Security Evaluation of an Intrusion Tolerant Web Service Architecture Using Stochastic Activity Networks

  • Zahra Aghajani
  • Mohammad Abdollahi Azgomi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5576)


Today, security is an important quality of service attribute of information systems. In addition to countermeasures for detection and prevention of intrusions, dependable information systems should be able to tolerate them. Intrusion tolerant systems are those kinds of systems that are survivable and can continue their correct operation in spite of attacks and intrusions. In this paper we present a high-level stochastic activity network (SAN) model, which is constructed using Möbius modeling tool, to evaluate some important security measures of a multi-layer architecture for intrusion tolerant web services. Using analytic solvers of the tool, we have evaluated some security and survivability measures of the architecture.


Security modeling evaluation intrusion tolerant web service (ITWS) stochastic activity networks (SANs) 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aghajani, Z., Abdollahi Azgomi, M.: A Multi-Layer Architecture for Intrusion Tolerant Web Services. Int’l Journal of u- and e- Services, Science and Technology 1, 73–80 (2008)Google Scholar
  2. 2.
    Goseva-Popstojanova, K., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: DARPA Information Survivability Conference & Exposition, pp. 211–221. IEEE Press, Los Alamitos (2001)CrossRefGoogle Scholar
  3. 3.
    Wang, D., Madan, B., Trivedi, K.: Security Analysis of SITAR Intrusion Tolerance System. In: 2003 ACM workshop on Survivable and self-regenerative systems, pp. 23–32. ACM, New York (2003)Google Scholar
  4. 4.
    Cerami, E.: Web Service Essentials. O’Reilly, Sebastopol (2002)Google Scholar
  5. 5.
  6. 6.
  7. 7.
    Sanders, W.H., Meyer, J.F.: Stochastic Activity Networks: Formal Definitions and Concepts. In: Brinksma, E., Hermanns, H., Katoen, J.P. (eds.) EEF School 2000 and FMPA 2000. LNCS, vol. 2090, pp. 315–343. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Koren, I., Krishna, C.M.: Fault-Tolerant Systems. Morgan Kaufmann, San Francisco (2007)zbMATHGoogle Scholar
  9. 9.
    Stavridou, V., Dutertre, B., Riemenschneider, R.A., Saidi, H.: Intrusion Tolerant Software Architectures. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), pp. 230–241. IEEE Press, Los Alamitos (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Zahra Aghajani
    • 1
  • Mohammad Abdollahi Azgomi
    • 1
  1. 1.ICT Group, E-Learning Center, Iran University of Science and Technology, Tehran, Iran Performance and Dependability Research Lab., Department of Computer EngineeringIran University of Science and TechnologyTehranIran

Personalised recommendations