Presentation is loading. Please wait.

Presentation is loading. Please wait.

Aniketos project demonstration Secure and Trustworthy Composite Services H3G – Dec 21 st, 2012.

Published byDesmond Cheyne Modified over 9 years ago

Similar presentations

Presentation on theme: "Aniketos project demonstration Secure and Trustworthy Composite Services H3G – Dec 21 st, 2012."— Presentation transcript:

1 Aniketos project demonstration Secure and Trustworthy Composite Services H3G – Dec 21 st, 2012

2 H3G demo event – Dec 21 st, 2012 Contents and Objectives Presentation General concepts Platform description Case studies Demo Demo scenario Overview of Aniketos front-end Tools usage (live session) Discussion and feedback Overall impression (benefits/drawbacks) Appeal of telco case study and business model Suggestions for partnerships and relationships

3 H3G demo event – Dec 21 st, 2012 Aniketos Project EU (FP7/2007-2013) funded project (grant no. 257930) The project includes 17 partners from 10 different European countries. Period: Aug 2010 – Jan 2014 (42 months duration) Aiming to achieve Provide service developers and providers with a secure service development framework that includes methods, tools and security services that supports the design-time creation and run-time composition of secure dynamic services, where both the services and the threats are evolving See http://aniketos.eu for more infohttp://aniketos.eu

4 H3G demo event – Dec 21 st, 2012 Aniketos Concepts Focusing on web services Services offered ‘in the cloud’ from multiple service providers Aniketos plus and key challenges Constantly maintaining the security and trustworthiness in a service-oriented environment evolving in the cycle of designing, provisioning, delivering and using services Security and trustworthiness Design Time (DT) service composition Run-Time (RT) service (re)composition Services will be designed according to organizational and business views Service Provider(s) Service end user Trust ? Security ?

5 H3G demo event – Dec 21 st, 2012 Aniketos Positioning

6 H3G demo event – Dec 21 st, 2012 Platform Overview Service Developers Use community support (design, threat analysis) Service discovery & composition Ensure trust & security Service Providers Use community support (submit, threat notification) Monitor trust & security Perform adaptation Service end users Certification programme Single point of trust

7 H3G demo event – Dec 21 st, 2012 Future Telecom Services

8 H3G demo event – Dec 21 st, 2012 User Story A1 (part 1) The end user (Bob) owns a mobile device which is equipped with a GPS receiver and a presence enabled VoIP client when accessing the web portal of his TLC Operator. The services involved are: a. WebShop for general electronic commerce access; b. StoreLocator for letting users to choose the store where to get the items selected. Bob accesses the WebShop application in order to purchase an electronic item he wishes. Bob asks for help of an assistant by starting a click-to-call VoIP communication. The StoreLocator service gives users two options: 1)a manual selection of the stores that can be selected from an offered list; 2)letting StoreLocator service propose a list of closest stores. Converged SIP/HTTP application SIP servlets Application Server Platform Then, he decides to purchase the item of interest. …to collect Bob’s current position information and to generate maps and addresses of the stores which are closer to Bob. Bob selects option (2) for automatic store localization. By doing so a service re- composition is started… 1 2 3 4 5 67 Bob is finally asked to confirm his mail address retrieved through the IdP to inform him when he can get the purchased item. 8

9 H3G demo event – Dec 21 st, 2012 User Story A1 (part 2) Bob connects to the WebTravel application in order to book a hotel and the tickets for his next business trip. WebTravel is an application built using a composite service made up of two service components: 1.a web service to book the hotel; 2.a web service to buy the tickets for the trip. Bob accesses the WebTravel by pressing the “Plan your trip” button. The system detects, through the presence information, that Bob is currently using a smartphone. Bob accepts and allows the retrieval of this information from the IdP in a secure manner. In this case, IdP is used for secure exchange of user’s data inside the federation. 1 2 3 4 5 6 Converged SIP/HTTP application SIP servlets Application Server Platform In order to complete the hotel reservation, an electronic form must be filled with personal data. The form is filled in automatically with Bob’s personal data. Bob is asked (optional) to give authorization for the automatic compilation of the reservation form.

10 H3G demo event – Dec 21 st, 2012 User Story A2 open AM HSS Presence enabler IMS - Telco Internet Resource layer Aniketos layer Attribute Provider Enabler Provider IdM Provider atomic service User Profile REST / SAML Diameter SIP/XCAP OMA Enabler(s) atomic service Identity Provider composite web service(s) -Bridging IMS and Internet identities -Single Sign On -Multi-factor authentication -IMS Service Exposure (e.g. user’s attributes and presence) Marketplace

11 H3G demo event – Dec 21 st, 2012 Aniketos Benefits Aniketos provides a powerful platform for secure service developments that will bring benefits to: Service Designers / Developers: to support the creation and the delivery of new innovative services. In general, these developments are commissioned by Service Providers Service Providers: to enhance their portfolio of services and consequently increase the chance for incrementing revenues by attracting new customers or increasing customer retention End Users: to increase the appeal for services that are intrinsically secure and reliable, having a single point-of-trust with a clear customer’s relationship

12 H3G demo event – Dec 21 st, 2012 Aniketos Business Prospective Delivering of Aniketos in the cloud as PaaS "Security as a Service“ Business models and actors Brokerage model (Providers) Service Providers need to pay some fee in order to make their services (security descriptors) available in Aniketos Marketplace Pay-per-use (Consumers) Service Developers will pay in order to create and deploy composite services by using the platform from the Aniketos Provider End Users will pay for invocation of Aniketos composite services Aniketos Provider that manages the Marketplace holds a remunerative and important asset

13 Aniketos Demo: Design of a trustworthy composite service

14 H3G demo event – Dec 21 st, 2012 Demonstration goals The demo aims to show the exploitation of the Aniketos front-end for the secure service composition in order to: express the security requirements over the services involved in the composition build the service specification of business process to realize the composite service with BPMN perform service discovery, validation and deployment Application of the design-time process to a real example taken from an industrial case study Realization of composite service (InfoService)

15 H3G demo event – Dec 21 st, 2012 InfoService overview Point of Interests Geocoding Weather forecast Map Web Page Info collector Service Designer aims to create a service that takes in input a street address and shows on a web page some information related to the provided location.

16 H3G demo event – Dec 21 st, 2012 The Service Provider wants the service to be trustworthy, so the Service Designer will use: STS-tool for the specification of security and trustworthiness requirements SCF tool for the design of the composite service SRE for the execution of the composite service Reference scenario

17 H3G demo event – Dec 21 st, 2012 Design Time Process

18 H3G demo event – Dec 21 st, 2012 18 Run-time Process

19 H3G demo event – Dec 21 st, 2012 Aniketos modules

20 H3G demo event – Dec 21 st, 2012 Involved Modules STS-tool: to express security needs and requirements on trustworthiness MTM will provide the mapping between security requirements specification (SRS) in the STS-model and existing BPMN. The output will be a security EABPM IdM: to authenticate the service designer for using SCF SCF: to design secure service compositions (BPMN) Marketplace to support services discovery/announcement SCPM: to receive the composition plans from the SCF and return those ones that fulfill the trustworthiness requirement TM: to check for the level of trustworthiness

21 H3G demo event – Dec 21 st, 2012 Socio Technical Security (STS) language & tool Express security needs at organizational level Role- and goal-oriented requirements modeling language (STS-ml) Graphical notation tool Aniketos front-end tools

22 H3G demo event – Dec 21 st, 2012 Extended set of supported security needs no-Repudiation (noRep - 3 types), no-Delegation (noDel), Redundancy (Red - 4 types), integrity of transmission separation of duties (SoD), binding of duties (BoD) authorization: usage (U), modification (M), production (P), disclosure (D), scope of usage (NtK), transferability Automatic derivation of Security Requirements Document Analysis (on-going) consistency analysis: check model against semantics of STS-ml security analysis: identify violations of security needs Open-source available (http://www.sts-tool.eu) for Windows/Linux/Machttp://www.sts-tool.eu 22 STS-tool features (ver 1.3)

23 H3G demo event – Dec 21 st, 2012 STS-tool utilization Modeling Activities Phase 1. Model the Social View Step 1.1 Identify stakeholders Step 1.2 Identify assets and interactions Step 1.3 Express security needs Phase 2. Model the Information View Step 2.1 Identify information and its owner Step 2.2 Represent information structure Phase 3. Model the Authorization View Step 3.1 Model authorizations to info Phase 4. Automated analysis Step 4.1 Consistency analysis Step 4.2 Security analysis Phase 5. Derive Security Requirements Step 5.1 Derive security requirements document refinement needed error/warning analysis

24 H3G demo event – Dec 21 st, 2012 STS-tool utilization STS-tool live session...

25 H3G demo event – Dec 21 st, 2012 STS-tool utilization Scenario modelling steps i. Identify principal stakeholders (actors) ii. Identify and analyze the goals of each actor iii. Define interactions among the actors iv. Express the requirements on security and trustworthiness

26 H3G demo event – Dec 21 st, 2012 Design of InfoService (1 of 7) scope goal resource provision delegation i. Identify principal stakeholders (actors) ii. Identify and analyze the goals of each actor iii. Define interactions among the actors

27 H3G demo event – Dec 21 st, 2012 i. Identify principal stakeholders (actors) ii. Identify and analyze the goals of each actor iii. Define interactions among the actors Design of InfoService (2 of 7) scope goal decomposition resource

28 H3G demo event – Dec 21 st, 2012 Social View Design of InfoService (3 of 7)

29 H3G demo event – Dec 21 st, 2012 iv. Express the requirements on security and trustworthiness Design of InfoService (4 of 7) No-Repudiation Redundancy Trustworthiness constraint (tc) Re-delegation

30 H3G demo event – Dec 21 st, 2012 Information View Design of InfoService (5 of 7)

31 H3G demo event – Dec 21 st, 2012 Authorization View Design of InfoService (6 of 7) U: use M: modify P: produce D: distribute

32 H3G demo event – Dec 21 st, 2012 iv. Express the requirements on security and trustworthiness Design of InfoService (7 of 7) Re-delegation Non-disclosure Integrity Need To Know

33 H3G demo event – Dec 21 st, 2012 The STS-tool will generate SRS from the information contained in 3 views (business view) Automatic generation is supported by the tool Security Req Specs (SRS)

34 H3G demo event – Dec 21 st, 2012 Aniketos front-end tools Secure Composition Framework (SCF) Design time module available in the Aniketos environment Used by service designers to build executable composition plans Authentication is needed - once authenticated, service designers can start the BPMN modelling

35 H3G demo event – Dec 21 st, 2012 BPMN model of InfoService From the description of the service in terms of functionality, the service designer will use different atomic services and compose them according to the BPMN drafted in the SCF editor

36 H3G demo event – Dec 21 st, 2012 The service designer is in charge of designing a composite service with a specific requirement on trusthworthiness value The trustworthiness requirement is expressed as a consumer policy (XML file) written in ConSpec grammar The file location is included in an extensionElements tag in the XML representing the BPMN BMPN model annotated with trustworthiness requirement

37 H3G demo event – Dec 21 st, 2012 An excerpt of the resulting XML for the annotated BPMN is shown below: Annotated BPMN (1 of 2)

38 H3G demo event – Dec 21 st, 2012 SRS document is generated by the STS-tool BPMN model is generated by using the SCF tool MTM will process both informations to generate an annotated BPMN model (EABPMN) MTM not available at this stage of the project (mapping under development) Currently, a manual intervention from the Service Designer is necessary Annotated BPMN (2 of 2)

39 H3G demo event – Dec 21 st, 2012 In order to make the composition plans the SCF has to bind real web services to the service tasks in the BPMN Binding process entails the following steps: 1. Discovery of services using the ServiceType as search filter SCF shows the operations offered by the web services matching the request based on the ServiceType 2. Selection of the specific operation that the service designer wants to use in order to build the composite service InfoService If the same operation is offered by different atomic services the service designer will see just one operation Service discovery and selection of the service operation

40 H3G demo event – Dec 21 st, 2012 Discovery and selection: GeoCoding example (1/2)

41 H3G demo event – Dec 21 st, 2012 and selects getCoordinates ( ) Discovery and selection: GeoCoding example (2/2) The service designer discovers operations offered by GeoCoding type services ( ) 1 2 The service designer is not aware of how many web services offer that operation - SCF tool will bind the different services to the service task when making composition plans

42 H3G demo event – Dec 21 st, 2012 Creation of composition plans Once the service designer has selected an operation for each service task the SCF is ready to create the composition plans When the service designer clicks on “Create composition plans” button, the SCF shows a set of functionally valid composition plans

43 H3G demo event – Dec 21 st, 2012 SCF created 12 composition plans: this is explained by the number of web services offering the same operation: Geocoding type: bound to 2 web services PointOfInterest type: bound to 3 web services WeatherForecast type: bound to 1 web service Map type: bound to 2 web services WebPageInfoCollector type: bound to 1 web service... thus the number of composition plans is 2 X 3 X 1 X 2 X 1 = 12 Composition plans created by the SCF

44 H3G demo event – Dec 21 st, 2012 Composition plans ensure functionality but do not consider the trustworthiness requirement Composition plans have to be checked against the requirements specified for the trustworthiness value This check is performed by the Secure Composition Planner Module (SCPM) which receives the composition plans from the SCF and returns those ones that fulfill the trustworthiness requirement SCPM invokes the Trustworthiness prediction module (TM) to evaluate the trustworthiness value for the set of composition plans received from the SCF Selection of trustworthy composition plans

45 H3G demo event – Dec 21 st, 2012 Trustworthiness value of the composite service is evaluated by using the weakest link principle: Trustworthiness module evaluates the trustworthiness value for each service taking part in the composition Lowest value is returned as the trustworthiness value of the composite service Trustworthiness value is evaluated by TM as a combination of: Cognitive trust of the user, based on the service and service provider reputation Non-cognitive trust, based on objective and measurable properties of the service like QoS attributes (e.g. reliability, performance, availability) Trustworthiness prediction for composite services

46 H3G demo event – Dec 21 st, 2012 Service designer clicks on “Verify All” button the SCPM in order to select all the composition plans that fulfil the requirement on trustworthiness Trustworthy composite services Service designer selects “Order By” Trustworthiness and clicks on “Order/Rank” button in order to visualize the Trustworthiness value of the composition plans

47 H3G demo event – Dec 21 st, 2012 Last steps: upload and deploy Finally, service designer selects one of the trustworthy composition plans in order to: Upload the BPMN to an Activiti Engine Deploy to a web application server

48 H3G demo event – Dec 21 st, 2012 SCF tool utilization SCF tool live session...

49 H3G demo event – Dec 21 st, 2012 Infoservice running

50 H3G demo event – Dec 21 st, 2012 Thanks for your attention fausto.andreotti@italtel.it pierluigi.sciuto@selexelsag.com

51 H3G demo event – Dec 21 st, 2012 Demo screencast (Demo summerSOC2012.avi) Demo events Summer School on Service Oriented Computing (SOC) – July 2-5, 2012 – Crete (Greece). Wind demo event – July 13, 2012 – Milano (Italy) Demo material availability http://www.aniketos.eu/category/documents-categories/multimedia http://www.youtube.com/user/aniketoseu References

Download ppt "Aniketos project demonstration Secure and Trustworthy Composite Services H3G – Dec 21 st, 2012."

Similar presentations

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.

18 Copyright © 2005, Oracle. All rights reserved. Distributing Modular Applications: Introduction to Web Services.
Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.

Geneva, Switzerland, 17 October 2011 ITU Workshop on Service Delivery Platforms (SDP) for Telecommunication Ecosystems: from todays realities to requirements.
OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.

OASIS OData Technical Committee. AGENDA Introduction OASIS OData Technical Committee OData Overview Work of the Technical Committee Q&A.
Configuration management

Configuration management
Software change management

Software change management
Configuration management

Configuration management
Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech

Research Issues in Web Services CS 4244 Lecture Zaki Malik Department of Computer Science Virginia Tech
Information Society Technologies Third Call for Proposals Norbert Brinkhoff-Button DG Information Society European Commission Key action III: Multmedia.

Information Society Technologies Third Call for Proposals Norbert Brinkhoff-Button DG Information Society European Commission Key action III: Multmedia.
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine-866-624-2008 x111.

© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
Project Overview 2010. Slide 2 of 15 Overview Project in a Nutshell ◦Motivation ◦Aims and Objectives ◦Expected Outcomes PlanetData Programs Join PlanetData.

Project Overview Slide 2 of 15 Overview Project in a Nutshell ◦Motivation ◦Aims and Objectives ◦Expected Outcomes PlanetData Programs Join PlanetData.
Getting Started with D2A

Getting Started with D2A
Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.

Near East Plant Protection Network for Regional Cooperation & Knowledge Sharing Food and Agriculture Organization of the United Nations An Overview on.
Summer SOC July 2 nd – July 7 th Aniketos platform: Design of a trustworthy composite service 1.

Summer SOC July 2 nd – July 7 th Aniketos platform: Design of a trustworthy composite service 1.
Aniketos project presentation Secure and Trustworthy Composite Services Wind – July 13 th,2012.

Aniketos project presentation Secure and Trustworthy Composite Services Wind – July 13 th,2012.
A platform of for knowledge and services sharing Fernando Ferri IRPPS-CNR.

A platform of for knowledge and services sharing Fernando Ferri IRPPS-CNR.
Intracompany Stock Transfer Scenario Overview

Intracompany Stock Transfer Scenario Overview
© 2012 IBM Corporation 1 IBM Cognos 10 family Analytics in the hands of everyone Address all your analytic needs Report, Analyze, Model, Plan and Collaborate.

© 2012 IBM Corporation 1 IBM Cognos 10 family Analytics in the hands of everyone Address all your analytic needs Report, Analyze, Model, Plan and Collaborate.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.

WebRatio BPM: a Tool for Design and Deployment of Business Processes on the Web Stefano Butti, Marco Brambilla, Piero Fraternali Web Models Srl, Italy.

Similar presentations

Ads by Google