Service composition with consideration of interdependent security objectives

Abstract

Current approaches for service composition consider security as either a single Quality of Service (QoS) attribute or as several mutually independent quality properties. This view is, however, not adequate, as security objectives are no singletons but are subject to interdependence. Another drawback of these approaches is that partial fulfillment of security objectives, either due to technical or organizational constraints cannot be captured. Formal methods on the other hand are usually limited to a fixed set of security objectives. To bridge this gap, we present an approach to assess the quality of service compositions with regards to interdependent security objectives. Our approach utilizes the notion of structural decomposition which estimates the impact of single quality attributes on a security goal. This allows for the definition of domain models for an arbitrary set of security objectives. As the fulfillment of each security objective is individually measured by a utility value, interdependencies between security objectives can be expressed by a single measure. Furthermore, it allows to express partial fulfillment of security objectives. As each security objective is modeled as a utility function on its own, the model resembles a Multi-Objective Optimization (MOO) problem. We present first evaluation results of transforming domain models into MOO problems and tackling them with state-of-the-art genetic algorithms. Furthermore, we give an overview of a support tool for our approach.