The vision of the Internet of Services (IoS) entails a major paradigm shift in the way ICT systems and applications are designed, implemented, deployed and consumed: they are no longer the result of programming components in the traditional meaning but are built by composing services that are distributed over the network and aggregated and consumed at run-time in a demand-driven, flexible way. In IoS, services are business functionalities that are designed and implemented by producers, deployed by providers, aggregated by intermediaries and used by consumers. However, the new opportunities opened by IoS will only materialise if concepts, techniques and tools are provided to ensure security.
State-of-the-art security validation technologies, when used in isolation, do not provide automated support to the discovery of important vulnerabilities and associated exploits that are already plaguing complex web-based security-sensitive applications, and thus severely affect the development of the IoS. Moreover, security validation should be applied not only at production time but also when services are deployed and consumed.
Tackling these challenges is the main objective of the project, which will lay the technological foundations for a new generation of analysers for automated security validation at service provision and consumption time, thereby significantly improving the security of the IoS. This will be achieved by developing and combining state-of-the-art technologies for penetration testing, security testing, model checking and automatic learning. These will all be integrated into the SPaCIoS Tool, which we shall apply proof of concept on a set of security testing problem cases drawn from industrial and open-source IoS application scenarios. This will pave the way to transfer project results successfully in industrial practice. We shall execute 2 concrete migration paths: to SAP and SIEMENS business units, and to industrial interest groups, standardisation bodies and open-source communities.