Attack surface-based security metric framework for service selection and composition

H. Elshaafi; J. McGibney; D. Botvich

doi:10.1504/IJAACS.2017.082741

Attack surface-based security metric framework for service selection and composition

H. Elshaafi, J. McGibney, D. Botvich

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

Original language	English
Pages (from-to)	88-113
Number of pages	26
Journal	International Journal of Autonomous and Adaptive Communications Systems
Volume	10
Issue number	1
DOIs	https://doi.org/10.1504/IJAACS.2017.082741
Publication status	Published - 2017

Keywords

Attack surface
Business process
Component
Composite service
Composition
Exploitability
Security attribute
Security metric
Service selection
Trustworthiness
Vulnerability

Access to Document

10.1504/IJAACS.2017.082741

Cite this

@article{ba17210e064f4df799d0e2ab25be6b74,

title = "Attack surface-based security metric framework for service selection and composition",

abstract = "Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.",

keywords = "Attack surface, Business process, Component, Composite service, Composition, Exploitability, Security attribute, Security metric, Service selection, Trustworthiness, Vulnerability",

author = "H. Elshaafi and J. McGibney and D. Botvich",

year = "2017",

doi = "10.1504/IJAACS.2017.082741",

language = "English",

volume = "10",

pages = "88--113",

journal = "International Journal of Autonomous and Adaptive Communications Systems",

issn = "1754-8632",

publisher = "Inderscience Enterprises Ltd.",

number = "1",

}

TY - JOUR

T1 - Attack surface-based security metric framework for service selection and composition

AU - Elshaafi, H.

AU - McGibney, J.

AU - Botvich, D.

PY - 2017

Y1 - 2017

N2 - Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

AB - Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

KW - Attack surface

KW - Business process

KW - Component

KW - Composite service

KW - Composition

KW - Exploitability

KW - Security attribute

KW - Security metric

KW - Service selection

KW - Trustworthiness

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=85015266582&partnerID=8YFLogxK

U2 - 10.1504/IJAACS.2017.082741

DO - 10.1504/IJAACS.2017.082741

M3 - Article

AN - SCOPUS:85015266582

SN - 1754-8632

VL - 10

SP - 88

EP - 113

JO - International Journal of Autonomous and Adaptive Communications Systems

JF - International Journal of Autonomous and Adaptive Communications Systems

IS - 1

ER -

Attack surface-based security metric framework for service selection and composition

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this