FMEA-technique of Web Services Analysis and Dependability Ensuring Anatoliy Gorbenko Vyacheslav Kharchenko Olga Tarasyuk National Aerospace University.

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Express5800/ft series servers Product Information Fault-Tolerant General Purpose Servers.
Business Plug-In B4 MIS Infrastructures.
11. Practical fault-tolerant system design Reliable System Design 2005 by: Amir M. Rahmani.
DARPA ITS PI Meeting – Honolulu – July 17-21, 2000Slide 1 Aegis Research Corporation Intrusion Tolerance Using Masking, Redundancy and Dispersion DARPA.
Chapter 13 Managing Computer and Data Resources. Introduction A disciplined, systematic approach is needed for management success Problem Management,
Database Administration and Security Transparencies 1.
ITIL: Service Transition
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Some general principles in computer security Tomasz Bilski Chair of Control, Robotics and Computer Science Poznań University.
Objektorienteret Middleware Presentation 2: Distributed Systems – A brush up, and relations to Middleware, Heterogeneity & Transparency.
Making Services Fault Tolerant
Business Continuity and DR, A Practical Implementation Mich Talebzadeh, Consultant, Deutsche Bank
02/12/00 E-Business Architecture
City University London
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Lecture 11 Reliability and Security in IT infrastructure.
Managing Information Systems Information Systems Security and Control Part 2 Dr. Stephania Loizidou Himona ACSC 345.
Computer Security: Principles and Practice
1 Making Services Fault Tolerant Pat Chan, Michael R. Lyu Department of Computer Science and Engineering The Chinese University of Hong Kong Miroslaw Malek.
Page 1 Copyright © Alexander Allister Shvartsman CSE 6510 (461) Fall 2010 Selected Notes on Fault-Tolerance (12) Alexander A. Shvartsman Computer.
Stephen S. Yau CSE , Fall Security Strategies.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
©Ian Sommerville 2006Critical Systems Slide 1 Critical Systems Engineering l Processes and techniques for developing critical systems.
Issues on Software Testing for Safety-Critical Real-Time Automation Systems Shahdat Hossain Troy Mockenhaupt.
Security Guidelines and Management
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
1 Introduction To The New Mainframe Stephen S. Linkin Houston Community College ©HCCS & IBM® 2008 Stephen Linkin.
Włodzimierz Funika, Filip Szura Automation of decision making for monitoring systems.
ATIF MEHMOOD MALIK KASHIF SIDDIQUE Improving dependability of Cloud Computing with Fault Tolerance and High Availability.
© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.
Failure Spread in Redundant UMTS Core Network n Author: Tuomas Erke, Helsinki University of Technology n Supervisor: Timo Korhonen, Professor of Telecommunication.
1 The Threat of Uncertainty in Service-Oriented Architecture Yuhui Chen, Anatoliy Gorbenko, Vyacheslav Kharchenko, Alexander Romanovsky, Olga Tarasyuk.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.
Distributed systems A collection of autonomous computers linked by a network, with software designed to produce an integrated computing facility –A well.
Chapter 14 Part II: Architectural Adaptation BY: AARON MCKAY.
Appendix C: Designing an Operations Framework to Manage Security.
1 Chpt. 12: INFORMATION SYSTEM QUALITY, SECURITY, AND CONTROL.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Advantage of File-oriented system: it provides useful historical information about how data are managed earlier. File-oriented systems create many problems.
Secure Systems Research Group - FAU 1 Active Replication Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.
FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.
1 Computing Challenges for the Square Kilometre Array Mathai Joseph & Harrick Vin Tata Research Development & Design Centre Pune, India CHEP Mumbai 16.
CprE 458/558: Real-Time Systems
Chapter 2 Securing Network Server and User Workstations.
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.
Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Chapter 8 System Management Semester 2. Objectives  Evaluating an operating system  Cooperation among components  The role of memory, processor,
©Ian Sommerville 2000Dependability Slide 1 Chapter 16 Dependability.
Mean Time To Repair
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.
Reaching for k Nines Miroslaw Malek Humboldt University Berlin, Germany
ITIL: Service Transition
Chapter 6: Securing the Cloud
Understanding The Cloud
Security Engineering.
Firewalls.
Fault Tolerance Distributed Web-based Systems
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
Information Systems, Ninth Edition
Luca Simoncini PDCC, Pisa and University of Pisa, Pisa, Italy
Presentation transcript:

FMEA-technique of Web Services Analysis and Dependability Ensuring Anatoliy Gorbenko Vyacheslav Kharchenko Olga Tarasyuk National Aerospace University "KhAI“, Ukraine Department of Computer Systems and Networks 1

CONTENT 1.Introduction  Web Services Technologies;  Purpose & Tasks of the Paper 2.Analysis of the Web Services by using FMEA-technique  Web Services component architectures  Web Services Failure Taxonomy  FMEA-tables & results of Web Services analysis 3.Ensuring Web Services dependability and fault-tolerance  Failure effect recovery  Failure prevention  Fault-tolerance & Web Service Diversity  Fault removal 4.Dependable Web Services development and deployment  Using FMEA-technique for dependable Web Services development  The principles of dependable and secure Web Services deployment  Implementation 5.Conclusion 2

1. Introduction (1) 3 Web Services Technologies

1. Introduction (2) Web Services are extensively used now in developing various business-critical applications:  distributed banking systems & Internet auctions;  hotel/car/flight/train reservation and booking;  e-commerce, e-business, e-science, etc. Web Services dependability attributes:  Availability and Reliability;  Performance/responsiveness;  Security, etc. Analysis and ensuring dependability in this architecture is an emerging area of research and development. 4

1. Introduction (3) Purpose of this report is: application of FMEA (Failure Modes and Effects Analysis) -technique for Web Services analysis and dependability ensuring. Tasks of the report are:  Analysis of Web Services failures modes and causes;  Analysis of Web Services failures effect on system, components and end users;  Determination of the means for ensuring dependability: Failure prevention; Fault-tolerance and failure effect recovery;; Fault removal. 5

2. 2. Analysis of the Web Services by Using FMEA-technique The use of the FMEA-technique for the Web Services analysis includes:  Web Services decomposition on component parts;  Identification of the typical failures;  Analysis of theirs influence on the Web Services dependability;  Determination of the necessary means for fault-tolerance and failure effect recovery. FMEA-technique may be an important part of Web Services dependability guaranteeing program. 6

Web Services component architectures (1) Web Services Components 1. Hardware Environment; 2. Software Environment: 2.1. Operating System; 2.2. System SW: Web Server; Application Server; DBMS; 2.3. Application SW: Servlets; Stored procedures & triggers. 1. All components in the same host 7

2. Fully separated component architecture Web Services Components 1. Hardware Environment; 2. Software Environment: 2.1. Operating System; 2.2. System SW: Web Server; App Server; DBMS; 2.3. Application SW: Servlets; Stored proc. & triggers. 8 Web Services component architectures (2)

Web Services component architectures (3) 3. Partially separated component architecture 9 Web Services Components 1. Hardware Environment; 2. Software Environment: 2.1. Operating System; 2.2. System SW: Web Server; App Server; DBMS; 2.3. Application SW: Servlets; Stored proc. & triggers.

Web Services Failure Taxonomy 10

Hardware failures modes and effects analysis 11

Compressed Format of FMEA-Tables 12

Software failures modes and effects analysis 13

Results of Web Services failures modes and effects analysis  Several failures modes can lead to the prolonged or short- term service aborting that affects on users as denial of service.  Some failures result in a non-evident incorrect service that is more dramatic for many applications (e-commerce, critical automation control, etc.) because will entail serious consequences, financial loss and, finally, service discrediting.  The prevalent sources of Web Services failures are the different software components. 14

3. Ensuring Web Services Dependability and Fault-Tolerance 15

Failure effect recovery 1) replacement of crashed hardware components; 2) reinstall of crashed software components; 3) data recovery; 4) system rebooting or restarting of the particular software services*. * System rebooting and restarting of the particular software services and applications can be performed in automatic mode with the help of hardware or software implemented watch-dog timers to achieve better availability. 16

Failure prevention 1) quality control techniques employed during the design of the own developed application software; 2) procedures for input parameter checking; 3) rigorous procedures for system maintenance and administration; 4) firewalls, security guards and scanners to prevent malicious failures; 5) software rejuvenation based on forced restarting/reinitialization of the SW components. NOTE: Service publisher has limited means for failure effect prevention because the most of the HW and SW components of the Web Service are the COTS- (commercial of the shelf) components developed by third parties. 17

Fault-tolerance (1) 18

Fault-tolerance (2) Diversity is one of the most efficient method for Web Services fault-tolerance provision. Diversity of Web Services can be used for:  Hardware platform;  Operating Systems;  Web & Application Servers;  DBMS and, finally,  for Application Software. It can by applied both separately and in many various combinations. 19

Fault Removal Fault removal of the Web Services based, first of all, on the systematic applying of the updates and patches for hardware (microcode updates) and software developed by third parties (OS, drivers, web and application servers, DBMS). Fault removal from the own developed application software is performed both during the development phase and the maintenance. 20

4. Dependable Web Services Development and Deployment Using FMEA-technique for Dependable Web Services Development General scheme of Web Services FMEA-analysis and dependability ensuring 21

Detailed scheme of Web Services FMEA-analysis and dependability ensuring 22

The principles of Dependable and Secure Web Services Deployment 1. Defence in Depth and Diversity (DD&D). 2. Adaptability and Update (A&U). 23

Defence in Depth and Diversity (DD&D) Principle DD&D principle provides: Defence in Depth 1) joint usage of existed security and fault-tolerance facilities at the different levels of the Web Service architecture (Defence in Depth); Diversity 2) using of Diversity at the different levels of the Web Service architecture (HW platform, OS, System and Application SW, etc.). Here, the compatibility between different facilities and diversity modes must be taken into account. 24

Adaptability and update (A&U) principle Adaptability The essence of this principle is the dynamic changing of Web Service architecture and diversity mode according to observed failures and intrusions (Adaptability). For that the intellectual monitors can be used  to detect failures and intrusions;  to analyse their modes, effects and causes;  to choose the better Web Service configuration. Update These means can include external alarm services to notify automatically about recent Internet security vulnerabilities, novel viruses and to distribute security updates and patches (Update). 25

Implementation (1) Implementation (1) 26 Architecture of dependable Web Services upgrading A. Gorbenko, V. Kharchenko, P. Popov, A. Romanovsky, A. Boyarchuk. Development of Dependable Web Services out of Undependable Web Components. CS-TR: 863, School of Computing Science, University of Newcastle upon Tyne, UK, Oct 2004, 36 pages.

Implementation (2) Implementation (2) 27 Architecture of dependable and Secure WSs Deployment

5. Conclusion (1) 1. Publishers of Web Services have a limited possibility for fault prevention and fault removal of the most Web Services components, developed by third parties. => => Thus, redundancy in combination with diversity is one of the basic means of dependability ensuring and fault tolerance provision. 2. However, using diversity in Web Service architecture requires detailed researches and addition solutions because it can lead to the addition security violations. 28

5. Conclusion (2) 3.The non-evident failures are the most critical for the majority areas of Web Services applications. 4. The additional adaptive reliable algorithms and means of voting and failures diagnosis must be implemented for the ensuring tolerance to the non-evident failures and prevention of losses of the processed (in-service) requests. 29

5. Conclusion (3) 5. FMEA-tables may be dynamically updated during Web Service operation. It will allow (jointly with implementation of DD&D and A&U principles) to increase the effectiveness of the used means of dependability ensuring. 6. Fulfilled analysis can be extended by taking into account the lacks of required resources or services and service unavailability due to network failures. Besides, the critical analysis of different failures modes can be performed. 30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.