Abstract
Service oriented architectures provide a simple yet flexible model of a computing system as a graph of services making requests and providing results to each other. In this paper we define a formal model of a service oriented architecture and using it, we define metrics for performance, for availability, and for various security properties. These metrics serve as the basis for expressing the business requirements. To make trade-offs possible we also define a set of cost metrics, denominated in a uniform currency, to measure the cost of not meeting a requirement. The model, the property metrics, and the cost metrics are then used to generate a Constraint Satisfaction Problem where the objective function is set to minimize the aggregate system cost. We have written these constraints and defined realistic requirements in OPL and we have used them to generate system configurations that minimize the overall cost by optimally trading off the business requirements.
Chapter PDF
Similar content being viewed by others
References
Graham, S.L., Kessler, P.B., McKusick, M.K.: gprof: A call graph execution profiler. In: Thomas, W. (ed.) Proceedings of the SIGPLAN 1982 Symposium on Compiler Construction, Boston, MA, USA. SIGPLAN Notices, vol. 17(6), pp. 120–126. ACM Press, New York (1982)
Herrold, R.: Rpm package manager (2002), http://www.rpm.org
Zwicky, E.D., Simon Cooper, D.B.C.: A Handbook of Process Algebra. 2nd edn. O’Reilly, Sebastopol (2000)
Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Configuring storage area networks for mandatory security. In: Farkas, C., Samarati, P. (eds.) Proceedings of the 18th IFIP Annual Conference on Data and Applications Security, Sitges, Catalonia, Spain, pp. 357–370. Kluwer, Dordrecht (2004)
Al-Ali, R., Hafid, A., Rana, O., Walker, D.: An approach for qos adaptation in service-oriented grids. Concurrency Computation: Practice and Experience 16 (2004)
Alvarez, G.A., Borowsky, E., Go, S., Romer, T.H., Becker-Szendy, R., Golding, R.A., Merchant, A., Spasojevic, M., Veitch, A.C., Wilkes, J.: Minerva: an automated resource provisioning tool for large-scale storage systems. ACM Transactions on Computer-Systems 19 (2001)
Anderson, E., Hobbs, M., Keeton, K., Spence, S., Uysal, M., Veitch, A.C.: Hippodrome: Running circles around storage administration. In: Long, D.D.E. (ed.) Proceedings of the FAST 2002 Conference on File and Storage Technologies, Monterey, California, USA, pp. 175–188. USENIX (2002)
Goldsack, P., Guijarro, J., Lain, A., Mecheneau, G., Murray, P., Toft, P.: Smartfrog: Configuration and automatic ignition of distributed applications. In: Proceedings of the HP OpenView University Association 10th Workshop. University of Geneva, Switzerland (2003), http://www.smartfrog.org/papers/SmartFrog_Overview_HPOVA03.May.pdf
Ward, J., O’Sullivan, M., Shahoumian, T., Wilkes, J.: Appia: automatic storage area network design. In: Long, D.D.E. (ed.) Proceedings of the FAST 2002 Conference on File and Storage Technologies, Monterey, California, USA, pp. 203–217. USENIX (2002)
Swart, G.: Storage management by constraint satisfaction. In: Proceedings of the Workshop on Immediate Applications of Constraint Programming, Kinsale, Cork, Ireland (2003)
Balter, R., Bellissard, L., Boyer, F., Rivelli, M., Vion-Dury, J.: Architecting and configuring distributed applications with olan. In: Proceedings of the 1998 IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing, The Lake district, UK. LNCS, vol. 1518, pp. 241–256. Springer, Heidelberg (1998)
Chen, S., Nahrstedt, K.: An overview of quality-of-service routing for the next generation high-speed networks: Problems and solutions. IEEE Network Magazine 12, 64–79 (1998)
MartÃn-DÃaz, O., Cortés, A.R., Durán, A., Benavides, D., Toro, M.: Automating the procurement of web services. In: Orlowska, M.E., Weerawarana, S., Papazoglou, M.P., Yang, J. (eds.) ICSOC 2003. LNCS, vol. 2910, pp. 91–103. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 IFIP International Federation for Information Processing
About this paper
Cite this paper
Swart, G., Aziz, B., Foley, S.N., Herbert, J. (2005). Trading Off Security in a Service Oriented Architecture. In: Jajodia, S., Wijesekera, D. (eds) Data and Applications Security XIX. DBSec 2005. Lecture Notes in Computer Science, vol 3654. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11535706_22
Download citation
DOI: https://doi.org/10.1007/11535706_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28138-2
Online ISBN: 978-3-540-31937-5
eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.