An attack-tolerant framework for web services - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

An attack-tolerant framework for web services

Résumé

Web services allow the interoperability and communication of heterogeneous systems in the Web through Internet protocols. These facilities make them particularly useful for implementing services oriented architectures (SOAs) of companies, cloud services (e.g., Amazon, Microsoft, Google) and even governments applications.Web services are also subject to attacks that are destructive even if they are well known or appearing daily. Moreover, very few solutions exist to ensure the availability of Web services in the presence of these attacks. In order to tackle these issues, we propose an innovative attack-tolerant architecture and framework for Web services. We propose a comprehensive and complete attack-tolerance methodology whose characteristics are: i) upstream detection of attacks before their propagation, ii) a failover system to mitigate the effects of the attack and, iii) an active rejuvenation process to mitigate attacks that are not easy or impossible to detect by monitoring. Our approach leverages and explores, in particular, monitoring, diversity and software engineering techniques for devising a finegrained attack-tolerance system. We tested our framework with an e-health Web service, which is a simplified version of a case study of the European project CLARUS1. This proof of concept shows how it is effective and realistic to enable attack tolerance
Fichier non déposé

Dates et versions

hal-01695155 , version 1 (29-01-2018)

Identifiants

Citer

Georges Ouffoué, Fatiha Zaidi, Ana Rosa Cavalli, Mounir Lallali. An attack-tolerant framework for web services. SCC 2017 : 14th International Conference on Services Computing, Jun 2017, Honolulu, United States. pp.503 - 506, ⟨10.1109/SCC.2017.75⟩. ⟨hal-01695155⟩
163 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More