Trading Off Security in a Service Oriented Architecture

  • G. Swart
  • Benjamin Aziz
  • Simon N. Foley
  • John Herbert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3654)


Service oriented architectures provide a simple yet flexible model of a computing system as a graph of services making requests and providing results to each other. In this paper we define a formal model of a service oriented architecture and using it, we define metrics for performance, for availability, and for various security properties. These metrics serve as the basis for expressing the business requirements. To make trade-offs possible we also define a set of cost metrics, denominated in a uniform currency, to measure the cost of not meeting a requirement. The model, the property metrics, and the cost metrics are then used to generate a Constraint Satisfaction Problem where the objective function is set to minimize the aggregate system cost. We have written these constraints and defined realistic requirements in OPL and we have used them to generate system configurations that minimize the overall cost by optimally trading off the business requirements.


Constraint Satisfaction Problem Service Orient Architecture Service Interface Load Unit Call Graph 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Graham, S.L., Kessler, P.B., McKusick, M.K.: gprof: A call graph execution profiler. In: Thomas, W. (ed.) Proceedings of the SIGPLAN 1982 Symposium on Compiler Construction, Boston, MA, USA. SIGPLAN Notices, vol. 17(6), pp. 120–126. ACM Press, New York (1982)CrossRefGoogle Scholar
  2. 2.
    Herrold, R.: Rpm package manager (2002),
  3. 3.
    Zwicky, E.D., Simon Cooper, D.B.C.: A Handbook of Process Algebra. 2nd edn. O’Reilly, Sebastopol (2000)Google Scholar
  4. 4.
    Aziz, B., Foley, S.N., Herbert, J., Swart, G.: Configuring storage area networks for mandatory security. In: Farkas, C., Samarati, P. (eds.) Proceedings of the 18th IFIP Annual Conference on Data and Applications Security, Sitges, Catalonia, Spain, pp. 357–370. Kluwer, Dordrecht (2004)Google Scholar
  5. 5.
    Al-Ali, R., Hafid, A., Rana, O., Walker, D.: An approach for qos adaptation in service-oriented grids. Concurrency Computation: Practice and Experience 16 (2004)Google Scholar
  6. 6.
    Alvarez, G.A., Borowsky, E., Go, S., Romer, T.H., Becker-Szendy, R., Golding, R.A., Merchant, A., Spasojevic, M., Veitch, A.C., Wilkes, J.: Minerva: an automated resource provisioning tool for large-scale storage systems. ACM Transactions on Computer-Systems 19 (2001)Google Scholar
  7. 7.
    Anderson, E., Hobbs, M., Keeton, K., Spence, S., Uysal, M., Veitch, A.C.: Hippodrome: Running circles around storage administration. In: Long, D.D.E. (ed.) Proceedings of the FAST 2002 Conference on File and Storage Technologies, Monterey, California, USA, pp. 175–188. USENIX (2002)Google Scholar
  8. 8.
    Goldsack, P., Guijarro, J., Lain, A., Mecheneau, G., Murray, P., Toft, P.: Smartfrog: Configuration and automatic ignition of distributed applications. In: Proceedings of the HP OpenView University Association 10th Workshop. University of Geneva, Switzerland (2003),
  9. 9.
    Ward, J., O’Sullivan, M., Shahoumian, T., Wilkes, J.: Appia: automatic storage area network design. In: Long, D.D.E. (ed.) Proceedings of the FAST 2002 Conference on File and Storage Technologies, Monterey, California, USA, pp. 203–217. USENIX (2002)Google Scholar
  10. 10.
    Swart, G.: Storage management by constraint satisfaction. In: Proceedings of the Workshop on Immediate Applications of Constraint Programming, Kinsale, Cork, Ireland (2003)Google Scholar
  11. 11.
    Balter, R., Bellissard, L., Boyer, F., Rivelli, M., Vion-Dury, J.: Architecting and configuring distributed applications with olan. In: Proceedings of the 1998 IFIP International Conference on Distributed Systems Platforms and Open Distributed Processing, The Lake district, UK. LNCS, vol. 1518, pp. 241–256. Springer, Heidelberg (1998)Google Scholar
  12. 12.
    Chen, S., Nahrstedt, K.: An overview of quality-of-service routing for the next generation high-speed networks: Problems and solutions. IEEE Network Magazine 12, 64–79 (1998)CrossRefGoogle Scholar
  13. 13.
    Martín-Díaz, O., Cortés, A.R., Durán, A., Benavides, D., Toro, M.: Automating the procurement of web services. In: Orlowska, M.E., Weerawarana, S., Papazoglou, M.P., Yang, J. (eds.) ICSOC 2003. LNCS, vol. 2910, pp. 91–103. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2005

Authors and Affiliations

  • G. Swart
    • 1
  • Benjamin Aziz
    • 2
  • Simon N. Foley
    • 3
  • John Herbert
    • 3
  1. 1.IBM Almaden Research CenterSan JoseUSA
  2. 2.Department of ComputingImperial CollegeLondonUK
  3. 3.Department of Computer ScienceUniversity College CorkCorkIreland

Personalised recommendations