Quantitative Security Analysis for Service-Oriented

نویسندگان

  • Michael Yanguo Liu
  • Issa Traore
  • Kin Fun Li
  • Stephen W. Neville
  • John Mullins
چکیده

Supervisory Committee Dr. Issa Traore Supervisor Dr. Kin Fun Li Departmental Member Dr. Stephen W. Neville Departmental Member Weber-Jahnke, J.H. Outside Member Dr. John Mullins Additional Member Due to the dramatic increase in intrusion activities, the definition and evaluation of software security requirements have become important aspects of the development of software services. It is now a well-accepted fact in software engineering that security concerns, like any other quality concerns, should be dealt with in the early stages of software development process. Current practices for software security architecture risk analysis, however, still heavily rely on human expertise. This involves a significant amount of subjective efforts creating a greater potential for inaccuracies. In this dissertation, we propose a framework for quantitative security architecture analysis for service-oriented software systems. In this regard two important contributions are made in the dissertation. First, we identify and define some internal security attributes and related properties based on a generic service-oriented software model, setting up a framework for the definition and formal evaluation of corresponding security metrics. Second, we propose a measurement abstraction paradigm named User System Interaction Effect (USIE) model that can be used to systematically derive and analyze security concerns from service-oriented software architectures. Many aspects of the model derivation and analysis can be automated, which limit the amount of user involvement and, thereby, reduce the subjectivity underlying typical security analysis process. The model can be used as a foundation for quantitative analysis of software services from different security perspectives with respect to the internal security properties introduced. Based on sample metrics derived from the framework, we illustrate empirically the viability of our paradigm by conducting case studies based on existing open source software.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

از پیاده سازی معماری سرویس گرا تا چابکی سازمان با رویکرد مدلسازی پویایی سیستم

SOA is type of architecture that used service to simplify integration activities and use the components for reusable. Companies to survive in the dynamic environment needed to strengthen their organizations through information systems and service-oriented architecture is a way for the integration and effectiveness of the use of information systems and achieve organizational agility. In this pap...

متن کامل

An Autonomic Service Oriented Architecture in Computational Engineering Framework

Service Oriented Architecture (SOA) technology enables composition of large and complex computational units out of the available atomic services. Implementation of SOA brings about challenges which include service discovery, service interaction, service composition, robustness, quality of service, security, etc. These challenges are mainly due to the dynamic nature of SOA. SOAmay often need to ...

متن کامل

An Autonomic Service Oriented Architecture in Computational Engineering Framework

Service Oriented Architecture (SOA) technology enables composition of large and complex computational units out of the available atomic services. Implementation of SOA brings about challenges which include service discovery, service interaction, service composition, robustness, quality of service, security, etc. These challenges are mainly due to the dynamic nature of SOA. SOAmay often need to ...

متن کامل

Evaluating Information Security Controls Applied by Service-Oriented Architecture Governance Frameworks

Ensuring a secure Service-Oriented Architecture implementation within an organisation is challenging. Without sound information security principles supporting a Service-Oriented Architecture implementation, the rate of success is low. The information security principles of identification, authentication, authorization, confidentiality, integrity, availability and accountability remain the same ...

متن کامل

Toward Security Analysis of Service Oriented Software Architecture

This paper presents an analysis of security aspect of Web-Based applications that utilize Service Oriented Architecture (SOA). The architectural solutions which address security requirements are examined and compared with other quality attributes relevant to web-based systems. More specifically, a trade off analysis in which security is the main focus is performed to select an architecture that...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008