Book a flight online, perform an internet banking transaction or make an appointment with your doctor and, in the not-too-distant future, the 'Internet of Services' (IoS) will come into play. A paradigm shift in the way ICT systems and applications are designed, implemented, deployed and consumed, IoS promises many opportunities but also throws up big challenges - not least ensuring security and privacy, issues currently being tackled by EU-funded researchers.

IoS is a vision of the future internet in which information, data and software applications - and the tools to develop them - are always accessible, whether locally stored on your own device, in the cloud, or arriving in real time from sensors. Whereas traditional software applications are designed largely to be used in isolation, IoS brings down the barriers, thereby lowering costs and stimulating innovation.

Building on the success of cloud computing, IoS applications are built by composing services that are distributed over the network and aggregated and consumed at run-time in a demand-driven, flexible way. This new approach to software will make the development of applications and services easier - so that new and innovative services, not possible today, can be offered. It is likely to make a huge contribution to the EU's strategy to make Europe's software sector more competitive.

You might want to read

IoS services can be designed and implemented by producers, deployed by providers, aggregated by intermediaries and used by consumers. Anybody who wants to develop applications can use the resources in the Internet of Services to develop them, with little upfront investment and the possibility to build upon other people's efforts.

In many ways IoS solves the challenges of interoperability and inefficiency that can plague traditional software systems, but it can also create new vulnerabilities. How for instance can you trust that a service you are using is error free? Or that the different components from different developers that you are aggregating into a new application have all been tested for security vulnerabilities?

'Although it is always difficult to quantify exactly the impact of the absence of something, it is clear that the lack of efficient security validation technologies has been slowing down considerably the wide adoption of web services by citizens, many of whom still do not trust the internet in general nor the Internet of Services in particular,' warns Professor Luca Viganò at the Universita Degli Studi di Verona in Italy. 'It is thus not enough to develop good web-based services, nor to develop services that have been proved secure or which have been tested, but rather we also need a way to convince the citizen that they are indeed secure or have been thoroughly tested. The existence and use of automated tools that can put their "seal of guarantee" on newly developed services, or on services that have been downloaded from the web, will certainly guarantee higher confidence and trust.'

Prof. Viganò and a team of researchers from five European countries are putting the finishing touches on tools to provide precisely that much-needed 'seal of guarantee' on web services. Their work, carried out in the 'Secure provision and consumption in the Internet of Services' (SPACIOS) project and supported by EUR 3.6 million in research funding from the European Commission, combines novel, state-of-the-art technologies for penetration security testing, vulnerability-driven security testing, mutation-based security testing, automatic learning for model inference, model checking and code extraction techniques. Read more info

Related Article:

Online scams to watch out for this year

The website Songsrpeople.com looks a lot like other amateur-video sites. It is wallpapered with clips featuring "the most insane amusement park ever" and "your girlfriend's six friends."

The site draws tens of thousands of visitors a month, according to audience measurement firms. It also has ads for national brands, including Target Corp., Amazon.com Inc. and State Farm.

But Web-security investigators at a firm called White Ops contend that most of the site's visitors aren't people. Rather, they are computer-generated visitors, or "bots," designed to fool advertisers into paying for the traffic, says White Ops, which has blacklisted the site—and thousands more like it—so that ads from clients such as Zipcar don't land there.

An anonymous representative for Songsrpeople declined to discuss the site's traffic but in an email called the White Ops methodology into question.

State Farm said it was looking into the matter while Target declined to comment and Amazon didn't immediately respond to requests for comment.

Authorities and Internet-security  experts say tens of thousands of dubious websites are popping up across the Internet. Their phony Web traffic is often fueled by "botnets," zombie armies of hijacked PCs that are controlled from unknown locations around the world, according to Internet security experts.

The sites take advantage of the simple truth that advertisers pay to be seen. This creates an incentive for fraudsters to erect sites with phony traffic, collecting payments—often through middlemen and sometimes directly from advertisers.

"When you walk into this world, you walk with eyes wide open," said Brian Harrington, chief marketing officer at Zipcar, which ran a recent ad campaign, assisted by White Ops to filter out bogus traffic. "You know stuff is not real."

At their most sophisticated, botnets can mimic the behavior of online consumers, clicking from one site to the next, pausing at ads, watching videos, and even putting items in shopping carts. Further Information