Service composition with consideration of interdependent security objectives

Karatas, Fatih and Fischer, Lars and Kesdogan, Dogan (2015) Service composition with consideration of interdependent security objectives. SCIENCE OF COMPUTER PROGRAMMING, 97. pp. 183-201. ISSN 0167-6423, 1872-7964

Full text not available from this repository. (Request a copy)

Abstract

Current approaches for service composition consider security as either a single Quality of Service (QoS) attribute or as several mutually independent quality properties. This view is, however, not adequate, as security objectives are no singletons but are subject to interdependence. Another drawback of these approaches is that partial fulfillment of security objectives, either due to technical or organizational constraints cannot be captured. Formal methods on the other hand are usually limited to a fixed set of security objectives. To bridge this gap, we present an approach to assess the quality of service compositions with regards to interdependent security objectives. Our approach utilizes the notion of structural decomposition which estimates the impact of single quality attributes on a security goal. This allows for the definition of domain models for an arbitrary set of security objectives. As the fulfillment of each security objective is individually measured by a utility value, interdependencies between security objectives can be expressed by a single measure. Furthermore, it allows to express partial fulfillment of security objectives. As each security objective is modeled as a utility function on its own, the model resembles a Multi-Objective Optimization (MOO) problem. We present first evaluation results of transforming domain models into MOO problems and tackling them with state-of-the-art genetic algorithms. Furthermore, we give an overview of a support tool for our approach. (C) 2014 Elsevier B.V. All rights reserved.

Item Type: Article
Uncontrolled Keywords: GENETIC ALGORITHM; OPTIMIZATION; CHALLENGES; FRAMEWORK; SELECTION; Service-oriented computing; QoS-aware service composition; Multi-Objective Optimization; Interdependent protection goals; IT security
Subjects: 300 Social sciences > 330 Economics
Divisions: Business, Economics and Information Systems > Institut für Wirtschaftsinformatik > Lehrstuhl für Wirtschaftsinformatik IV (Prof. Dr. Doğan Kesdoğan)
Depositing User: Dr. Gernot Deinzer
Date Deposited: 05 Aug 2019 07:51
Last Modified: 05 Aug 2019 07:51
URI: https://pred.uni-regensburg.de/id/eprint/6393

Actions (login required)

View Item View Item
pred is powered by EPrints 3.4 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.