• DocumentCode
    2933560
  • Title

    Improving resilience of SOA services along space-time dimensions

  • Author

    Nguyen, Quyen L. ; Sood, Arun

  • Author_Institution
    Dept. of Comput. Sci., George Mason Univ., Fairfax, VA, USA
  • fYear
    2012
  • fDate
    25-28 June 2012
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    In Service-Oriented Architecture, a service contains a set of operations with openly defined input and output parameters. In addition to these operations and traditional QoS, offered services need to implement different levels of intrusion tolerance. Indeed, intrusion tolerance has been recently presented as part of the defense-in-depth solution in order to enhance security resilience for services, as a complement to the traditional intrusion prevention and detection. While satisfying functional requirements, a service also exposes its attack surface via published operations, protocols, and accessible data as an adverse side effect, which makes it susceptible to exploitation by malicious actors. The resulting question is - how can services fulfill and maintain their intrusion tolerance QoS (IT-QoS) for security resilience and rapid recovery in the face of hostile attacks. In this paper, we propose an approach to tune a service so that its attackability can be controlled and the IT-QoS guaranteed despite the exposed attack surface. Our approach relies on Self-Cleansing Intrusion Tolerance (SCIT), a recovery-based intrusion tolerance architecture combined with service-oriented programming constructs. A quantitative analysis using Semi-Markov Process modeling provides a mathematical foundation for compensating the expansion of a service´s attack surface by tuning SCIT system parameters.
  • Keywords
    Markov processes; protocols; quality of service; security of data; service-oriented architecture; IT-QoS; SCIT system parameter tuning; SOA services resiliency improvement; accessible data; attackability control; defense-in-depth solution; functional requirements; hostile attacks; input parameters; intrusion tolerance QoS; malicious actors; output parameters; protocols; published operations; quantitative analysis; recovery-based intrusion tolerance architecture; security resiliency enhancement; self-cleansing intrusion tolerance; semiMarkov process modeling; service attack surface; service-oriented architecture; service-oriented programming constructs; space-time dimensions; Computer architecture; Measurement; Resilience; Security; Service oriented architecture; Surface treatment; Vectors; Intrusion Tolerance; MTTR; MTTSF; SCIT; SOA; Semi-Markov;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Dependable Systems and Networks Workshops (DSN-W), 2012 IEEE/IFIP 42nd International Conference on
  • Conference_Location
    Boston, MA
  • Print_ISBN
    978-1-4673-2264-5
  • Electronic_ISBN
    978-1-4673-2265-2
  • Type

    conf

  • DOI
    10.1109/DSNW.2012.6264680
  • Filename
    6264680