D7.6 Improved Guidelines and Architecture for Secure Service Composition
AIT, XiTrust, UNIL, ETRA, IBM, ATOS, UNEW, UNI PASSAU
This report covers the results of "Task 7.3 Architecture and guidelines for secure service composition". In particular, it presents the PRISMACLOUD architecture and the associated development methodology called Cryptographic Software Development Lifecycle (CryptS- DLC). It also provides recommendations for the implementation of a service development lifecycle on the basis of CryptSDLC and defines a project wide documentation standard for services. Additionally, the report provides a full set of service documentation according
to the standard. The report is based on preliminary version "D7.5 First version of guidelines and architecture for secure service composition", which was released internally in M18.
The PRISMACLOUD project is a huge undertaking and produces outcome in many different disciplines and layers. The PRISMACLOUD architecture facilitates a way to structure and categorize the technical outcomes, but more importantly to improve service development processes and project communication. It provides a tangible abstraction of the complexity involved with the construction of cryptographically secured services and will provide the project context for the research and development activities in the different work packages.
Together with the architecture, we also established a development methodology which leverages the architectural layers in order to improve the quality and efficiency of application
development and to maximize the potential reuse of existing work. The CryptSDLC methodology enriches well known security-by-design approaches with a work ow for cryptographic service design. Furthermore, it standardizes the special steps necessary when going from one layer to the other and aligns them to the general phases of classical SDL models. The major steps are Derive, Translate and Map from top to bottom and Prove, Deploy and Extract from bottom to top.
Based on the conceptual results, we specied the guidelines for service development, which give concrete recommendations for the implementation of the service development process. They specify in detail which development methodlogies should be adopted and how they can be enriched with the new concept. They dene concrete phases and steps as well as document artefacts to support the work ow. Out of that, we also defined a project standard to be used in the service development for the PRISMACLOUD services.
In addition to the methodological work, this document also presents the documentation of services according to the proposed project standard. For this interim version, the two most mature services have been selected for the proposed guidelines to be applied. We selected the Secure Archiving and Data Sharing services which are both instantiations of the Secure Object Storage tool. This part was done to test and evaluate the proposed approach on a real world scenario. However, the final version of the document will contain an improved version of the methodology as well as the full documentation of all 8 PRISMACLOUD services.
This document is intended to be used by cloud service providers or middleware and system developers who intend to either adopt PRISMACLOUD services or make variants thereof. It should serve as a starting point and reference, because it contains the core service documentation, i.e., the underlying key ideas and the benets, service and deployment model information, as well as software development and assurance monitoring information for the PRISMCLOUD services.
Download the full version [PDF]