Quantitative analysis of information leakage in service-oriented architecture-based Web services. Issue 3 (6th March 2017)
- Record Type:
- Journal Article
- Title:
- Quantitative analysis of information leakage in service-oriented architecture-based Web services. Issue 3 (6th March 2017)
- Main Title:
- Quantitative analysis of information leakage in service-oriented architecture-based Web services
- Authors:
- Anjaria, Kushal
Mishra, Arun - Abstract:
- Abstract : Purpose: Any computing architecture cannot be designed with complete confidentiality. As a result, at any point, it may leak the information. So, it is important to decide leakage threshold in any computing architecture. To prevent leakage more than the predefined threshold, quantitative analysis is helpful. This paper aims to provide a method to quantify information leakage in service-oriented architecture (SOA)-based Web services. Design/methodology/approach: To visualize the dynamic binding of SOA components, first, the orchestration of components is modeled. The modeling helps to information-theoretically quantify information leakage in SOA-based Web services. Then, the paper considers the non-interference policy in a global way to quantify information leakage. It considers not only variables which interfere with security sensitive content but also other architectural parameters to quantify leakage in Web services. To illustrate the attacker's ability, a strong threat model has been proposed in the paper. Findings: The paper finds that information leakage can be quantified in SOA-based Web services by considering parameters that interfere with security sensitive content and information theory. A hypothetical case study scenario of flight ticket booking Web services has been considered in the present paper in which leakage of 18.89 per cent information is calculated. Originality/value: The paper shows that it is practically possible to quantify informationAbstract : Purpose: Any computing architecture cannot be designed with complete confidentiality. As a result, at any point, it may leak the information. So, it is important to decide leakage threshold in any computing architecture. To prevent leakage more than the predefined threshold, quantitative analysis is helpful. This paper aims to provide a method to quantify information leakage in service-oriented architecture (SOA)-based Web services. Design/methodology/approach: To visualize the dynamic binding of SOA components, first, the orchestration of components is modeled. The modeling helps to information-theoretically quantify information leakage in SOA-based Web services. Then, the paper considers the non-interference policy in a global way to quantify information leakage. It considers not only variables which interfere with security sensitive content but also other architectural parameters to quantify leakage in Web services. To illustrate the attacker's ability, a strong threat model has been proposed in the paper. Findings: The paper finds that information leakage can be quantified in SOA-based Web services by considering parameters that interfere with security sensitive content and information theory. A hypothetical case study scenario of flight ticket booking Web services has been considered in the present paper in which leakage of 18.89 per cent information is calculated. Originality/value: The paper shows that it is practically possible to quantify information leakage in SOA-based Web services. While modeling the SOA-based Web services, it will be of help to architects to identify parameters which may cause the leakage of secret contents. … (more)
- Is Part Of:
- Kybernetes. Volume 46:Issue 3(2017)
- Journal:
- Kybernetes
- Issue:
- Volume 46:Issue 3(2017)
- Issue Display:
- Volume 46, Issue 3 (2017)
- Year:
- 2017
- Volume:
- 46
- Issue:
- 3
- Issue Sort Value:
- 2017-0046-0003-0000
- Page Start:
- 479
- Page End:
- 500
- Publication Date:
- 2017-03-06
- Subjects:
- Information theory -- Web services -- Service-oriented architecture
Cybernetics -- Periodicals
Systems engineering -- Periodicals
003.505 - Journal URLs:
- http://www.emeraldinsight.com/0368-492X.htm ↗
http://www.emeraldinsight.com/journals.htm?issn=0368-492X ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/K-07-2016-0178 ↗
- Languages:
- English
- ISSNs:
- 0368-492X
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5134.840000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 1761.xml