Ecole d'ingénieur et centre de recherche en Sciences du numérique

Bringing common criteria certification to web services

Kaluvuri, Samuel Paul; Bezzi, Michele; Roudier, Yves

SPE 2013, IEEE International Workshop on Security and Privacy Engineering, Assurance, and Certification, June 27th-July 2nd, 2013, Santa Clara, CA, USA

Solutions based on service-oriented architecture are gaining popularity. However a wider adoption, especially for business critical functions, is hampered by the trust deficit that exists between consumers and providers, as consumers are shielded from the service architectures and the operation of the service itself. Security certification can be used as a means to bridge this trust deficit. Common Criteria for Information Technology Evaluation (CC) is a widely recognized and used security certification scheme. However, the CC scheme was tailored to provide assurance for traditional software provisioning models and hence cannot be applied to SOA solutions as is. In this paper, we present the limitations of the CC scheme when applied in SOA, the challenges that must be overcome for its adoption and possible directions through which some of those challenges can be met. In particular, we point out that CC scheme should be extended to allow for dynamic evaluation of deployed systems (which includes the operational environment) and for handling assurance of composite services.

Document Doi Bibtex

Titre:Bringing common criteria certification to web services
Mots Clés:Security Assurance; Security Ceritifcation; Web Services; Common Criteria
Ville:Santa Clara
Département:Sécurité numérique
Eurecom ref:4092
Copyright: © 2013 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+4092, doi = {}, year = {2013}, title = {{B}ringing common criteria certification to web services}, author = {{K}aluvuri, {S}amuel {P}aul and {B}ezzi, {M}ichele and {R}oudier, {Y}ves}, booktitle = {{SPE} 2013, {IEEE} {I}nternational {W}orkshop on {S}ecurity and {P}rivacy {E}ngineering, {A}ssurance, and {C}ertification, {J}une 27th-{J}uly 2nd, 2013, {S}anta {C}lara, {CA}, {USA}}, address = {{S}anta {C}lara, {\'{E}}{TATS}-{UNIS}}, month = {06}, url = {} }
Voir aussi: