Title: Attack surface-based security metric framework for service selection and composition

Authors: Hisain Elshaafi; Jimmy McGibney; Dmitri Botvich

Addresses: Telecommunications Software and Systems Group, Waterford Institute of Technology, Waterford, Ireland ' Telecommunications Software and Systems Group, Waterford Institute of Technology, Waterford, Ireland ' Telecommunications Software and Systems Group, Waterford Institute of Technology, Waterford, Ireland

Abstract: Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

Keywords: composite services; security metrics; security attributes; attack surfaces; trustworthiness; component services; business process; service selection; service composition; exploitability; vulnerability; service-oriented computing; service security; component configurations; business process security.

DOI: 10.1504/IJAACS.2017.082741

International Journal of Autonomous and Adaptive Communications Systems, 2017 Vol.10 No.1, pp.88 - 113

Received: 05 Sep 2013
Accepted: 20 Aug 2014

Published online: 10 Mar 2017 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article