Service discovery: reviewing threats and security architectures

Service Oriented Architectures (SOA) introduce a loosely coupled interaction model which requires discovering services that enable an efficient interconnection between different application systems or software components. Although service discovery has been thoroughly studied in the past, its security has been vastly ignored. After introducing some security issues of service discovery as illustrated in a healthcare motivating scenario, this paper classifies the various threats to service discovery. For each threat we propose a retort. We describe two solutions (centralized and decentralized) to protect users privacy and ensure access control to sensitive discovery data: a centralized one, relying on a classical policy based approach, and a decentralized one, relying on attribute-based encryption, and especially adapted to the use of SOA for developing ubiquitous computing applications, in which case trust is considerably more distributed.