A security evaluation of a novel resilient web serving architecture: Lessons learned through industry/academia collaboration

Author

Huang, Yih ; Ghosh, Anup K. ; Bracewell, Tom ; Mastropietro, Brian

Author_Institution

Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA

fYear

2010

fDate

June 28 2010-July 1 2010

Firstpage

188

Lastpage

193

Abstract

We have previously developed a virtualization-based web serving architecture and a prototype to enhance web service resilience under cyber attack. The proposed system utilizes replicated virtual servers managed by a closed-loop feedback controller without humans in the loop. We have replicated the prototype at the Raytheon Company, which conducted a thorough penetration test and security examination. In this paper, we present the Resilient Web Service (RWS) and describe its security evaluation by Raytheon of a prototype implementation. We then present new research directions that address previous weaknesses and discuss the ongoing efforts of designing the next generation RWS architecture.

Keywords

Web services; security of data; virtual machines; Raytheon company; closed-loop feedback controller; cyber attack; replicated virtual servers; resilient Web serving architecture; security evaluation; virtualization-based Web serving architecture; Adaptive control; Collaboration; Electrical equipment industry; Humans; Prototypes; Resilience; Security; Service oriented architecture; Virtual prototyping; Web services;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependable Systems and Networks Workshops (DSN-W), 2010 International Conference on

Conference_Location

Chicago, IL

Print_ISBN

978-1-4244-7729-6

Electronic_ISBN

978-1-4244-7728-9

Type

conf

DOI

10.1109/DSNW.2010.5542597

Filename

5542597