Quality of Security Service for Web Services within SOA

Yamany, Hany F. El; Capretz, Miriam A. M.; Allison, David S.

doi:10.1109/services-i.2009.95

Cited by 14 publications

(7 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the case of an SOA-based program, information leakage will not be just because of interference among the low-security sensitive and high-security sensitive variables but other architectural parameters will also play a crucial role in the quantification of information leakage. The detail about the SOA and attacks related to SOA are discussed in detail in [24] and [16,25] respectively. In SOA, the parameters like network link will be outside of the closed system.…”

Section: Program Executes In Service Oriented Architecture (Soa)mentioning

confidence: 99%

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Anjaria

Mishra

2017

Chinese Phys. B

View full text Add to dashboard Cite

Shannon observed the relation between information entropy and Maxwell demon experiment to come up with information entropy formula. After that, Shannon's entropy formula is widely used to measure information leakage in imperative programs. But in the present work, our aim is to go in a reverse direction and try to find possible Maxwell's demon experimental setup for contemporary practical imperative programs in which variations of Shannon's entropy formula has been applied to measure the information leakage. To establish the relation between the second principle of thermodynamics and quantitative analysis of information leakage, present work models contemporary variations of imperative programs in terms of Maxwell's demon experimental setup. In the present work five contemporary variations of imperative program related to information quantification are identified. They are: (1) information leakage in imperative program (2) imperative multithreaded program (3) point to point leakage in the imperative program (4) imperative program with infinite observation and (5) imperative program in the SOA-based environment. For these variations, minimal work required by an attacker to gain the secret is also calculated using historical Maxwell's demon experiment. To model the experimental setup of Maxwell's demon, non-interference security policy is used. In the present work, imperative programs with one-bit secret information have been considered to avoid the complexity. The findings of the present work from the history of physics can be utilized in many areas related to information flow of physical computing, nano-computing, quantum computing, biological computing, energy dissipation in computing and computing power analysis.

show abstract

Section: Program Executes In Service Oriented Architecture (Soa)mentioning

confidence: 99%

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Anjaria

Mishra

2017

Chinese Phys. B

View full text Add to dashboard Cite

show abstract

“…The privacy level quantifies the risk of disclosure of user information based on three dimensions: visibility, sensitivity and retention time. Quantifying privacy levels comes from security levels addressed by El-Yamany which quantifies security levels [22]. From privacy definition, we define for each data item, who access it, and for what purpose as the following: What = (Name, Email, Phone, Address, National ID, Credit card) Who = (Trusted person, Marketing dept., All) Purpose = (Marketing project, All) How long = (short, long, always) Table 1 shows the proposed taxonomy for privacy access rights.…”

Section: Extended Web Service Privacy Negotiation Frameworkmentioning

confidence: 99%

Extend Web Service Security Negotiation Framework in Privacy

Abdelatey¹,

Elkawkagy²,

El-Sisi³

et al. 2017

IJITCS

View full text Add to dashboard Cite

Abstract-Nowadays web service privacy gets high attention especially in the fields of finance and medical. Privacy preserves access rights to personally identifiable information. Different models have been proposed for enforcing privacy in web service environment. Getting a privacy level for protecting data transferred between consumer and provider in a web service environment is still a problem. Negotiation helps participants to get a privacy level. This paper extends web service security negotiation framework in a multilateral web service environment for negotiating privacy. A repaired genetic negotiation framework used to conduct the privacy negotiation. In privacy negotiation, the negotiation communication structure uses a broker for negotiation; where each participant sends its attributes to the broker. Negotiation using this communication structure decreases the number of messages transferred so less execution time. The genetic-based Negotiation is compared to traditional time-based negotiation. Through experimental results, genetic based negotiation outperforms traditional time-based negotiation.

show abstract

“…Each privacy constraint as defined in section 4.1 has a different value for each level of service. This expansion of the SLA with QoS privacy parameters was inspired by our previous work in creating metadata for Quality of Security Service (QoSS) for SOA [26]. The constraints in each QoS level are flexible, and can be changed to meet the requirements of any Cloud Computing environment.…”

Section: Privacy Quality Of Service Levelsmentioning

confidence: 99%

Furthering the Growth of Cloud Computing by Providing Privacy as a Service

Allison

Capretz

2011

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy constraints as Quality of Service (QoS) levels. This privacy QoS must be agreed upon along with the rest of the QoS terms within the SLA by the Cloud consumer and provider. Finally, we introduce Privacy as a Service (PraaS) to monitor the agreement and provide enforcement if necessary.

show abstract

Quality of Security Service for Web Services within SOA

Cited by 14 publications

References 21 publications

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Relating Maxwell’s demon and quantitative analysis of information leakage for practical imperative programs

Extend Web Service Security Negotiation Framework in Privacy

Furthering the Growth of Cloud Computing by Providing Privacy as a Service

Contact Info

Product

Resources

About