Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea.

Slides:



Advertisements
Similar presentations
Ways to Improve the Hazard Management Process
Advertisements

26/04/2007BIS'07 Poznan, Poland1 Evaluating Quality of Web Services: A Risk-driven Approach Natallia Kokash Vincenzo DAndrea.
Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.
PROJECT RISK MANAGEMENT
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
The Relationship between Nuclear Safety, Security and Safeguards
Net-Centric Software and Systems I/UCRC Copyright © 2011 NSF Net-Centric I/UCRC. All Rights Reserved. High-Confidence SLA Assurance for Cloud Computing.
Chapter 7: Managing Risk
Dynamic Service Composition with QoS Assurance Feb , 2009 Jing Dong UTD Farokh Bastani UTD I-Ling Yen UTD.
Scandpower AS P.O. Box 3, N-2027 Kjeller, Norway Risk management in the Scandinavian railway industry Karl Ove Ingebrigtsen Vice president Sweden Norway.
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Managing Project Risk.
Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.
Managing Risk to Reduce Construction Claims (And Improve Project Success) Presented by Laurie Dennis, PE, CVS-Life, FSAVE.
Managing Project Risk.
Methodology for Architectural Level Reliability Risk Analysis Lalitha Krothapalli CSC 532.
Spreadsheet Management. Sarbanes-Oxley Act (SOX, 2002) Requires “an effective system of internal control” for financial reporting in publicly- held companies.
8/27/20151NeST Controlled. 2 Communication Transportation Education Banking Home Applications.
PRM 702 Project Risk Management Lecture #28
PMI Knowledge Areas Risk Management.
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
EE551 Real-Time Operating Systems
CSCE 548 Secure Software Development Risk-Based Security Testing.
Risk Management for Technology Projects Geography 463 : GIS Workshop May
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.
Chapter 11: Project Risk Management
IT Project Management, Third Edition Chapter 11 1 Chapter 6: Project Risk Management.
Risk Management in the Built Environment Qualitative and Quantitative Risk Management By Professor Simon Burtonshaw-Gunn – licensed under the Creative.
IT Requirements Management Balancing Needs and Expectations.
Corporate Governance and Risk Management. Introduction Corporate Governance What does it mean? and Why does it matter? Risk Management Challenges of growth.
FAULT TREE ANALYSIS (FTA). QUANTITATIVE RISK ANALYSIS Some of the commonly used quantitative risk assessment methods are; 1.Fault tree analysis (FTA)
QUALITY RISK MANAGEMENT RASHID MAHMOOD MSc. Analytical Chemistry MS in Total Quality Management Senior Manager Quality Assurance Nabiqasim Group of Industries.
Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.
1 Risk Management 2 n IEEE defines risk as: “the likelihood of an event, hazard, threat or situation occurring and its undesirable consequences” [Std.
Safety-Critical Systems 7 Summary T V - Lifecycle model System Acceptance System Integration & Test Module Integration & Test Requirements Analysis.
Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.
Project Risk Management Planning Stage
CSCE 201 Secure Software Development Best Practices.
Introduction to Project Management Chapter 9 Managing Project Risk
RLV Reliability Analysis Guidelines Terry Hardy AST-300/Systems Engineering and Training Division October 26, 2004.
© Drexel University Software Engineering Research Group (SERG) 1 The OASIS SOA Reference Model Brian Mitchell.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Introduction to Software Engineering 1. Software Engineering Failures – Complexity – Change 2. What is Software Engineering? – Using engineering approaches.
DARSHANA RAGHU MANAGEMENT. Risk Management Risk management is the identification, assessment, and prioritization of risks followed by coordinated and.
Toward a New ATM Software Safety Assessment Methodology dott. Francesca Matarese.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
1 Visual Computing Institute | Prof. Dr. Torsten W. Kuhlen Virtual Reality & Immersive Visualization Till Petersen-Krauß | GUI Testing | GUI.
KEVIN BEDAL LISA CARLIN MATT CARROLL ERIN NICHOLS Product Safety & Failure Analysis.
CSCE 548 Secure Software Development Risk-Based Security Testing
Security SIG in MTS 05th November 2013 DEG/MTS RISK-BASED SECURITY TESTING Fraunhofer FOKUS.
Risk Management for Technology Projects
DT249/4 Information Systems Engineering Lecture 0
Safety and Risk.
Quality Risk Management
Methodology for Architectural Level Reliability Risk Analysis
A New Concept for Laboratory Quality Management Systems
Project Risk Management Jiwei Ma
Review and comparison of the modeling approaches and risk analysis methods for complex ship system. Author: Sunil Basnet.
And now the Framework WP4.
Presentation transcript:

Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea

20/07/2007ICWE Doctoral Consortium Como, Italy 2/20 Introduction What is Risk Management (RM)? Why do we need RM for SOA? Design of Service-Oriented Systems (SOSs) Risk-aware SOS design Risk Assessment Conclusions and Future Work

20/07/2007ICWE Doctoral Consortium Como, Italy 3/20 What is Risk Management? Risk –potential negative impact to an asset that may arise from some present process or future event –Risk = probability of an accident x losses per accident Risk Management –Process of identifying, assessing, and reducing the risk to an acceptable level –implementing the right mechanisms to maintain that level of risk.

20/07/2007ICWE Doctoral Consortium Como, Italy 4/20 Risk Management in IT Is indispensable! A lot of research has been done –Project management [Freimut et al. 2001, Verdon and McGraw 2003] –Outsourcing [O'Keeffe et al. 2004] –Business processes [Neiger et al. 2006] –Security-critical systems Model-based RM (CORAS [Jurjens and Houmb, 2004])

20/07/2007ICWE Doctoral Consortium Como, Italy 5/20 Risk analysis methodologies Analysis = identification + assessment [ Qualitative techniques: –Preliminary Risk Analysis (PHA) –HAZard and OPerability study (HAZOP) –Failure Mode and Effect Criticality Analysis (FMECA). Tree-based techniques –Fault-Tree Analysis (FTA), –Event-Tree Analysis (ETA) –Cause- Consequence Analysis (CCA) –Management Oversight Risk Tree (MORT) –Safety Management Organization Review Technique (SMORT) Techniques for dynamic systems –Go Method –Digraph/Fault Graph –Markov Modeling –Dynamic Event Logic Analytical Methodology –Dynamic Event Tree Analysis Method

20/07/2007ICWE Doctoral Consortium Como, Italy 6/20 Why do we need RM for SOA? No control over involved services –Correct behavior is not ensured –Services are difficult to test –May become unavailable or malfunctioning –Can be easily modified –Can misuse the data –Performance may vary Conflicting interests of involved partners –Conditions (payment, etc.) may vary –New services appear –Will the system be profitable in new settings?

20/07/2007ICWE Doctoral Consortium Como, Italy 7/20 Why RM for SOA is a challenge? Classification of SOAs [Tsai et al. 2007] –Static SOA Collaboration protocols are known Services are pre-selected –Dynamic SOA Collaboration protocols are known Services are selected at runtime –Dynamic collaboration Collaboration established at runtime, Services are selected at runtime Run-time RM! No party exists with full knowledge about the system

20/07/2007ICWE Doctoral Consortium Como, Italy 8/20 Service-Oriented Systems (SOSs) s2s2 s1s1 + + s3s3 s5s5 + s4s4 + Client Provide r Partners s0s0 Invoke XY Service composition Z XY Service oriented system

20/07/2007ICWE Doctoral Consortium Como, Italy 9/20 QoS Issues Domain-independent parameters –Throughput, capacity, execution cost, response time, availability, reliability, etc. Domain-dependent parameters Evaluate QoS at design time to create a dependable system Manage QoS at execution time to dynamically re-configure the application to maintain a certain QoS level

20/07/2007ICWE Doctoral Consortium Como, Italy 10/20 Design of SOSs 1.Design abstract business processes 2.Identify abstract web services 3.Define collaborative patterns 4.Formalize functional and non-functional requirements 5.Find and evaluate existing web services, model alternative solutions 6.Evaluate risks 7.Adapt design models to reduce risks 8.Negotiate conditions and stipulate contracts with involved web services [Bochicchio et al. 2007]

20/07/2007ICWE Doctoral Consortium Como, Italy 11/20 SOA Risks Threats –Loss of service, data, clients –Unexpected service behavior or modifications –Performance problems –Violations of contracts Assessment –Likelihood and implication of threats –Analysis of user expectations –Service testing –User feedback, reputation systems Mitigation –Service selection, redundancy, redesign –Runtime monitoring –Service Level Agreements and policies

20/07/2007ICWE Doctoral Consortium Como, Italy 12/20 Risk–aware SOS design

20/07/2007ICWE Doctoral Consortium Como, Italy 13/20 Risk assessment Quantitative techniques Two dimensions: –how likely the uncertainty is to occur (probability) –what the effect would be if it happened (impact) How to combine risks? –All threats are independent - sum –Otherwise? There is one dominating threat – consider only it There are mutually exclusive threats …

20/07/2007ICWE Doctoral Consortium Como, Italy 14/20 History of risk assessments

20/07/2007ICWE Doctoral Consortium Como, Italy 15/20 Risk-driven service selection Assumption: threats are independent! [Kokash and D'Andrea, 2007] Cost-benefit analysis –Choose the composition that maximized the expected profit

20/07/2007ICWE Doctoral Consortium Como, Italy 16/20 A composite web service must accomplish multiple user requests Strategy: –increase the probability that all requests will be accomplished by the service Redundant compositions –reduce resources per request (time, money, etc.) Failed services increase losses (e.g., time) If request is not accomplished (before deadline), penalty to the client must be paid. Mitigating risk of a composite service failure [Kokash and D'Andrea, 2007]

20/07/2007ICWE Doctoral Consortium Como, Italy 17/20 Where to take data for Risk Assessment? Advertised service descriptions –Full information is rarely available –Must we trust it? Testing agencies –Rarely available –How often is it updated? Testing by the client –Requires time Shared sources of clients’ experience

20/07/2007ICWE Doctoral Consortium Como, Italy 18/20 What we would like to have Design time –Case studies Execution time –A model for representing and tracking risks –Risk assessment strategies and quantitative metrics –A supporting tool Risk mitigation via SOA redesign/reconfiguration –Transition from risks to QoS requirements, SLAs and policy assertions –Run-time selection of services and coordination patterns

20/07/2007ICWE Doctoral Consortium Como, Italy 19/20 Related work 1.Verdon, D., McGraw, G.: Risk analysis in software design. IEEE Security and Privacy (2004) Roy, G.G.: A risk management framework for software engineering practice. ASWEC, (2004) Freimut, B., Hartkopf, S., Kaiser, P., Kontio, J., Kobitzsch, W.: An industrial case study of implementing software risk management. ESEC/FSE, (2001) Neiger, D., Churilov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. ECIS, (2006) 5.O'Keeffe, F., Vanlandingham, S.: Managing the risks of outsourcing: a survey of current practices and their effectiveness. White paper, Protivity, sheets/business risk/Protiviti ORM WhitePaper.pdf (2004) 6.Kokash, N., D'Andrea, V.: Evaluating quality of web services: A risk- driven approach. BIS. Volume 4439 of LNCS, Springer (2007) Bochicchio, M.A., D'Andrea, V., Kokash, N., Longo, F. Conceptual Modelling of Service-Oriented Systems, AWSOR, 2007

20/07/2007ICWE Doctoral Consortium Como, Italy 20/20 The end! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.