Service Injection: A Threat to Self-Managed Complex Systems

Author

Meland, Per Håkon

Author_Institution

Software Eng., Safety & Security, SINTEF ICT, Trondheim, Norway

fYear

2011

fDate

12-14 Dec. 2011

Firstpage

1

Lastpage

6

Abstract

The promises of a service-centric Future Internet, where we can mix, match and create rapid-grown services also bring new security challenges. This paper investigates a threat named service injection to self-managed composite service systems that consist of service components from different providers. The overall goal of service injection is to have a malicious service component become a part of a composite service. This can be done by provoking a runtime recomposition and taking the place of a legitimate service component. Service injection could quickly become as prevalent as today´s widespread code injection, it is being held back by the fact that there are not many system configurations in which it may manifest itself. However, with the emerging trends of autonomic and heterogenous system-of-systems, we should start to think about precautions before it is too late. In order to analyze and classify service injection we have used the CAPEC schema for standard attacks.

Keywords

Internet; computer crime; fault tolerant computing; CAPEC schema; autonomic system-of-systems; heterogenous system-of-systems; malicious service component; security challenge; self-managed complex system; self-managed composite service system; service injection; service-centric future Internet; standard attack; Availability; Contracts; Runtime; Security; Service oriented architecture; SOA; dynamic service composition; self-management; system-of-systems; threat;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable, Autonomic and Secure Computing (DASC), 2011 IEEE Ninth International Conference on

Conference_Location

Sydney, NSW

Print_ISBN

978-1-4673-0006-3

Type

conf

DOI

10.1109/DASC.2011.25

Filename

6118344