Ensuring trust in service consumption through security certification

Abstract

The service-based paradigm is enabling new models of software provisioning based on cloud architectures. An increasing number of organizations are either providing their software as a service or acting as enablers by providing platforms on which service providers can offer their services. However the service implementations and the characteristics of the underlying cloud architectures are often opaque to the service consumers. The resulting deficit of trust on the security of such services is hampering the adoption of these new software paradigms by the industry. In this paper, we discuss an approach for security certification of services that can help fill this trust deficit, and we analyze the challenges that we face in realizing this approach. In particular, we concentrate on the problem of ensuring a robust binding between a security certificate and the corresponding service, outlining some possible approaches to tackle this issue.