D7.5 First version of guidelines and architecture for secure service composition

Contributing Partners

AIT, XiTrust, UNIL

Executive Summary

This report covers the first interim results of "Task 7.3 Architecture and guidelines for secure service composition". In particular, it presents the first iteration of the PRISMACLOUD architecture and the associated development methodology Cryptographic Service Development Livecycle (CryptSDLC). It also provides a FIrst set of recommendations for the implementation of a service development lifecycle on the basis of CryptSDLC and de fines a project wide documentation standard for services. Additionally, the report already provides a first set of service documentation according the standard to evaluate the proposed methodological approach. The report is a preliminary version of the final report D7.6 "Improved guidelines and architecture for secure service composition`", which will be made publicly available in M24.

The PRISMACLOUD project is a huge undertaking and produces outcome in many different disciplines and layers. The PRISMACLOUD architecture facilitates a way to structure and categorize the technical outcomes, but more importantly to improve service development processes and project communication. It provides a tangible abstraction of the complexity involved with the construction of cryptographically secured services and will provide the project context for the research and development activities in the different work packages.

Together with the architecture, we also established a development methodology which leverages the architectural layers in order to improve the quality and efficiency of application development and to maximize the potential reuse of existing work. The CryptSDLC methodology enriches well known security-by-design approaches with a work flow for cryptographic service design. Furthermore, it standardizes the special steps necessary when going from one layer to the other and aligns them to the general phases of classical SDL models. The major steps are Derive, Translate and Map from top to bottom and Proof, Deploy and Extract from bottom to top.

Based on the conceptual results, we speci fied the guidelines for service development, which give concrete recommendations for the implementation of the service development process. They specify in detail which development methodlogies should be adopted and how they can be enriched with the new concept. They de fine concrete phases and steps as well as document artefacts to support the work flow. Out of that, we also de ned a project standard to be used in the service development for the PRISMACLOUD services.

In addition to the methodological work, this document also presents the documentation of services according to the proposed project standard. For this interim version, the two most mature services have been selected for the proposed guidelines to be applied. We selected the Secure Archiving and Data Sharing services which are both instantiations of the Secure Object Storage tool. This part was done to test and evaluate the proposed approach on a real world scenario. However, the nal version of the document will contain an improved version of the methodology as well as the full documentation of all 8 PRISMACLOUD services.

This document is intended to be used by cloud service providers or middleware and system developers who intend to either adopt PRISMACLOUD services or make variants thereof.