design of a trustworthy composite service
Wind demo event – July 13th, 2012
Demonstration goals
Secure web service composition tools The demo aims to show the exploitation of the secure
composition design time modules: STS-ml & tool: to express the trustworthiness as constraint over
the atomic services involved in the composition Service Composition Framework: to build the business process
to realize the composite service
Application of the design time process to real example Screencast
Wind demo event – July 13th, 2012
Composite service workflow
Point of Interests
Geocoding
Weather forecast
Map
Web Page Info collector
Aim: the Service Designer wants to create a service that takes in input a street address and shows on a web page some information related to the provided location.
Wind demo event – July 13th, 2012
STS language & tool Brief introduction Tool application example
Secure web service composition tools
Wind demo event – July 13th, 2012
STS modelling language (STS-ml)
Socio Technical Security modelling language (STS-ml) Consists of a set concepts that can be used to analyze security
requirements for a wide range of applications (including Service Oriented Applications)
Rationale Security should be investigated early in the development process Security requirements before security solutions/mechanisms
Express security needs and requirements at organizational (business/operational) level, by modelling:
Social/Technical actors and their goals Interactions among those actors in achieving goals Security requirements and trust properties that stakeholders
express.
Wind demo event – July 13th, 2012
STS-ml perspectives
Interaction among stakeholders in
achieving their goals
Information (documents) and
relationships
Authorization granted for exchange and
manipulate information
List of security requirements derived from security needs expressed in the business view
Wind demo event – July 13th, 2012
STS-tool utilization
Scenario modelling steps
i. Identify principal stakeholders (actors)
ii. Identify and analyze the goals of each actor
iii. Define interactions among the actors
iv. Express the requirements on security and trustworthiness
Wind demo event – July 13th, 2012
Design of a composite service that takes in input the geographical position (street address) of a user and shows in a webpage a set of informations A map showing the position Weather information Point of interests in the surroundings
The Service Provider wants the service to be trustworthy, so he asks the Service Designer to exploit the tools from the Aniketos platform STS-tool for the specification of security requirements and
trustworthiness
Reference scenario: STS-tool utilization
Wind demo event – July 13th, 2012
Design of InfoService (1 of 7)
scope
goal
resource
provision
delegation
i. Identify principal stakeholders (actors)
ii. Identify and analyze the goals of each actor
iii. Define interactions among the actors
Wind demo event – July 13th, 2012
i. Identify principal stakeholders (actors)
ii. Identify and analyze the goals of each actor
iii. Define interactions among the actors
Design of InfoService (2 of 7)
scopegoal decomposition
resource
Wind demo event – July 13th, 2012
So
cia
l Vie
wDesign of InfoService (3 of 7)
Wind demo event – July 13th, 2012
iv. Express the requirements on security and trustworthiness
Design of InfoService (4 of 7)
No-RepudiationRedundancy
Trustworthiness constraint (tc)
Re-delegation
Wind demo event – July 13th, 2012
Info
rma
tio
n V
iew
Design of InfoService (5 of 7)
Wind demo event – July 13th, 2012
Au
tho
riza
tio
n V
iew
Design of InfoService (6 of 7)
U: use
M: modify
P: produce
D: distribute
Wind demo event – July 13th, 2012
iv. Express the requirements on security and trustworthiness
Design of InfoService (7 of 7)
Re-delegation
Non-disclosureIntegrity
NeedTo
Know
Wind demo event – July 13th, 2012
The STS-tool will generate SRS from the information contained in 3 views (business view) Automatic generation is supported by the tool
Security Req Specs (SRS)
Wind demo event – July 13th, 2012
Service Composition Framework (SCF) Tool application example
Secure web service composition tools
Wind demo event – July 13th, 2012
A service provider wants to offer a service that takes in input the geographical position of a user and shows in a webpage a set of information: A map showing the position Weather information Point of interests in the surroundings
The service provider wants the service to be trustworthy, so he asks the service designer to exploit the tools made available through the Aniketos platform SCF tool is used in order to design the composite service
Reference scenario: SCF utilization
Wind demo event – July 13th, 2012
The trustworthiness value is evaluated by the Trustworthiness Prediction module (TM) and is a combination of: Cognitive trust of the user, based on the service and service
provider reputation Non-cognitive trust, based on objective and measurable properties
of the service such as QoS attributes (reliability, performance, availability).
About trustworthiness in Aniketos…
Wind demo event – July 13th, 2012
Service Composition Framework (SCF)
The SCF is a design time module available in the Aniketos environment allowing a service designer to build executable composition plans
To use the framework the service designer must be authenticated
Wind demo event – July 13th, 2012
SCF: get started with BPMN modelling
Once authenticated, the service designer can start the BPMN modelling
Wind demo event – July 13th, 2012
BPMN model of InfoService
From the description of the service in terms of functionality, the service designer decides to use different atomic services and compose them according to the BPMN drafted in the SCF editor
Wind demo event – July 13th, 2012
The service designer is in charge of designing a composite service with a specific requirement on trusthworthiness value
The trustworthiness requirement is expressed as a consumer policy (XML file) written in ConSpec grammar
The file location is included in an extensionElements tag in the XML representing the BPMN
BMPN annotated with trustworthiness requirement
Wind demo event – July 13th, 2012
An excerpt of the resulting XML for the annotated BPMN is shown below:
Annotated BPMN (1 of 2)
Wind demo event – July 13th, 2012
SRS document is generated by the STS-tool BPMN model is generated by using the SCF tool MTM will process both informations to generate an
annotated BPMN model (EABPMN) MTM not available at this stage of the project (mapping under
development) Currently a manual intervention from the Service Designer is
necessary
Annotated BPMN (2 of 2)
Wind demo event – July 13th, 2012
To make the composition plans the SCF has to bind real web services to the service tasks in the BPMN
The binding process entails: Service discovery using the ServiceType as search filter
The SCF shows the operations offered by the web services matching the request based on the ServiceType
Selection of the specific operation the service designer wants to use in order to compose the InfoService
If the same operation is offered by different atomic services the service designer will see just one operation
Service discovery and selection of the service operation
Wind demo event – July 13th, 2012
Discovery and selection: GeoCoding example (1/2)
Wind demo event – July 13th, 2012
and selects getCoordinates ( )
Discovery and selection: GeoCoding example (2/2)
The service designer discovers operations offered by GeoCoding type services ( )
1
2
The service designer isn’t aware of how many web services offer that operation, it’s the SCF which will bind the different services to the service task when making composition plans
Wind demo event – July 13th, 2012
Creation of composition plans
Once the service designer has selected an operation for each service task the SCF is ready to create the composition plans
When the service designer clicks on “Create composition plans” button, the SCF shows a set of functionally valid composition plans
Wind demo event – July 13th, 2012
The SCF has created 12 composition plans: this is explained by the number of web
services offering the same operation: Geocoding type: bound to 2 web services PointOfInterest type: bound to 3 web services WeatherForecast type: bound to 1 web
services Map type: bound to 2 web services WebPageInfoCollector type: bound to 1 web
services Thus the number of composition plans is 2 X
3 X 1 X 2 X 1 = 12
Composition plans created by the SCF
Wind demo event – July 13th, 2012
The composition plans ensure functionality but do not consider the trustworthiness requirement
The composition plans have to be checked against the requirements specified for the trustworthiness value
This check is performed by the Secure Composition Planner Module which receives the composition plans from the SCF and returns those ones that fulfill the trustworthiness requirement
Selection of trustworthy composition plans
Wind demo event – July 13th, 2012
The SCPM invokes the Trustworthiness prediction module to evaluate the trustworthiness value for the set of composition plans received from the SCF
The trustworthiness value of the composite service is evaluated by using the weakest link principle The Trustworthiness module evaluates the trustworthiness value
for each service taking part in the composition The lowest value is returned as the trustworthiness value of the
composite service
Trustworthiness prediction for composite services
Wind demo event – July 13th, 2012
When the service designer clicks on “Verify All” button the SCPM selects the composition plans that fulfils the trustworthiness requirement
Trustworthy composite services
In order to visualize the Trustworthiness value of the composition plans the service designer selects “Order By” Trustworthiness and clicks on “Order/Rank” button
Wind demo event – July 13th, 2012
Last steps: upload and deploy
The service designer selects one of the trustworthy composition plans and can upload the BPMN to an Activiti
Engine Deploy it to a web application
server
Wind demo event – July 13th, 2012
Screencast (Demo summerSOC2012.avi) Presented at Summer School on Service Oriented
Computing (SOC) – July 2-5, 2012 – Crete (Greece).
Demo
Wind demo event – July 13th, 2012
Top Related