Attack surface-based security metric framework for service selection and composition

Hisain Elshaafi, Jimmy McGibney, Dmitri Botvich

Research output: Contribution to journalArticlepeer-review

1 Citation (Scopus)

Abstract

Security in service-oriented computing is important in ensuring trustworthiness of services both atomic and composite. However, in order to select and compose services that are most secure and trustworthy, there is a need for metrics to evaluate and rank those services in terms of their security attributes. The area of security metrics and quantification has recently gained significant attention and made some progress. This paper proposes a framework for quantifying security of component services and their compositions based on the concept of attack surfaces to help compose and provide the most trustworthy composite services. The framework allows composite service providers to address multifaceted security issues in composite services and measure improvements resulting from changes to component configurations, application of business process security extensions or other actions.

Original languageEnglish
Pages (from-to)88-113
Number of pages26
JournalInternational Journal of Autonomous and Adaptive Communications Systems
Volume10
Issue number1
DOIs
Publication statusPublished - 2017

Keywords

  • Attack surface
  • Business process
  • Component
  • Composite service
  • Composition
  • Exploitability
  • Security attribute
  • Security metric
  • Service selection
  • Trustworthiness
  • Vulnerability

Fingerprint

Dive into the research topics of 'Attack surface-based security metric framework for service selection and composition'. Together they form a unique fingerprint.

Cite this