Abstract
Today, security is an important quality of service attribute of information systems. In addition to countermeasures for detection and prevention of intrusions, dependable information systems should be able to tolerate them. Intrusion tolerant systems are those kinds of systems that are survivable and can continue their correct operation in spite of attacks and intrusions. In this paper we present a high-level stochastic activity network (SAN) model, which is constructed using Möbius modeling tool, to evaluate some important security measures of a multi-layer architecture for intrusion tolerant web services. Using analytic solvers of the tool, we have evaluated some security and survivability measures of the architecture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aghajani, Z., Abdollahi Azgomi, M.: A Multi-Layer Architecture for Intrusion Tolerant Web Services. Int’l Journal of u- and e- Services, Science and Technology 1, 73–80 (2008)
Goseva-Popstojanova, K., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: DARPA Information Survivability Conference & Exposition, pp. 211–221. IEEE Press, Los Alamitos (2001)
Wang, D., Madan, B., Trivedi, K.: Security Analysis of SITAR Intrusion Tolerance System. In: 2003 ACM workshop on Survivable and self-regenerative systems, pp. 23–32. ACM, New York (2003)
Cerami, E.: Web Service Essentials. O’Reilly, Sebastopol (2002)
Möbius, http://www.mobius.uiuc.edu/
Möbius Manual, http://www.mobius.uiuc.edu/manual/MobiusManual.pdf
Sanders, W.H., Meyer, J.F.: Stochastic Activity Networks: Formal Definitions and Concepts. In: Brinksma, E., Hermanns, H., Katoen, J.P. (eds.) EEF School 2000 and FMPA 2000. LNCS, vol. 2090, pp. 315–343. Springer, Heidelberg (2001)
Koren, I., Krishna, C.M.: Fault-Tolerant Systems. Morgan Kaufmann, San Francisco (2007)
Stavridou, V., Dutertre, B., Riemenschneider, R.A., Saidi, H.: Intrusion Tolerant Software Architectures. In: DARPA Information Survivability Conference and Exposition (DISCEX II 2001), pp. 230–241. IEEE Press, Los Alamitos (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aghajani, Z., Azgomi, M.A. (2009). Security Evaluation of an Intrusion Tolerant Web Service Architecture Using Stochastic Activity Networks. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_27
Download citation
DOI: https://doi.org/10.1007/978-3-642-02617-1_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02616-4
Online ISBN: 978-3-642-02617-1
eBook Packages: Computer ScienceComputer Science (R0)