An Attack-Tolerant Framework for Web Services

Web services which allow the interoperability and communication of heterogeneous systems in the Web through Internet protocols, are also subject to attacks a well as destructive as sophisticated. Contrariwise, very few solutions exist to ensure the availability of Web services in the presence of the...

Full description

Saved in:
Bibliographic Details
Published in2017 IEEE International Conference on Services Computing (SCC) pp. 503 - 506
Main Authors Ouffoue, Georges L. A., Zaidi, Fatiha, Cavalli, Ana R., Lallali, Mounir
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.06.2017
Subjects
Adaptation
Attack-tolerance
Computer crime
Encoding
Monitoring
Simple object access protocol
Software diversity
Software Engineering
Web services
XML
Online AccessGet full text

Cover

More Information
Summary:Web services which allow the interoperability and communication of heterogeneous systems in the Web through Internet protocols, are also subject to attacks a well as destructive as sophisticated. Contrariwise, very few solutions exist to ensure the availability of Web services in the presence of these attacks. In order to tackle these issues, we propose a comprehensive and complete attack-tolerance methodology whose characteristics are: i) upstream detection of attacks before their propagation, ii) a failover system to mitigate the effects of the attack and, iii) an active reconfiguration process to mitigate attacks that are not easy or impossible to detect by monitoring. Our approach will leverage and explore, in particular, monitoring, diversity and software engineering techniques for devising a fine-grained attack-tolerance system. We conducted preliminary experiments with an e-health Web service, which is a simplified version of a case study of the European project CLARUS.
ISSN:2474-2473
DOI:10.1109/SCC.2017.75