Skip to Main Content
Cutting-edge network infrastructures such as Service-Oriented Architectures (SOAs) or, more generally, the Internet of Services (IoS) entail a major paradigm shift in the way ICT systems and applications are designed, implemented, deployed and consumed: they are no longer the result of programming components in the traditional meaning but are built by composing services that are distributed over the network and reconfigured and consumed dynamically in a demand-driven, flexible way. However, the new opportunities opened by the IoS will only materialize if concepts, techniques and tools are provided to ensure security. In fact, deploying services in such network infrastructures entails a wide range of trust and security issues, but solving them is extremely hard since making the service components trustworthy is not sufficient: composing services leads to new, subtle and dangerous, vulnerabilities due to interference between component services and policies, the shared communication layer, and application functionality. Thus, one needs validation of both the service components and their composition into secure service architectures.