An End-to-End Dynamic Trust Framework for Service-Oriented Architecture

Service-oriented architecture (SOA) is an architectural paradigm that advocates composition of loosely-coupled services in order to construct more complex applications. The agility and complexity of modern web services on one hand and the arbitrary interconnections among them on the other hand, make it difficult to maintain a sustainable trustworthiness in long-running SOA-based applications. Moreover, the chain of participating services in a specific SOA invocation may not be visible to the service consumers, which leads to a lack of accountability. To address these challenges in SOA, we propose the following contributions. First, we design a new dynamic and flexible trust model based on graph abstraction that uses multiple trust strategies to calculate trust across SOA. This trust model keeps track of three trust metrics: individual service trust, session trust, and composite trust. We further design a trust engine component that implements the proposed trust model and that continuously maintains the quantitative end-to-end trust based on processing actual execution of services. Second, to prove the practicality and usefulness of the proposed framework, we have implemented an adaptive and secure service composition engine (ASSC) which takes advantage of an efficient algorithm to generate service compositions with near-optimal trustworthiness under predefined QoS constraints. Finally, we have developed a tool that is able to automatically deploy SOA testbeds from arbitrary directed acyclic graphs (created in the GUI). This tool enables the researcher to study the dynamics of new trust algorithms and strategies under different scenarios (e.g., arbitrary SOA topologies and attacks). We have extensively studied the effectiveness and performance of the proposed solutions using testbeds in the Amazon EC2 cloud.