Presentation is loading. Please wait.

Presentation is loading. Please wait.

Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea."— Presentation transcript:

1 Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea

2 20/07/2007ICWE Doctoral Consortium Como, Italy 2/20 Introduction What is Risk Management (RM)? Why do we need RM for SOA? Design of Service-Oriented Systems (SOSs) Risk-aware SOS design Risk Assessment Conclusions and Future Work

3 20/07/2007ICWE Doctoral Consortium Como, Italy 3/20 What is Risk Management? Risk –potential negative impact to an asset that may arise from some present process or future event –Risk = probability of an accident x losses per accident Risk Management –Process of identifying, assessing, and reducing the risk to an acceptable level –implementing the right mechanisms to maintain that level of risk.

4 20/07/2007ICWE Doctoral Consortium Como, Italy 4/20 Risk Management in IT Is indispensable! A lot of research has been done –Project management [Freimut et al. 2001, Verdon and McGraw 2003] –Outsourcing [O'Keeffe et al. 2004] –Business processes [Neiger et al. 2006] –Security-critical systems Model-based RM (CORAS [Jurjens and Houmb, 2004])

5 20/07/2007ICWE Doctoral Consortium Como, Italy 5/20 Risk analysis methodologies Analysis = identification + assessment [http://www.cip.ukcentre.com/risk.htm] Qualitative techniques: –Preliminary Risk Analysis (PHA) –HAZard and OPerability study (HAZOP) –Failure Mode and Effect Criticality Analysis (FMECA). Tree-based techniques –Fault-Tree Analysis (FTA), –Event-Tree Analysis (ETA) –Cause- Consequence Analysis (CCA) –Management Oversight Risk Tree (MORT) –Safety Management Organization Review Technique (SMORT) Techniques for dynamic systems –Go Method –Digraph/Fault Graph –Markov Modeling –Dynamic Event Logic Analytical Methodology –Dynamic Event Tree Analysis Method

6 20/07/2007ICWE Doctoral Consortium Como, Italy 6/20 Why do we need RM for SOA? No control over involved services –Correct behavior is not ensured –Services are difficult to test –May become unavailable or malfunctioning –Can be easily modified –Can misuse the data –Performance may vary Conflicting interests of involved partners –Conditions (payment, etc.) may vary –New services appear –Will the system be profitable in new settings?

7 20/07/2007ICWE Doctoral Consortium Como, Italy 7/20 Why RM for SOA is a challenge? Classification of SOAs [Tsai et al. 2007] –Static SOA Collaboration protocols are known Services are pre-selected –Dynamic SOA Collaboration protocols are known Services are selected at runtime –Dynamic collaboration Collaboration established at runtime, Services are selected at runtime Run-time RM! No party exists with full knowledge about the system

8 20/07/2007ICWE Doctoral Consortium Como, Italy 8/20 Service-Oriented Systems (SOSs) s2s2 s1s1 + + s3s3 s5s5 + s4s4 + Client Provide r Partners s0s0 Invoke XY Service composition Z XY Service oriented system

9 20/07/2007ICWE Doctoral Consortium Como, Italy 9/20 QoS Issues Domain-independent parameters –Throughput, capacity, execution cost, response time, availability, reliability, etc. Domain-dependent parameters Evaluate QoS at design time to create a dependable system Manage QoS at execution time to dynamically re-configure the application to maintain a certain QoS level

10 20/07/2007ICWE Doctoral Consortium Como, Italy 10/20 Design of SOSs 1.Design abstract business processes 2.Identify abstract web services 3.Define collaborative patterns 4.Formalize functional and non-functional requirements 5.Find and evaluate existing web services, model alternative solutions 6.Evaluate risks 7.Adapt design models to reduce risks 8.Negotiate conditions and stipulate contracts with involved web services [Bochicchio et al. 2007]

11 20/07/2007ICWE Doctoral Consortium Como, Italy 11/20 SOA Risks Threats –Loss of service, data, clients –Unexpected service behavior or modifications –Performance problems –Violations of contracts Assessment –Likelihood and implication of threats –Analysis of user expectations –Service testing –User feedback, reputation systems Mitigation –Service selection, redundancy, redesign –Runtime monitoring –Service Level Agreements and policies

12 20/07/2007ICWE Doctoral Consortium Como, Italy 12/20 Risk–aware SOS design

13 20/07/2007ICWE Doctoral Consortium Como, Italy 13/20 Risk assessment Quantitative techniques Two dimensions: –how likely the uncertainty is to occur (probability) –what the effect would be if it happened (impact) How to combine risks? –All threats are independent - sum –Otherwise? There is one dominating threat – consider only it There are mutually exclusive threats …

14 20/07/2007ICWE Doctoral Consortium Como, Italy 14/20 History of risk assessments

15 20/07/2007ICWE Doctoral Consortium Como, Italy 15/20 Risk-driven service selection Assumption: threats are independent! [Kokash and D'Andrea, 2007] Cost-benefit analysis –Choose the composition that maximized the expected profit

16 20/07/2007ICWE Doctoral Consortium Como, Italy 16/20 A composite web service must accomplish multiple user requests Strategy: –increase the probability that all requests will be accomplished by the service Redundant compositions –reduce resources per request (time, money, etc.) Failed services increase losses (e.g., time) If request is not accomplished (before deadline), penalty to the client must be paid. Mitigating risk of a composite service failure [Kokash and D'Andrea, 2007]

17 20/07/2007ICWE Doctoral Consortium Como, Italy 17/20 Where to take data for Risk Assessment? Advertised service descriptions –Full information is rarely available –Must we trust it? Testing agencies –Rarely available –How often is it updated? Testing by the client –Requires time Shared sources of clients’ experience

18 20/07/2007ICWE Doctoral Consortium Como, Italy 18/20 What we would like to have Design time –Case studies Execution time –A model for representing and tracking risks –Risk assessment strategies and quantitative metrics –A supporting tool Risk mitigation via SOA redesign/reconfiguration –Transition from risks to QoS requirements, SLAs and policy assertions –Run-time selection of services and coordination patterns

19 20/07/2007ICWE Doctoral Consortium Como, Italy 19/20 Related work 1.Verdon, D., McGraw, G.: Risk analysis in software design. IEEE Security and Privacy (2004) 33-37 2.Roy, G.G.: A risk management framework for software engineering practice. ASWEC, (2004) 60-67 3.Freimut, B., Hartkopf, S., Kaiser, P., Kontio, J., Kobitzsch, W.: An industrial case study of implementing software risk management. ESEC/FSE, (2001) 277-287 4.Neiger, D., Churilov, L., zur Muehlen, M., Rosemann, M.: Integrating risks in business process models with value focused process engineering. ECIS, (2006) 5.O'Keeffe, F., Vanlandingham, S.: Managing the risks of outsourcing: a survey of current practices and their effectiveness. White paper, Protivity, http://www.protiviti.com/downloads/PRO/pro-us/product sheets/business risk/Protiviti ORM WhitePaper.pdf (2004) 6.Kokash, N., D'Andrea, V.: Evaluating quality of web services: A risk- driven approach. BIS. Volume 4439 of LNCS, Springer (2007) 180-194 7.Bochicchio, M.A., D'Andrea, V., Kokash, N., Longo, F. Conceptual Modelling of Service-Oriented Systems, AWSOR, 2007

20 20/07/2007ICWE Doctoral Consortium Como, Italy 20/20 The end! Questions?

Download ppt "Risk Management for Service-Oriented Systems Natallia Kokash Advisor: Vincenzo D’Andrea."

Similar presentations

Ways to Improve the Hazard Management Process

Ways to Improve the Hazard Management Process
26/04/2007BIS'07 Poznan, Poland1 Evaluating Quality of Web Services: A Risk-driven Approach Natallia Kokash Vincenzo DAndrea.

26/04/2007BIS'07 Poznan, Poland1 Evaluating Quality of Web Services: A Risk-driven Approach Natallia Kokash Vincenzo DAndrea.
Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.

Trustworthy Service Selection and Composition CHUNG-WEI HANG MUNINDAR P. Singh A. Moini.
PROJECT RISK MANAGEMENT

PROJECT RISK MANAGEMENT
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
The Relationship between Nuclear Safety, Security and Safeguards

The Relationship between Nuclear Safety, Security and Safeguards
Net-Centric Software and Systems I/UCRC Copyright © 2011 NSF Net-Centric I/UCRC. All Rights Reserved. High-Confidence SLA Assurance for Cloud Computing.

Net-Centric Software and Systems I/UCRC Copyright © 2011 NSF Net-Centric I/UCRC. All Rights Reserved. High-Confidence SLA Assurance for Cloud Computing.
Chapter 7: Managing Risk

Chapter 7: Managing Risk
Dynamic Service Composition with QoS Assurance Feb. 26-27, 2009 Jing Dong UTD Farokh Bastani UTD I-Ling Yen UTD.

Dynamic Service Composition with QoS Assurance Feb , 2009 Jing Dong UTD Farokh Bastani UTD I-Ling Yen UTD.
Scandpower AS P.O. Box 3, N-2027 Kjeller, Norway Risk management in the Scandinavian railway industry Karl Ove Ingebrigtsen Vice president Sweden Norway.

Scandpower AS P.O. Box 3, N-2027 Kjeller, Norway Risk management in the Scandinavian railway industry Karl Ove Ingebrigtsen Vice president Sweden Norway.
Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.

Spreadsheet Management. Field Interviews with Senior Managers by Caulkins et. al. (2007) report that Spreadsheet errors are common and have been observed.
Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.

Critical Infrastructure Protection (and Policy) H. Scott Matthews March 25, 2004.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
CSC 402, Fall 20001 Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)

CSC 402, Fall Requirements Analysis for Special Properties Systems Engineering (def?) –why? increasing complexity –ICBM’s (then TMI, Therac, Challenger...)
Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.

Title slide PIPELINE QRA SEMINAR. PIPELINE RISK ASSESSMENT INTRODUCTION TO RISK IDENTIFICATION 2.
Managing Project Risk.

Managing Project Risk.
Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.

Tony Gould Quality Risk Management. 2 | PQ Workshop, Abu Dhabi | October 2010 Introduction Risk management is not new – we do it informally all the time.
Managing Risk to Reduce Construction Claims (And Improve Project Success) Presented by Laurie Dennis, PE, CVS-Life, FSAVE.

Managing Risk to Reduce Construction Claims (And Improve Project Success) Presented by Laurie Dennis, PE, CVS-Life, FSAVE.
Managing Project Risk.

Managing Project Risk.

Similar presentations

Ads by Google