An Adaptive Model for Tradeoff Between Service Performance and Security in Service-based Environments

The messages-based communication among services in Service Oriented Architecture (SOA) is vulnerable to various security attacks, and has to be well protected by security mechanisms, which may sacrifice the service performance due to limited system resources. In this paper, an adaptive model for the tradeoff between service performance and security in service-based environments is presented. This model can be used to adjust security configurations to provide sufficient protection and satisfy service performance requirements for SOA-based software systems simultaneously. The construction of the tradeoff model consists of the development of a set of metrics to quantitatively measure performance and security, the development of a tradeoff objective function incorporating service performance and security together, and the parameter estimation through experiments. A service-based secure voice communication service is developed as an example to show the construction of the tradeoff model.

[1]  Yan Chen,et al.  QoS Requirements of Network Applications on the Internet , 2004, Inf. Knowl. Syst. Manag..

[2]  Chris J. Mitchell,et al.  A Taxonomy of Single Sign-On Systems , 2003, ACISP.

[3]  Stephen S. Yau,et al.  Design of Service-Based Systems with Adaptive Tradeoff Between Security and Service Delay , 2007, ATC.

[4]  Sang Hyuk Son,et al.  Feedback Control Architecture and Design Methodology for Service Delay Guarantees in Web Servers , 2006, IEEE Transactions on Parallel and Distributed Systems.

[5]  Carl Pomerance,et al.  A Tale of Two Sieves , 1998 .

[6]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[7]  Jörgen Hansson,et al.  An adaptable security manager for real-time transactions , 2000, Proceedings 12th Euromicro Conference on Real-Time Systems. Euromicro RTS 2000.

[8]  Xiaobo Li,et al.  Partial encryption of compressed images and videos , 2000, IEEE Trans. Signal Process..

[9]  Bharat K. Bhargava,et al.  MPEG Video Encryption in Real-time Using Secret Key Cryptography , 1999, PDPTA.

[10]  Cynthia E. Irvine,et al.  Calculating costs for quality of security service , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[11]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[12]  Marc Van Droogenbroeck,et al.  Techniques for a selective encryption of uncompressed and compressed images , 2002 .

[13]  Gautam G. Rao,et al.  Application Level Differentiated Services for Web Servers , 2000 .

[14]  Mahadev Satyanarayanan,et al.  Quantifying the Strength of Security Systems , 2007, HotSec.

[15]  William Yurcik,et al.  SCRUB-tcpdump: A multi-level packet anonymizer demonstrating privacy/analysis tradeoffs , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[16]  Stephen S. Yau,et al.  Developing Service-Based Software Systems with QoS Monitoring and Adaptation , 2008, 2008 12th IEEE International Workshop on Future Trends of Distributed Computing Systems.

[17]  Sang Hyuk Son,et al.  Systematic Security and Timeliness Tradeoffs in Real-Time Embedded Systems , 2006, 12th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA'06).

[18]  Daniel Roth,et al.  Web Services Policy Framework (WS- Policy) , 2002 .

[19]  Wenjun Zeng,et al.  Efficient frequency domain selective scrambling of digital video , 2003, IEEE Trans. Multim..