D7.3 Progress report on holistic security model for secure service composition

Contributing Partners


Executive Summary

In this report we describe the concept behind PRISMACLOUD's service capabilities. A Service Capability is a security & privacy relevant property that is of importance for the application domain of the service and that can be described in a speciFI c machine readable language in order to compare the service with other services according to the ful FIlment of the property. It allows PRISMACLOUD to abstractly communicate enhancements towards the service consumers like end-users and application developers. Service capabilities are what the application level sees from PRISMACLOUD's work and they are part of the associated development methodology: Cryptographic Service Development Lifecycle (CryptSDLC). In this first of two reports we show how service capabilities are modelled and how they get linked to the lower layers of the PRISMACLOUD architecture. PRISMACLOUD 's holistic view aids the implementation of the services in software, as a rigorous transformation process is described (facilitating the functional programming language Haskell). This transformation process links the service capability and the conFI gurations, such that the software libraries -the Prismacloud tools- are be parameterised adequately and also the service's logic can be adjusted to ful l the customer requirements explained by the service capability. Thus, this is another step towards PRISMACLOUD 's goal to holistically capture all the complexity and interdisciplinary (cryptographic-, software- development-, application-domain-) knowledge that is necessary to build cryptographic applications.

The service capability's transformation process from and into the tool's confi guration is transforming the cryptographic knowledge into a Haskell model. PRISMACLOUD aims to model the relationship between certain parameters of the tools. For example, assume the tool creates replicas, so called shares, of data to be stored in the cloud and assume further that each share gets stored on a different cloud storage provider. Each of the selected multiple storage providers advertises different availability levels. With this tool being used in a service, a service capability like "What is the availability?" would need to know how the tool is used as a certain con guration might need to always retrieve x out of those y shares to reconstruct the original data. Thus, this con guration ("x out of y") and the availability of the involved storage providers will be modelled in the transformation process.

We see that service developers can use the service capabilities to advertise their newly developed services easily to the market, they can use the bottom-up steps described in this report to derive a capability from their tool's confi guration. However, we hope that it will be even better to use the transformation process in a top-down direction, as this allows to adapt the con guration and inner workings of their service to swiftly address changing customer demands.

The intended audience are end-users as well as application designers and service developers that can communicate using the service capabilities.