Attack surface-based security metric framework for service selection and composition
by Hisain Elshaafi; Jimmy McGibney; Dmitri Botvich
International Journal of Autonomous and Adaptive Communications Systems (IJAACS), Vol. 10, No. 1, 2017

Abstract: Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

Online publication date: Thu, 09-Mar-2017

The full text of this article is only available to individual subscribers or to users at subscribing institutions.

Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.

Pay per view:
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.

Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Autonomous and Adaptive Communications Systems (IJAACS):
Login with your Inderscience username and password:

    Username:        Password:         

Forgotten your password?

Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.

If you still need assistance, please email