Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions

Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensi...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Djordjevic, I., Nair, S.K., Dimitrakos, T.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensive middleware-based solution leveraging on Web services technologies. However, potential merits of hardware-based solutions to further secure application exposure have not been considered so far. This paper describes a method for combining software resource level security features offered by Web services technologies, with the hardware-based security mechanisms offered by trusted computing platform and system virtualisation approaches. In particular, we propose trust-based architecture for protecting the enforcement middleware deployed at the policy enforcement endpoints of Web and grid services. The main motivation is to additionally secure execution environment of the applications, by providing virtual machine level separation that maps from logical domains imposed by Web services level enforcement policies.
DOI:10.1109/ICWS.2007.188