Top

Published in:

2019 | OriginalPaper | Chapter

Attack Tolerance for Services-Based Applications in the Cloud

Authors : Georges Ouffoué, Fatiha Zaïdi, Ana R. Cavalli

Published in: Testing Software and Systems

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Web services allow the communication of heterogeneous systems and are particularly suitable for building cloud applications. Furthermore, such applications must verify some static properties, but also tolerate attacks at runtime to ensure service continuity. To achieve this, in this paper we propose an attack tolerance framework that includes the risks of attacks. After describing the foundation of this framework, we propose expressing cloud applications as choreographies of services that take into account their distributed nature. Then, we extended the framework to introduce choreography verification by incorporating monitoring (passive tests) and reaction mechanisms. These techniques are validated through relevant experiments. As a result, our framework ensures the required attack tolerance of such cloud applications.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter DYNAMOJM: A JMeter Tool for Performance Testing Using Dynamic Workload Adaptation

next chapter Automatic Generation of Test Oracles from Component Based Software Architectures

http://SChorA.lri.fr.

https://www.eclipse.org/Xtext/.

https://www.eclipse.org/xtend/.

Arsenault, D., Sood, A., Huang, Y.: Secure, resilient computing clusters: Self-cleansing intrusion tolerance with hardware enforced security (SCIT/HES). In: The Second International Conference on Availability, Reliability and Security (ARES 2007), pp. 343–350 (2007)

Beaucamps, P., Reynaud, D., Marion, J.Y., Filiol, E.: On the impact of malware on internet voting. In: 1st Luxembourg Day on Security and Reliability (2009)

Cavalli, A.R., Ortiz, A.M., Ouffoué, G., Sanchez, C.A., Zaïdi, F.: Design of a secure shield for internet and web-based services using software reflection. In: Jin, H., Wang, Q., Zhang, L.-J. (eds.) ICWS 2018. LNCS, vol. 10966, pp. 472–486. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-94289-6_30CrossRef

Estehghari, S., Desmedt, Y.: Exploiting the client vulnerabilities in internet e-voting systems: hacking helios 2.0 as an example. In: Proceedings of the 2010 International Conference on Electronic Voting Technology/Workshop on Trustworthy Elections, pp. 1–9. USENIX Association (2010)

Ficco, M., Rak, M.: Intrusion tolerant approach for denial of service attacks to web services. In: Proceedings of the 2011 First International Conference on Data Compression, Communications and Processing, CCP 2011, pp. 285–292. IEEE Computer Society (2011)

Furtado, T., Francesquini, E., Lago, N., Kon, F.: A middleware for reflective web service choreographies on the cloud. In: Proceedings of the 13th Workshop on Adaptive and Reflective Middleware, ARM 2014, pp. 9:1–9:6. ACM (2014)

Hennessy, M., Lin, H.: Symbolic bisimulations. Theor. Comput. Sci. 138(2), 353–389 (1995)MathSciNetCrossRef

Madan, B.B., Trivedi, K.S.: Security modeling and quantification of intrusion tolerant systems using attack-response graph. J. High Speed Netw. 13(4), 297–308 (2004)

Nguyen, H.N.: Une Approche Symbolique pour la Vérification et le Test des Chorégraphies de Services. Ph.D. thesis, Université Paris-Sud (2013)

10.

O’Brien, D., Smith, R., Kappel, T., Bitzer, C.: Intrusion tolerance via network layer controls. In: Proceedings DARPA Information Survivability Conference and Exposition, vol. 1, pp. 90–96 (2003)

11.

Pavel, S., Noyé, J., Poizat, P., Royer, J.-C.: A java implementation of a component model with explicit symbolic protocols. In: Gschwind, T., Aßmann, U., Nierstrasz, O. (eds.) SC 2005. LNCS, vol. 3628, pp. 115–124. Springer, Heidelberg (2005). https://doi.org/10.1007/11550679_9CrossRef

12.

Qiu, Z., Zhao, X., Cai, C., Yang, H.: Towards the theoretical foundation of choreography. In: Proceedings of WWW 2007 (2007)

13.

Sadegh, B., Azgomi, M.A.: A new architecture for intrusion-tolerant web services based on design diversity techniques. J. Inf. Syst. Telecommun. (JIST), Autumn (2015)

14.

Sousa, P., Bessani, A., Neves, N.F., Obelheiro, R.: The forever service for fault/intrusion removal. In: Proceedings of the 2nd Workshop on Recent Advances on Intrusiton-tolerant Systems, WRAITS 2008, pp. 5:1–5:6. ACM (2008)

15.

Sousa, P., Bessani, A.N., Correia, M., Neves, N.F., Verissimo, P.: Resilient intrusion tolerance through proactive and reactive recovery. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 373–380 (2007)

16.

Valdes, A., et al.: An architecture for an adaptive intrusion-tolerant server. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2002. LNCS, vol. 2845, pp. 158–178. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-39871-4_14CrossRef

17.

Verissimo, P.E.: Intrusion-tolerant middleware: the road to automatic security. IEEE Secur. Priv. 4(4), 54–62 (2006)CrossRef

18.

Wang, F., Raghavendra, U., Killian, C.: Analysis of techniques for building intrusion tolerant server systems. IEEE Mil. Commun. Conf. (MILCOM) 2, 729–734 (2003)

Title: Attack Tolerance for Services-Based Applications in the Cloud
Authors: Georges Ouffoué
Fatiha Zaïdi
Ana R. Cavalli
Publisher: Springer International Publishing
Book: Testing Software and Systems
Print ISBN: 978-3-030-31279-4

Electronic ISBN: 978-3-030-31280-0

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-31280-0_15

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner