Security-aware selection of Web Services for Reliable Composition

TL;DR

This paper proposes a method for selecting secure web services for reliable composition by assessing their vulnerabilities through penetration testing, aiming to enhance dependability in service-based systems.

Contribution

It introduces a security-aware selection approach for web services that considers vulnerabilities alongside performance to improve system dependability.

Findings

Preliminary results show effective vulnerability assessment using penetration testing.

The approach helps in selecting more secure web services for composition.

Further research is needed for full validation.

Abstract

Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to implement their core business only and outsource other service components over the Internet, either pre-selected or on-the-fly. The selected third party web services may have security vulnerabilities. Vulnerable web services are of limited practical use. We propose to use an intrusion-tolerant composite web service for each functionality that should be fulfilled by a third party web service. The third party services employed in this approach should be selected based on their security vulnerabilities in addition to their performance. The security vulnerabilities of the third party services are assessed using a penetration testing tool. In this paper we present our preliminary research work.