New Paper Accepted: Continuous Certification of Non-Functional Properties Across System Changes
Our paper entitled Continuous Certification of Non-Functional Properties Across System Changes has been accepted for publication at the conference 21st International Conference on Service-Oriented Computing (ICSOC 2023).
In this paper, we focus on the concept of continuous certification. The question is: given that modern services change frequently, how can we certify them? The naive answer of re-certifying at each change is not an option. We proposed a novel certification life cycle management that i) follow the target service over time and ii) apply targeted re-certification where and when is needed, minimizing the impact of certification.
The following picture summarizes our approach.
The authors of the paper are Marco Anisetti, Claudio A. Ardagna, and Nicola Bena (me).
Below is the full abstract.
Existing certification schemes implement continuous verification techniques aiming to prove non-functional (e.g., security) properties of software systems over time. These schemes provide different re-certification techniques for managing the certificate life cycle, though their strong assumptions make them ineffective against modern service-based distributed systems. Re-certification techniques are in fact built on static system models, which do not properly represent the system evolution, and on static detection of system changes, which results in an inaccurate planning of re-certification activities. In this paper, we propose a continuous certification scheme that departs from a static certificate life cycle management and provides a dynamic approach built on the modeling of the system behavior that reduces the amount of unnecessary re-certification. The quality of the proposed scheme is experimentally evaluated using an ad hoc dataset built on publicly-available datasets.