Managing End-to-End Security Risks with Fuzzy Logic in Service-Oriented Architectures

Author

Badr, Youakim ; Banerjee, Sean

Author_Institution

LIRIS, INSA-Lyon, Lyon, France

fYear

2013

fDate

June 28 2013-July 3 2013

Firstpage

111

Lastpage

117

Abstract

Service-oriented architectures are increasingly deployed in open, distributed and dynamic environments, which require an end-to-end security awareness security at each phase of the service´s lifecycle. Moreover, the security should not only focus on services without considering the risks and threats that might be caused by elements from business activities or underlying hardware and software infrastructure. In this paper, we adopt a holistic approach to define a security conceptual model that covers all elements at the business, service and infrastructure levels and guides each phase in a typical design method for service-oriented architectures. Since the information security is subject to uncertain and unforeseen threats, we propose a fuzzy logic decision system that helps identify security risks based on the security conceptual model and select appropriate security measures based on security objectives.

Keywords

fuzzy logic; risk management; security of data; service-oriented architecture; business activities; end-to-end security awareness; end-to-end security risks management; fuzzy logic decision system; hardware infrastructure; holistic approach; information security; security conceptual model; security objectives; service-oriented architectures; software infrastructure; Business; Design methodology; Fuzzy logic; Pragmatics; Security; Service-oriented architecture; Fuzzy Logic; Reference Models and Design Method; Risk Management; SOA; Security Management;

fLanguage

English

Publisher

ieee

Conference_Titel

Services (SERVICES), 2013 IEEE Ninth World Congress on

Conference_Location

Santa Clara, CA

Print_ISBN

978-0-7695-5024-4

Type

conf

DOI

10.1109/SERVICES.2013.28

Filename

6655683