By Topic

Evaluating fault tolerance in security requirements of web services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Davoud Mougouei ; Faculty of Computer Science and Information Technology, Universiti Putra Malaysia, 43400 Serdang, Selangor, Malaysia ; Wan Nurhayati Wan Ab. Rahman ; Mohammad Moein Almasi

It is impossible to identify all of the internal and external security faults (vulnerabilities and threats) during the security analysis of web services. Hence, complete fault prevention would be impossible and consequently a security failure may occur within the system. To avoid security failures, we need to provide a measurable level of fault tolerance in the security requirements of target web service. Although there are some approaches toward assessing the security of web services but still there is no well-defined evaluation model for security improvement specifically during the requirement engineering phase. This paper introduces a measurement model for evaluating the degree of fault tolerance (FTMM) in security requirements of web services by explicitly factoring the mitigation techniques into the evaluation process which eventually contributes to required level of fault tolerance in security requirements. Our approach evaluates overall tolerance of the target service in the presence of the security faults through evaluating the computational security requirement model (SRM) of the service. We measure fault tolerance of the target web service by taking into consideration the cost, technical ability, impact and flexibility of the security goals established to mitigate the security faults.

Published in:

Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on

Date of Conference:

26-28 June 2012