Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Workshop summary software assurance and trust
1. Technical Workshop on Software Assurance
& Trust
Cloud & Services Cluster
Michele Bezzi, SAP
Fabio Martinelli, CNR
[1]
2. Objectives:
Identify possible areas of collaboration among projects
Identify which concrete models are publicly available and
re-usable in related projects
Identify gaps between existing approaches and
promising areas for future research
Effectsplus– July 2011 – Trust & Assurance Workshop [2]
3. (Annotated) Agenda
Aniketos: Supporting trustworthy and secure composition in service and cloud
environments (Per Håkon Meland, David Llewellyn-Jones, Erkuden Rios Velasco),
Security SLA, Service discovery using security properties, Trust Monitoring
Assert4SOA: Advanced Security Service Certificate for SOA (Ernesto Damiani):
Security Certificate, Assurance for service compositions, Security testing, Service
discovery using security properties
Posecco: Leveraging Security Models to Automate Audits and Improve their Level
of Assurance (Serena Ponta), Support mechanisms for auditing, Compliance with
security reqs through auditing
MASSIF: Management of Security information and events in Service Infrastructures
(Pedro Soria-Rodriguez), SIEM, Trusted collection and monitoring of security-
related data
NESSos: A General framework for security-aware analysis of services (Fabio
Martinelli): Trust Metrics, Process Composition, Optimization
UTrust-IT: Usable Trust in the Internet of Things, (Peter Wolkerstorfer), Trust &
HCI, Personas methodology, user-centricity
Presentations and abstracts available at effectsplus website
Effectsplus– July 2011 – Trust & Assurance Workshop [3]
4. Results
Different approaches to trust & assurance: audit, certification,
SLA, user-centered, monitoring
Possible joint paper (e.g., FIA book), with survey
Follow-up with inter project meetings. Selected Topics:
Security SLA: Nessos, Aniketos, Assert4SOA, Contrail
Auditing: Assert4SOA, PoSecco
User-studies: U-Trust-IT, Posecco, Aniketos
Next Effectsplus meeting (Bristol, 2012)
Secure Service Compositions during service lifetime
Effectsplus– July 2011 – Trust & Assurance Workshop [4]