Abstract
Information systems of companies and organizations are increasingly designed using web services that allow different applications written in different programming languages to communicate. These systems or some parts of them are often outsourced on the cloud, first to leverage the benefits of cloud platforms (e.g., scalability) and also to reduce operational costs of companies as well. However, web services as well as cloud platforms may be the target of attacks that alter their security, and the security of web services is not completely addressed. The solutions proposed in the literature are sometimes specific to certain types of attacks and they cannot ensure the attack tolerance of web services. Attack tolerance can be defined as the capability of a system to function properly with minimal degradation of performance, even if the presence of an attack is detected. As such, we claim that, to achieve attack tolerance, one should detect attacks by a continuous monitoring and mitigate the effects of these attacks by reliable reaction mechanisms. For this aim, an attack tolerance framework is proposed in this paper. This framework includes the risks analysis of attacks and is based on diversification and software reflection techniques. We applied this framework to cloud applications that are based on web services. After describing the core foundation of this approach, we express such cloud applications as choreographies of web services according to their distributed nature. The framework has been validated through an electronic voting system. The results of these experiments show the capability of the framework to ensure the required attack tolerance of cloud applications.
Highlights
Computer systems are at the heart of all business functions and more generally in everyday life
To better tolerate and limit the impact of these attacks, the monitoring of the information systems is of paramount importance for any organization
Experiment 1: Since the approach of the framework consists of modeling and deploying cloud-based applications as distributed service choreographies, we evaluated the latency of the service to respond to some amounts of requests on premises and on the cloud
Summary
Computer systems are at the heart of all business functions (accounting, customer relations, production, etc.) and more generally in everyday life These systems consist of heterogeneous applications and data. Software applications written in different programming languages and running on different platforms can use web services to exchange data. These services can be internal and only concern one organization. Cloud computing for example enables sharing of IT resources (computing, storage, networks, etc.) on demand over the Internet These services are often deployed on the basis of smaller components (containers, virtual machines, etc.) deployed on a single site or on several geographically distributed sites. They can be provided by several different cloud service providers (multi-cloud applications)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
