Service composition with consideration of interdependent security objectives

Interdependent Security and Compliance in Service Selection

Application development today is characterized by ever shorter release cycles and more frequent change requests. Hence development methods such as service composition are increasingly arousing interest as viable alternative approaches. While employing web services as building blocks rapidly reduces development times, it raises new challenges regarding security and compliance since their impleme...

Security Issues in Service Composition

We use a distributed, enriched λ-calculus for describing networks of services. Both services and their clients can protect themselves, by imposing security constraints on each other’s behaviour. Then, service interaction results in a call-by-property mechanism, that matches the client requests with service’s. A static approach is also described, that determines how to compose services while gua...

Becoming Cybercriminals: Incentives in Networks with Interdependent Security - Incentives in Networks with Interdependent Security

We study users’ incentives to become cybercriminals when network security is interdependent. We present a game-theoretic model in which each player (i.e., network user) decides his type, honest or malicious. Honest users represent law-abiding network users, while malicious users represent cybercriminals. After deciding on their types, the users make their security choices. We will follow [29], ...

Managing Interdependent Information Security Risks: A Study of Cyberinsurance, Managed Security Service and Risk Pooling

The interdependency of information security risks poses a significant challenge for firms to manage security. Firms may overor under-invest in security because security investments generate network externalities. In this paper, we explore how firms can use three risk management approaches, third-party cyberinsurance, managed security service (MSS) and risk pooling arrangement (RPA), to address ...

Automatic Calibration of NAM Model with Multi-Objectives Consideration