Security and performance in service-oriented applications: Trading off competing objectives

Authors:
Hangjung Zo;Derek L. Nazareth;Hemant K. Jain
Affiliations:
Department of Management Science, Korea Advanced Institute of Science and Technology, 335 Gwahak-ro, Yuseong-gu, Daejeon, 305-701, Republic of Korea;Lubar School of Business, University of Wisconsin-Milwaukee, P.O. Box742, Milwaukee, WI 53201, United States;Lubar School of Business, University of Wisconsin-Milwaukee, P.O. Box742, Milwaukee, WI 53201, United States
Venue:
Decision Support Systems
Year:
2010

Citing 28
Cited 3

Genetic algorithms + data structures = evolution programs (2nd, extended ed.)

Genetic algorithms + data structures = evolution programs (2nd, extended ed.)
An introduction to genetic algorithms

An introduction to genetic algorithms
Security service level agreements: quantifiable security for the enterprise?

Proceedings of the 1999 workshop on New security paradigms
Genetic Algorithms in Search, Optimization and Machine Learning

Genetic Algorithms in Search, Optimization and Machine Learning
Mastering Web Services Security

Mastering Web Services Security
Workflow Patterns

Distributed and Parallel Databases
Software Performance Engineering

Performance Evaluation of Computer and Communication Systems, Joint Tutorial Papers of Performance '93 and Sigmetrics '93
A model for web services discovery with QoS

ACM SIGecom Exchanges
Why the Future Belongs to the Quants

IEEE Security and Privacy
Introduction: Service-oriented computing

Communications of the ACM - Service-oriented computing
Editorial: web services and process management: a union of convenience or a new area of research?

Decision Support Systems - Special issue: Web services and process management
Developing web services choreography standards: the case of REST vs. SOAP

Decision Support Systems - Special issue: Web services and process management
Software Security and SOA: Danger, Will Robinson!

IEEE Security and Privacy
Service-Oriented Computing

Computer
On the Brittleness of Software and the Infeasibility of Security Metrics

IEEE Security and Privacy
Syndicating Web Services: A QoS and user-driven approach

Decision Support Systems
Empowering collaborative commerce with Web services enabled business process management systems

Decision Support Systems
Supporting intra- and inter-organizational business processes with web services

Supporting intra- and inter-organizational business processes with web services
Measuring Reliability of Applications Composed of Web Services

HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
An Empirical Model for Quantifying Security Based on Services

ICCGI '07 Proceedings of the International Multi-Conference on Computing in the Global Information Technology
A Metrics Framework to Drive Application Security Improvement

IEEE Security and Privacy
Towards a Security Metrics Taxonomy for the Information and Communication Technology Industry

ICSEA '07 Proceedings of the International Conference on Software Engineering Advances
Towards a taxonomy for information security metrics

Proceedings of the 2007 ACM workshop on Quality of protection
Using Security Patterns to Combine Security Metrics

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Efficient Security Measurements and Metrics for Risk Assessment

ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Catalog of Metrics for Assessing Security Risks of Software throughout the Software Development Life Cycle

ISA '08 Proceedings of the 2008 International Conference on Information Security and Assurance (isa 2008)
Quantitative security analysis for service-oriented software architectures

Quantitative security analysis for service-oriented software architectures
A declarative approach to composing web services in dynamic environments

Decision Support Systems

A Proposed Architecture for Autonomous Mobile Agent Intrusion Prevention and Malware Defense in Heterogeneous Networks

International Journal of Strategic Information Technology and Applications
Towards the automatic and optimal selection of risk treatments for business processes using a constraint programming approach

Information and Software Technology
A decision methodology for managing operational efficiency and information disclosure risk in healthcare processes

Decision Support Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

As service-oriented computing becomes more prevalent, an increasing number of applications will be developed using existing software components with standard interfaces. These components may be developed in-house, may represent purchased software, or may involve vendor located leased services. The use of multiple services, possibly utilizing different technologies and different sources, has significant implications for the performance and security of these applications to support a business process effectively. Estimating performance and security in this distributed environment is a hard problem. This paper examines how performance and security measures can be developed for service-based applications. Business processes are broken down into constituent tasks and a formal mechanism is developed for deriving performance and security measures for the application. Given the competing nature of these two objectives, a tradeoff strategy is utilized wherein managers can trade improved performance for reduced security or vice versa. As the number of alternative services for each task increases, the composition problem becomes combinatorially explosive. A genetic algorithm approach is adopted to find the Pareto optimal set of services that can be assembled to support the business process. An application to a real-world business process illustrates its effectiveness.