Model for evaluation of SOA security metrics using attack graphs Online publication date: Sun, 21-Feb-2010
by Jan Magott, Marek Woda
International Journal of Critical Computer-Based Systems (IJCCBS), Vol. 1, No. 1/2/3, 2010
Abstract: In the paper, a proposal of risk assessment for service oriented architecture (SOA) is given. The proposal is based on service availability metrics that is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. Resource consumption, in terms of host-processing time, bandwidth of physical connections utilisation are the new features of an atomic attack given in this paper. Taking into account, resources engaged during attacks have been divided into: resources charging attacks (performance attacks) and non-resources charging attacks (functional attacks). The attack graphs of the second type attacks are similar to the graph attacks presented in literature. The attack graphs of the first attack type are new. A model of intrusion detection system is also given.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Critical Computer-Based Systems (IJCCBS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com
Our Blog 
Follow us on Twitter 
Visit us on Facebook