Service injection: A threat to self-managed complex systems

Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011

Volumn , Issue , 2011, Pages 1-6

  Meland, Per Håkon ^a  

^a SINTEF ICT   (Norway)

Author keywords

dynamic service composition; self management; SOA; system of systems; threat

Indexed keywords

DYNAMIC SERVICE COMPOSITION; SELF MANAGEMENT; SOA; SYSTEM-OF-SYSTEMS; THREAT;

EMBEDDED SOFTWARE;

EID: 84856104767     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DASC.2011.25     Document Type: Conference Paper

References (19)

1. EC Research Programme Committee, "ICT FP7 Work Programme 2011-12," European Commission, Tech. Rep., 2010. [Online]. Available: http://cordis.europa.eu/fp7/ict/ programme/home en.html
2. M. P. Papazoglou, P. Traverso, S. Dustdar, F. Leymann, and B. J. Krmer, "Service-oriented computing: A research roadmap," in Service Oriented Computing (SOC), ser. Dagstuhl Seminar Proceedings, 2006.
3. J. Williams and D. Wichers, "The owasp 2010 top 10,"The Open Web Application Security Project, Tech. Rep., 2010. [Online]. Available: http://www.owasp.org/index.php/Top 10 2010
4. R. Dhamankar, M. Dausin, M. Eisenbarth, J. King, W. Kandek, J. Ullrich, E. Skoudis, and R. Lee, "The top cyber security risks," TippingPoint, Qualys, the Internet Storm Center and the SANS Institute faculty, Tech. Rep., 2009. [Online]. Available: http://www.sans.org/top-cyber-security-risks/
5. W. T. Tsai, Y. Chen, R. Paul, N. Liao, and H. Huang, "Cooperative and group testing in verification of dynamic composite web services," in Proceedings of the 28th Annual International Computer Software and Applications Conference - Workshops and Fast Abstracts - Volume 02, ser. COMPSAC '04. Washington, DC, USA: IEEE Computer Society, 2004, pp. 170-173. [Online]. Available: http://dl.acm.org/citation.cfm?id=1025118.1025616
6. J. Schaffner and H. Meyer, "Mixed initiative use cases for semi-automated service composition: a survey," in SOSE '06. Shanghai, China: ACM, 2006, pp. 6-12.
7. E. Sirin, B. Parsia, and J. Hendler, "Composition-driven filtering and selection of semantic web services," in In AAAI Spring Symposium on Semantic Web Services, 2004, pp. 2004-2004.
8. A. Kim, M. Kang, C. Meadows, E. Ioup, and J. Sample, "A framework for automatic web service composition," Naval Research Lab Washington DC, Tech. Rep., 2009. [Online]. Available: http://handle.dtic.mil/100.2/ADA499917
9. J. Golbeck and J. Hendler, "Accuracy of metrics for inferring trust and reputation in semantic web-based social networks,"in Engineering Knowledge in the Age of the SemanticWeb, ser. Lecture Notes in Computer Science. Springer, 2004, pp. 116-131.
10. S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina, "The eigentrust algorithm for reputation management in p2p networks,"in Proceedings of the 12th international conference on World Wide Web. Budapest, Hungary: ACM, 2003, pp. 640-651.
11. K. Munro, "Online check-in easy to hack," Infosecurity, vol. 5, no. 3, p. 41, 2008.
12. S. Barnum and A. Sethi, "Introduction to attack patterns, "Cigital, Inc, Tech. Rep., 2006.
13. S. Barnum, "Common attack pattern enumeration and classification (CAPEC) schema description," Cigital, Inc, Tech. Rep., 2008.
14. K. Tsipenyuk, B. Chess, and G. McGraw, "Seven pernicious kingdoms: A taxonomy of software security errors," IEEE Security and Privacy, vol. 3, pp. 81-84, November 2005. (Pubitemid 43060401)
15. MITRE, "The common weakness enumeration," 2011. [Online]. Available: http://cwe.mitre.org/
16. J. Voas, "Certifying off-the-shelf software components," Computer, vol. 31, no. 6, pp. 53 -59, Jun. 1998.
17. OASIS, "Reference architecture for service oriented architecture version 1.0," Tech. Rep., 2008. [Online]. Available: http://docs.oasis- open.org/soa-rm/soa-ra/v1.0/soa-ra-pr-01.pdf
18. C. Landwehr, A. R. Bull, J. P. Mcdermott, William, and S. Choi, "A taxonomy of computer program security flaws, with examples," 1993.
19. Aniketos - Secure and Trustworthy Composite Services, "Methods and design for the response to changes and threats," Seventh Framework Programme, Trustworthy ICT, Tech. Rep., 2011. [Online]. Available: http://www.aniketos.eu/content/deliverables