Conference Paper

Specifying and Constructing a Fault-Tolerant Composite Service

Comput. Dept., Lancaster Univ., Lancaster
DOI: 10.1109/ECOWS.2008.26 Conference: on Web Services, 2008. ECOWS '08. IEEE Sixth European Conference
Source: IEEE Xplore

ABSTRACT This paper proposes a means to specify the semantics of fault tolerant Web services at an abstract level using semantics adapted from queuing system theory. A framework that supports the implementation of specified fault-tolerance is also described. Based on our work, we show how the redundancy and diversity characteristics of a service-oriented system can be expressed and implemented in a Web-service application.

  • [Show abstract] [Hide abstract]
    ABSTRACT: ContextThe use of Business Process Management Systems (BPMS) has emerged in the IT arena for the automation of business processes. In the majority of cases, the issue of security is overlooked by default in these systems, and hence the potential cost and consequences of the materialization of threats could produce catastrophic loss for organizations. Therefore, the early selection of security controls that mitigate risks is a real and important necessity. Nevertheless, there exists an enormous range of IT security controls and their configuration is a human, manual, time-consuming and error-prone task. Furthermore, configurations are carried out separately from the organization perspective and involve many security stakeholders. This separation makes difficult to ensure the effectiveness of the configuration with regard to organizational requirements.Objective In this paper, we strive to provide security stakeholders with automated tools for the optimal selection of IT security configurations in accordance with a range of business process scenarios and organizational multi-criteria.Method An approach based on feature model analysis and constraint programming techniques is presented, which enable the automated analysis and selection of optimal security configurations.ResultsA catalogue of feature models is determined by analysing typical IT security controls for BPMSes for the enforcement of the standard goals of security: integrity, confidentiality, availability, authorization, and authentication. These feature models have been implemented through constraint programs, and Constraint Programming techniques based on optimized and non-optimized searches are used to automate the selection and generation of configurations. In order to compare the results of the determination of configuration a comparative analysis is given.Conclusion In this paper, we present innovative tools based on feature models, Constraint Programming and multi-objective techniques that enable the agile, adaptable and automatic selection and generation of security configurations in accordance with the needs of the organization.
    Information and Software Technology 11/2013; DOI:10.1016/j.infsof.2013.05.007 · 1.33 Impact Factor

Full-text (3 Sources)

Available from
May 21, 2014