Upload
aniketos-eu-fp7-project
View
242
Download
1
Embed Size (px)
Citation preview
A Heuristic Approach for Secure Service Composition Adaptation
Liverpool John Moores UniversityBo Zhou
OverviewSOA and its security issues
Secure service composition adaptation
0/1 knapsack problem
Heuristic solution
Simulated annealing
Service-oriented ArchitectureFoundation for modelling, planning,
searching for and composing services.
Offer new applications via composition of services.
Facilitated by standardised interoperations among services.- WSDL, USDL, BPMN
A BPMN example
Security measures in SOAVerification is to ensure selected services comply
with the security policy at both design- and run-time.- Changes in service behaviour or operating context
could affect the stated composition behaviour.- There are variety of existing tools for performing
analysis of individual or composed services. i.e. formal analysis and code analysis
Inconsistent security policies and configurations must be continually monitored and addressed.- Countermeasures such as adaptation or recomposition.
Secure Service Composition AdaptationComposition adaptation aims to mitigate issues identified during
verification and monitoring.
Adaptation is not straightforward due to the following reasons.- No direct suggestions from verification tools.- Concept of security is broad.- A simple substitution of a service may result in dramatic changes to
the security properties of the entire composition.
Individual success does not guarantee collective satisfactory. - For example, two services use different encryption algorithms.
The secure composition adaptation issue is actually an optimisation problem with constraints.- Especially when facing wide choice of alternatives.
The 0/1 Knapsack Problem
Given a set of items, each with a weight and a value, determine the items to be included in a combination so that the total weight is less than or equal to a given limit (e.g. the capacity of a knapsack) and the total value is as large as possible.
The 0/1 Knapsack Problem
Similarity to our problemDefinition- Given a set of alternative services, what
is the best combination of them in order to achieve the most secure service composition?
There are always constraints while selecting services.- On trustworthiness, running efficiency and many other
QoS and security related factors. - This is known as the 0/1 multidimensional knapsack
problem.Focus on typical business decision where the user
has to balance security withcost.Cost->Weight Security->Value
Optimisation of Composition Adaptation
C
S1?
S11
S12
S13
S2?
S21
S22
Sn?
Sn1
Sn2
Snm
Candidate Services
ServiceCompositi
on
Composition plan
Heuristics-based SolutionProblems that have no polynomial-time
algorithms are known for solving them.- NP-complete
Exhaustive search is impractical.- Formal verification is a time consuming and
resource wasting processHeuristic methods select compositions
`intelligently‘, attempting to find increasingly successful solutions until an adequate answer is found.- Aiming for fast and accurate adaptation.
Simulated AnnealingUsed to solve NP-complete problems in
general, including 0/1 knapsack problem.
Named to mimic the chemical process when atoms in metal become placed in relative order during the process of being overheated to gradually being cooled.
The solution1. Choose any feasible combination randomly.2. Randomly select an item from the original items set n.3. If the item has not been collected, add the item to the combination. If the
new combination does not satisfy the weight constraint, randomly remove an item from the combination until it becomes feasible.
4. While in step 3 if the item has already been collected, remove this item and pick up another item from the items set that forms a new feasible combination.
5. If the new combination satisfies following equation, than the new combination will be accepted.
where ΔV represents the change of value, T is the temperature, e is the mathematical constant and R(0, 1) generates a random number between 0 and 1.
6. For the value function V, if ΔV is a positive, that means the new combination has greater value and the equation is always true; if ΔV is negative, than the new combination has lower value. However, it is still possible that the new combination will be accepted. In effect, with larger T, the chance of satisfying the equation is higher.
7. Repeat steps 2-6 several times, decreasing the value of T at each step until a lower threshold for the value of T is reached.
8. When T reaches the threshold value, the current solution will be the best one we can get.
R(0,1) > e T
V
Quantify ServicesTo apply the solution, we have to find away to quantify
services.- Will allow direct comparison of services.
Current proposal is to derive the security properties from service level agreement and catogorise them into four aspects.- Privacy, Confidentiality, Authenticity, Availability.- For example, `secured communication = true‘ contributes 0.5 to
Confidentiality and 0.3 to Privacy; `encryption algorithm = 3DES‘ contributes another extra 0.1 to Confidentiality.
e.g. S = 0.4 × C + 0.2 × U + 0.1 × V + 0.3 × P
where C represents the value of Confidentiality, U represents Authenticity, V represents Availability and P represents Privacy.
Future WorkProve the NP-completeness
Examine the efficiency of Heuristics solutions- Adaptation speed and accuracy- Other solutions apart from Simulated
Annealing
SummarySOA and its security issueSecure Service Composition AdaptationNP-complete with 0/1 knapsack problemHeuristic solutions such as Simulate
Annealing
Q & A