Trading Off Security in a Service Oriented Architecture

Swart, Garret; Aziz, Benjamin; Foley, Simon N.; Herbert, John J.

doi:10.1007/11535706_22

Cited by 4 publications

(5 citation statements)

References 7 publications

(8 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Services can be primitive, or combined for representing the collaboration with other services. In this subsection, we extend model proposed by Swart et al [16] and define the SOA software system model for security analysis, as shown in Fig. 1.…”

Section: A Soa Software System Modelmentioning

confidence: 99%

A method for modeling and analyzing the security attributes of service-oriented software system

Wang

Liang

2011

Proceedings of 2011 International Conference on Computer Science and Network Technology

View full text Add to dashboard Cite

In Service Oriented Architecture (SOA), software is implemented through a series of services and the business processes composed of services which introduce potential security problems.These security problems appeared in SOA software applications usually lead information systems and their business processes to risks. Similar to traditional quality of service (QoS) attributes such as reliability and robustness, security is one of the most important attributes of software system. In this paper, the method for modeling and analyzing the security attributes of SOA software system is investigated. Firstly, the service oriented computing model for security analysis is constructed, which characterizes service computing paradigm and related security attributes, and can be used for establishing service oriented software security metric system. Secondly, the service attack path is analyzed based upon the service oriented computing model.Finally, the effectiveness of the model and the analysis method is validated through case studies.

show abstract

Section: A Soa Software System Modelmentioning

confidence: 99%

A method for modeling and analyzing the security attributes of service-oriented software system

Wang

Liang

2011

Proceedings of 2011 International Conference on Computer Science and Network Technology

View full text Add to dashboard Cite

show abstract

“…For example, in practice, the more firewalls/subnets that have to be traversed to directly access a node, then the more 'secure' the node is considered to be. The notion of security distance is defined in [21] as the minimum number of servers and/or firewalls that an attacker on the Internet must compromise to obtain direct access to some protected service. We argue that security distance in this case is equivalent to using a weighted c-semiring with each system having an equal rating of '1'.…”

Section: Examplementioning

confidence: 99%

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Foley

Fitzgerald

Bistarelli

et al. 2006

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The challenge for autonomic network management is the provision of future network management systems that have the characteristics of self-management, self-configuration, self-protection and selfhealing, in accordance with the high level objectives of the enterprise or human end-user. This paper proposes an abstract model for network configuration that is intended to help understand fundamental underlying issues in self-configuration. We describe the cascade problem in self-configuring networks: when individual network components that are securely configured are connected together (in an apparently secure manner), a configuration cascade can occur resulting in a mis-configured network. This has implications for the design of self-configuring systems and we discuss how a soft constraint-based framework can provide a solution.

show abstract

“…A soft-constraint encoding of the revised SAN model will also provide access to techniques for exploring and manipulating SAN configurations. This will be especially useful when making tradeoffs of quality of protection against other attributes such as cost and performance [1,31]. Exploring how our soft-constraint framework can facilitate making such tradeoffs is a topic for future research.…”

Section: Discussionmentioning

confidence: 99%

“…The model that is proposed in this paper forms a part of our ongoing research in using constraint solving techniques as a practical approach for reasoning about security [1,[3][4][5]31]. Building on the results in [4] we demonstrate in this paper that determining whether a particular system configuration meets a quality of protection measure can be described as a constraint satisfaction problem.…”

Section: Introductionmentioning

confidence: 86%

“…For example, in practice, the more firewalls/subnets that have to be traversed to directly access a system, then the more 'secure' the system is considered to be. The notion of security distance is defined in [31] as the minumum number of servers/firewalls that an attacker on the Internet must compromise to obtain direct access to some protected service. We conjecture that security distance in this case is equivalent to using a weighted c-semiring with each system having an equal rating of '1'.…”

Section: Interpreting Riskmentioning

confidence: 99%

See 1 more Smart Citation

Multilevel Security and Quality of Protection

Foley

Bistarelli

O’Sullivan

et al.

Quality of Protection

Self Cite

View full text Add to dashboard Cite

Abstract. Constraining how information may flow within a system is at the heart of many protection mechanisms and many security policies have direct interpretations in terms of information flow and multilevel security style controls. However, while conceptually simple, multilevel security controls have been difficult to achieve in practice. In this paper we explore how the traditional assurance measures that are used in the network multilevel security model can be re-interpreted and generalised to provide the basis of a framework for reasoning about the quality of protection provided by a secure system configuration.

show abstract

Trading Off Security in a Service Oriented Architecture

Cited by 4 publications

References 7 publications

A method for modeling and analyzing the security attributes of service-oriented software system

A method for modeling and analyzing the security attributes of service-oriented software system

Principles of Secure Network Configuration: Towards a Formal Basis for Self-configuration

Multilevel Security and Quality of Protection

Contact Info

Product

Resources

About