New Paper Accepted: A Transparent Certification Scheme Based on Blockchain for Service-Based Systems
Our paper entitled A Transparent Certification Scheme Based on Blockchain for Service-Based Systems has been accepted for publication at the conference 2024 IEEE International Conference on Web Services (IEEE ICWS 2024).
In this paper, we address, for the first time to the best of our knowledge, several long-standing trust issues associated with certification. In particular, we design a certification scheme that relaxes the following assumptions (excerpt):
- all parties in the scheme are honest
- the Certification Authority (CA) and the accredited lab are trusted
- the certification process is a black box from the outside
- the life cycle of certification artifacts is undefined
In short, certification assumed that we can fully trust all parties because they are honest and follow the rules without trying to cheat (e.g., certification assumed that the cloud service provider whose service needs to be certified does not try to obtain a certificate without being entitled to). These assumptions have been increasingly criticized but addressed only partially.
Our approach finally relaxes these assumptions, moving the certification process and its actors to a blockchain. We design novel constructs (as smart contracts) that prevent/significantly increase the difficulty of cheating and colluding, making the entire process more robust and trustworthy.
The following picture summarizes our approach.
The following picture, instead, gives a detailed view of our approach.
The authors of the paper are: Nicola Bena (me), Marco Pedrinazzi, Marco Anisetti, Omar Hasan, and Lionel Brunie. The paper originates from the MSc thesis of Marco Pedrinazzi, who envisioned the solution while doing an internship at INSA Lyon under the supervision of Omar Hasan, and Lionel Brunie.
The slides I used to present the paper are here, while the code is here. The abstract is below.
Modern service-based systems are characterized by applications composed of heterogeneous services provided by multiple, untrusted providers, and deployed along the (multi-) cloud-edge continuum. This scenario of increasing pervasiveness, complexity, and multi-party service recruitment urgently calls for solutions to increase applications privacy and security, on the one hand, and guarantee that applications behave as expected and support a given set of non-functional requirements, on the other hand. Certification schemes became the widespread means to answer this call, but they still build on old-fashioned assumptions that hardly hold in today’s services world. They assume that all actors involved in a certification process are trusted “by definition”, meaning that certificates are supposed to be correct and be safely usable for decision-making, such as certification-based service selection and composition. In this paper, we depart from such unrealistic assumptions and define the first certification scheme that is completely transparent to the involved actors and significantly more resistant to misbehavior (e.g., collusion). We design a blockchain-based architecture to support our scheme, re-defining the actors and their roles. The quality and performance of our scheme are evaluated in a case study scenario.