Exploitation & Impact
8.3. DSC IMPACT ON SECURITY CERTIFICATION PRACTICES
Figure 8.9: AMT Profile View
the basic underpinnings for DSC, ASSERT and ASSERT Profile concepts, as well as an evaluation of the tool operations and outputs. The evaluation consisted of a questionnaire composed mostly by closed-answer questions using 5-points Likert scale [101], as well as a number of free answers ques-tions. The latter allowed for the expression of feedback on specific DSC aspects, which was used later on for improving the AMT tool. The ques-tionnaire was structured in two sections: the first part was devoted to an us-ability assessment [146], while the second aimed at assessing the suitus-ability of AMT tool outputs and procedures (e.g. ASSERTs andASSERT validation against an ASSERT Profile) for their application in a security certification process operations.
The results of an analysis of the focus group can be summarized as fol-lows. Regarding the usability of the AMT tool, it was assessed positively, especially considering its nature of research prototype. Nevertheless, sev-eral suggestions were proposed, and some of them have been incorporated in the prototype; others were deemed interesting for future commercial exploitation of the concept. With respect to the suitability of ASSERTs and AMT tool operations to security certification operations (especially consid-ering Common Criteria), we will focus our attention on a selection of the focus group questions, which are:
Q-15 From the point of view of a Certifier, anASSERTis suitable to represent a typical security certificate.
Q-16 The AMT speeds up theASSERTmanagement process.
145
Figure 8.10: BoxPlot of selected DSC Tool assessment questions
Q-17 The AMT improves the control over theASSERTmanagement process.
Q-18 From the point of view of a Certifier, the automation of a typical se-curity certificate management process is a priority.
Their proposed answers (and their mapping to the 5-points Likert scale) were : I fully agree (2), I mostly agree (1), I neither agree nor disagree (0), I mostly disagree” (-1) and I completely disagree” (-2). The answers are represented in Fig. 8.10.
The answers to 15, 16 and 17 are particularly encouraging: Q-15 essentially confirms the suitability of the ASSERT and DSC concepts for representing security certificate contents, while Q-16 and Q-17 assess pos-itively the AMT tool operations.
From Q-18 and open answer questions, it is possible to derive the fol-lowing findings. From the point of view of the technical quality of the AMT, most of the respondents generally agreed that the representation capability of an ASSERT is suitable from the certifier’s point of view. However, from the point of view of its adoption and relevance, the main output of the validation session indicates that current real world certification processes (and especially Common Criteria) are probably not ready to embrace dig-ital certificates in their current forms. For Common Criteria, this is mainly due to its complexity and difficulty to automate its operations. However, the advantages of using ASSERT and DSC Tool can represent a stimulus for the evolution of a debate inside the Common Criteria community.
8.3. DSC IMPACT ON SECURITY CERTIFICATION PRACTICES
8.3.2 From the Consumer’s Perspective
Typically, service consumers range from regular end-users to security experts with varying understanding, awareness, needs and requirements on service security. CRT caters to each type of consumer by allowing them to understand the certified security properties of a service at varying levels of details.
Moreover, CRT helps security conscious consumers to inspect in de-tail the security measures implemented in the service. Security experts can investigate the architecture of the service through the Target of Certi-fication element, which clearly identifies the different components of the services. TheTarget of Certificationinforms the consumers whether the ser-vice is composed of other external serser-vices. In fact, consumers can find out whether the certified security properties of a service depend on the security properties of any external services that are used. Consumers can then verify whether the external service possesses a security certificate with those cer-tified security properties. With additional tool support this process can be completely automated, and a consumer can easily verify a chain of security certificates.
The DSCM framework allows consumers to verify, during consumption time, whether a service still has a valid security certificate. This allows consumers to know thecurrentstate of the service’s certified security prop-erties, rather than depend on certified properties based on the service im-plementation during certification time. This significantly improves the use-fulnessof the security certification schemes in a service environment.
Conclusions
In this chapter we have presented various prototypes that were built exploiting the concepts proposed in this thesis. We have presented an in-dustrial prototype of a Service marketplace that allows service consumers to search, discover and compare services based on their certified security properties - thus showcasing the consumption of the Digital Security Cer-tificates. In addition, we have presented a research prototype of a tool that is used to generate Digital Security Certificates, showing the ease with which certification authorities can issue and validate certificates.
Finally, we have presented a brief overview of the survey conducted on a focus group consisting of certification experts the results of which further encourage our belief that the contributions of this thesis can have a broad and positive impact on the security certification landscape.
147
Publications
The contents of this chapter are further discussed in the following pub-lication:
? S. P. Kaluvuri, H. Koshutanski, F. Di Cerbo, R. Menicocci, and A.
Ma˜na.A digital security certificate framework for services. International Journal of Services Computing, 1(1), 2013.
Technical Reports
A more comprehensive discussion about the topics mentioned in this chapter are provided in the following technical reports:
? H. Koshutanski,S.P. Kaluvuri, A. Ma˜na, M. Montenegro, M. Anisetti, C. Ardagna, E. Damiani, S. G¨urgens, D. Presenza. ASSERT Language V1.4. ASSERT4SOA Project Deliverable(D1.4), 2014.
? M. Bezzi, S. D’Agostini,S.P. Kaluvuri, A. Ma˜na, C. Pandolfo, G. Pujol, A. Sabetta. Architecture and High-level Design of ASSERT4SOA Frame-work. ASSERT4SOA Project Deliverable(D6.1), 2014.