Security Evaluation of an Intrusion Tolerant Web Service Architecture Using Stochastic Activity Networks
Today, security is an important quality of service attribute of information systems. In addition to countermeasures for detection and prevention of intrusions, dependable information systems should be able to tolerate them. Intrusion tolerant systems are those kinds of systems that are survivable and can continue their correct operation in spite of attacks and intrusions. In this paper we present a high-level stochastic activity network (SAN) model, which is constructed using Möbius modeling tool, to evaluate some important security measures of a multi-layer architecture for intrusion tolerant web services. Using analytic solvers of the tool, we have evaluated some security and survivability measures of the architecture.
KeywordsSecurity modeling evaluation intrusion tolerant web service (ITWS) stochastic activity networks (SANs)
Unable to display preview. Download preview PDF.
- 1.Aghajani, Z., Abdollahi Azgomi, M.: A Multi-Layer Architecture for Intrusion Tolerant Web Services. Int’l Journal of u- and e- Services, Science and Technology 1, 73–80 (2008)Google Scholar
- 3.Wang, D., Madan, B., Trivedi, K.: Security Analysis of SITAR Intrusion Tolerance System. In: 2003 ACM workshop on Survivable and self-regenerative systems, pp. 23–32. ACM, New York (2003)Google Scholar
- 4.Cerami, E.: Web Service Essentials. O’Reilly, Sebastopol (2002)Google Scholar
- 5.Möbius, http://www.mobius.uiuc.edu/
- 6.Möbius Manual, http://www.mobius.uiuc.edu/manual/MobiusManual.pdf