Improving resilience of SOA services along space-time dimensions

In Service-Oriented Architecture, a service contains a set of operations with openly defined input and output parameters. In addition to these operations and traditional QoS, offered services need to implement different levels of intrusion tolerance. Indeed, intrusion tolerance has been recently presented as part of the defense-in-depth solution in order to enhance security resilience for services, as a complement to the traditional intrusion prevention and detection. While satisfying functional requirements, a service also exposes its attack surface via published operations, protocols, and accessible data as an adverse side effect, which makes it susceptible to exploitation by malicious actors. The resulting question is - how can services fulfill and maintain their intrusion tolerance QoS (IT-QoS) for security resilience and rapid recovery in the face of hostile attacks. In this paper, we propose an approach to tune a service so that its attackability can be controlled and the IT-QoS guaranteed despite the exposed attack surface. Our approach relies on Self-Cleansing Intrusion Tolerance (SCIT), a recovery-based intrusion tolerance architecture combined with service-oriented programming constructs. A quantitative analysis using Semi-Markov Process modeling provides a mathematical foundation for compensating the expansion of a service's attack surface by tuning SCIT system parameters.

[1]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[2]  Rafael R. Obelheiro,et al.  Overlay Network Topology Reconfiguration in Byzantine Settings , 2007 .

[3]  Arun K. Sood,et al.  Securing Web Servers Using Self Cleansing Intrusion Tolerance (SCIT) , 2009, 2009 Second International Conference on Dependability.

[4]  Arun K. Sood,et al.  Multiclass S-Reliability for Services in SOA , 2010, 2010 Fifth International Conference on Software Engineering Advances.

[5]  Alysson Neves Bessani,et al.  The FOREVER service for fault/intrusion removal , 2008, WRAITS '08.

[6]  Miguel Correia,et al.  Resilient Intrusion Tolerance through Proactive and Reactive Recovery , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[7]  Sven Türpe,et al.  Quantifying the Attack Surface of a Web Application , 2010, Sicherheit.

[8]  Arun K. Sood,et al.  Realizing S-Reliability for services via recovery-driven intrusion tolerance mechanism , 2010, 2010 International Conference on Dependable Systems and Networks Workshops (DSN-W).

[9]  S TrivediKishor,et al.  A method for modeling and quantifying the security attributes of intrusion tolerant systems , 2004 .

[10]  Arun K. Sood,et al.  Quantitative Approach to Tuning of a Time-Based Intrusion-Tolerant System Architecture , 2009 .

[11]  Arun K. Sood,et al.  Designing SCIT architecture pattern in a Cloud-based environment , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[12]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[13]  Yih Huang,et al.  Introducing Diversity and Uncertainty to Create Moving Attack Surfaces for Web Services , 2011, Moving Target Defense.

[14]  Michael Yanguo Liu Quantitative security analysis for service-oriented software architectures , 2008 .

[15]  Issa Traoré,et al.  A Service-Oriented Framework for Quantitative Security Analysis of Software Architectures , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.