Multiclass S-Reliability for Services in SOA

In a Service-Oriented Architecture, a service contains a set of operations with clearly defined input and output parameters. In addition to these operations and traditional QoS, offered services need to publish different levels of intrusion tolerance for two reasons. First, software vulnerabilities can expose services to malicious actors, and make them susceptible to attacks. So, intrusion tolerance will help services to provide continuity of service to clients. Second, clients may require different levels of intrusion tolerance, depending on their non-functional requirements and operating environments. In this paper, we present an approach to model and publish Intrusion Tolerance Quality of Service, which characterizes the level of resilience of a service to survive in the face of malicious intrusions. Then, we will show how a cross-cutting intrusion tolerance architecture layer with its components and algorithms is able to ensure services with differentiated classes of S-Reliability (security-related reliability). Our proposed scheme to provide multilevel S-Reliability is applicable to atomic services, service orchestrations, and multi-tier software architecture.