A New Architecture for Intrusion-Tolerant Web Services Based on Design Diversity Techniques

Web services are the realization of service-oriented architecture (SOA). Security is an important challenge of Web services. So far, several security techniques and standards based on traditional security mechanisms (i.e., encryption and digital signature) have been proposed to enhance the security of Web services. The aim of this work has been to propose an approach for securing Web services by employing the concepts and techniques of software fault tolerance (such as design diversity), which is called intrusion tolerance. Intrusion tolerance means the continuous delivery of services in presence of security attacks, which can be used as a fundamental approach for enhancing the security of Web services. In this paper, we propose an architecture for intrusion-tolerant Web services (ITWSs) by using both design diversity and composite Web services techniques. The proposed architecture is called design-diverse intrusion-tolerant Web service (abbreviated as DDITWS). For Web service composition, BPEL4WS is used. For modeling and verification of the proposed architecture, coloured Petri nets (CPNs) and the CPN Tools are used. We have model-checked the behavioral properties of the architecture to ensure its correctness using this tool. The reliability and security evaluation of the architecture is also performed using a stochastic Petri net (SPN) model and the SHARPE modeling tool. The results show that the reliability and mean-time-to-security-failure (MTTSF) in the proposed architecture are improved.