Title :
A new quantitative model for web service security
Author :
Banaei, O. ; Khorsandi, Siavash
Author_Institution :
Comput. Eng. & Inf. Technol. Dept., Amirkabir Univ. of Technol. (Tehran Polytech.), Tehran, Iran
Abstract :
Security is one of important QoS properties of web services that need to be quantified. Quantifying Security can help both in selecting among published web services and also in assessing security weaknesses of services by service providers. In this paper we propose a three level hierarchical architecture for web service security. In this architecture we consider all of important aspects of security that they are: authentication, integrity, authorization, confidentiality, availability and non-repudiation. For each aspect is considered the most important web service threats. Furthermore we consider likelihood and impact factor for each threat. Then we compute weight of each impact with using AHP and finally total security index is computed with weighted averaging.
Keywords :
Web services; analytic hierarchy process; authorisation; message authentication; quality of service; service-oriented architecture; AHP; QoS properties; SOA; Web service security; Web service threat; authentication; authorization; confidentiality; impact factor; integrity; likelihood factor; nonrepudiation; security index; security weakness assessment; service provider; three level hierarchical architecture; Risk Analysis; SOA; Security; Web Service;
Conference_Titel :
Communication Technology (ICCT), 2012 IEEE 14th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4673-2100-6
DOI :
10.1109/ICCT.2012.6511304
