Web services endorse a distributed programming model based on reusing application functionality across different trust domains. Frameworks that support this programming model, such as Microsoft .NET, do not provide control mechanisms to regulate the execution of integrated components.To put together complete services, such frameworks assume explicit trust in the correctness of execution of each service component. While trust is acceptable in some instances, in environments with high security demands such as finance, defense, health, etc., trust is not an option. New mechanisms to police computational environments can help to reduce the vulnerabilities related to explicit trust and will further the use of the powerful web services' programming model.
In this project we will investigate the use of cryptographic mechanisms
to certify the correctness of component operations. We define the notion
of Accountable Services as services providing provable, legally-binding
evidence about the correctness of their operations. This project is aimed
at understanding the semantics, threats, and requirements of accountable
services. To do this, we will investigate two particular instances of
accountable services - accountable block storage and a basic general
accountability framework for XML web services. By implementing both
systems and evaluating their performance, we will assess the costs,
practicality, and benefits of service accountability in these particular
contexts. The results will help us draw conclusions about the tradeoffs
and practicality of accountable Internet services.