RSIA: Runtime Service Integrity Assruance for Open Service Oriented Systems


With rapid adoption of the concepts of Software as a Service (SaaS) and Service Oriented Architecture (SOA), Information Technology (IT) industry has shifted its focus from sales of hardware and software toward providing value-added IT services through the Internet. Open computing platforms such as cloud infrastructures have recently emerged as promising platforms to provide multi-tenant resource sharing on a common physical infrastructure. Thus, service providers can lease a set of resources from cloud infrastructures to provide their software as services in an economical way without maintaining their own physical computing infrastructures. However, for many security sensitive applications such as critical data processing, we must provide necessary security protection mechanisms before we can migrate those critical application services into shared open computing infrastructures. Existing research on SOA mainly focuses on resource and performance management issues, which usually assumes all service components provided by different service providers are trusted.  However, in open SOA infrastructure such as multi-tenant cloud systems, we can no longer assume all service components are trustworthy. In particular, besides confidentiality and privacy concerns that have been addressed by previous research, it is challenging to ensure service integrity when some service components might be malicious. Although previous work has provided software integrity attestation solutions,  those techniques require trusted hardware or secure kernel to be co-existed with the remote software platform, which is difficult to be applied in large-scale open SOA systems where service components are often offered as black-box elements.

The overall objective of this project is to advance the state of the art of SOA security and develop a suite of techniques for service integrity assurance. We aim at achieving a practical integrity assurance framework for large-scale open SOA systems without requiring application modifications or assuming trusted entities at third-party service providers. One central goal of this project is to look into the future of SOA, and focus on techniques that are not only suitable for today's service-oriented environments, but for future open computing platforms built on top of them. The proposed research will develop the following novel integrity assurance mechanisms for open SOA systems:
Particularly, we will focus on data-intensive applications such as MapReduce and dataflow processing that have been widely adopted by many real world applications.This project will also investigate how to integrate the above techniques with other privacy and confidentiality protection techniques to offer a comprehensive set of security mechanisms for the full life cycle of service provisioning.



Related Projects

Code Release