Skip to main content
SpringerLink
Log in

Security Evaluation of an Intrusion Tolerant Web Service Architecture Using Stochastic Activity Networks

  • Conference paper
Advances in Information Security and Assurance (ISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5576))

Included in the following conference series:

Abstract

Today, security is an important quality of service attribute of information systems. In addition to countermeasures for detection and prevention of intrusions, dependable information systems should be able to tolerate them. Intrusion tolerant systems are those kinds of systems that are survivable and can continue their correct operation in spite of attacks and intrusions. In this paper we present a high-level stochastic activity network (SAN) model, which is constructed using Möbius modeling tool, to evaluate some important security measures of a multi-layer architecture for intrusion tolerant web services. Using analytic solvers of the tool, we have evaluated some security and survivability measures of the architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aghajani, Z., Abdollahi Azgomi, M.: A Multi-Layer Architecture for Intrusion Tolerant Web Services. Int’l Journal of u- and e- Services, Science and Technology 1, 73–80 (2008)

    Google Scholar 

  2. Goseva-Popstojanova, K., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: DARPA Information Survivability Conference & Exposition, pp. 211–221. IEEE Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  3. Wang, D., Madan, B., Trivedi, K.: Security Analysis of SITAR Intrusion Tolerance System. In: 2003 ACM workshop on Survivable and self-regenerative systems, pp. 23–32. ACM, New York (2003)

    Google Scholar 

  4. Cerami, E.: Web Service Essentials. O’Reilly, Sebastopol (2002)

    Google Scholar 

  5. Möbius, http://www.mobius.uiuc.edu/

  6. Möbius Manual, http://www.mobius.uiuc.edu/manual/MobiusManual.pdf

  7. Sanders, W.H., Meyer, J.F.: Stochastic Activity Networks: Formal Definitions and Concepts. In: Brinksma, E., Hermanns, H., Katoen, J.P. (eds.) EEF School 2000 and FMPA 2000. LNCS, vol. 2090, pp. 315–343. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Koren, I., Krishna, C.M.: Fault-Tolerant Systems. Morgan Kaufmann, San Francisco (2007)

    MATH  Google Scholar 

  9. Stavridou, V., Dutertre, B., Riemenschneider, R.A., Saidi, H.: Intrusion Tolerant Software Architectures. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), pp. 230–241. IEEE Press, Los Alamitos (2001)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ICT Group, E-Learning Center, Iran University of Science and Technology, Tehran, Iran Performance and Dependability Research Lab., Department of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

    Zahra Aghajani & Mohammad Abdollahi Azgomi

Authors
  1. Zahra Aghajani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Abdollahi Azgomi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Department, Kyungnam University, 449, Wolyong-dong, 631-701, Kyungnam, Masan, Korea

    Jong Hyuk Park

  2. Institute of Communications Engineering, National Sun Yat-Sen University, Kaohsiung City, Taiwan

    Hsiao-Hwa Chen

  3. School of Computer Science,, University of Oklahoma, 200 Felgar Street, 73019, P.O. Box, Norman, OK, USA

    Mohammed Atiquzzaman

  4. School of Computer Engineering, Hanshin University, Kyeong-Gi, Osan, Korea

    Changhoon Lee

  5. Division of Multimedia, Hannam University, Daejeon, Korea

    Tai-hoon Kim

  6. Division of Computer Engineering, Mokwon University, Daejeon, Korea

    Sang-Soo Yeo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aghajani, Z., Azgomi, M.A. (2009). Security Evaluation of an Intrusion Tolerant Web Service Architecture Using Stochastic Activity Networks. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02617-1_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02616-4

  • Online ISBN: 978-3-642-02617-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation