Improving resilience of SOA services along space-time dimensions

In Service-Oriented Architecture, a service contains a set of operations with openly defined input and output parameters. In addition to these operations and traditional QoS, offered services need to implement different levels of intrusion tolerance. Indeed, intrusion tolerance has been recently presented as part of the defense-in-depth solution in order to enhance security resilience for services, as a complement to the traditional intrusion prevention and detection. While satisfying functional requirements, a service also exposes its attack surface via published operations, protocols, and accessible data as an adverse side effect, which makes it susceptible to exploitation by malicious actors. The resulting question is - how can services fulfill and maintain their intrusion tolerance QoS (IT-QoS) for security resilience and rapid recovery in the face of hostile attacks. In this paper, we propose an approach to tune a service so that its attackability can be controlled and the IT-QoS guaranteed despite the exposed attack surface. Our approach relies on Self-Cleansing Intrusion Tolerance (SCIT), a recovery-based intrusion tolerance architecture combined with service-oriented programming constructs. A quantitative analysis using Semi-Markov Process modeling provides a mathematical foundation for compensating the expansion of a service´s attack surface by tuning SCIT system parameters.