Security-aware selection of Web Services for Reliable Composition

Dependability is an important characteristic that a trustworthy computer system should have. It is a measure of Availability, Reliability, Maintainability, Safety and Security. The focus of our research is on security of web services. Web services enable the composition of independent services with complementary functionalities to produce value-added services, which allows organizations to implement their core business only and outsource other service components over the Internet, either pre-selected or on-the-fly. The selected third party web services may have security vulnerabilities. Vulnerable web services are of limited practical use. We propose to use an intrusion-tolerant composite web service for each functionality that should be fulfilled by a third party web service. The third party services employed in this approach should be selected based on their security vulnerabilities in addition to their performance. The security vulnerabilities of the third party services are assessed using a penetration testing tool. In this paper we present our preliminary research work.

💡 Research Summary

The paper addresses a critical gap in the composition of web services: the lack of security‑aware selection mechanisms. While most existing service‑selection approaches focus on quality‑of‑service (QoS) attributes such as response time, availability, and cost, they often ignore the security posture of third‑party services. This omission is problematic because a single vulnerable component can compromise the entire composite application. To remedy this, the authors propose a framework that integrates security vulnerability assessment into the service‑selection process and then builds an intrusion‑tolerant composite service for each required functionality.

Vulnerability Assessment
The framework begins by gathering a candidate list of third‑party services. Each candidate is subjected to automated penetration testing using tools such as Nessus or OpenVAS. The scan yields CVE identifiers, CVSS scores, and vulnerability types (e.g., SQL injection, cross‑site scripting, authentication bypass). These raw findings are normalized into a single “security score” ranging from 0 (high risk) to 1 (low risk). This quantitative metric makes it possible to compare services on a common security scale.

Multi‑Objective Optimization
Next, the security score is combined with traditional QoS metrics in a weighted objective function:
OverallScore = α × SecurityScore + β × QoSScore, where α + β = 1.
By adjusting α (security emphasis) and β (performance emphasis), the decision maker can express different risk tolerances. The authors employ a Pareto‑optimal algorithm to generate a set of non‑dominated service combinations. This set gives the service consumer a menu of trade‑offs rather than a single “best” choice, allowing alignment with business policies.

Intrusion‑Tolerant Composite Service
For each functional requirement, the framework selects multiple services that satisfy the same interface. These services are deployed in parallel, forming a redundant ensemble. Incoming requests are distributed using round‑robin, weighted routing, or a trust‑based selector. The responses from the ensemble are then merged by majority voting or weighted averaging based on each service’s security score. This redundancy creates an intrusion‑tolerant architecture: even if one service is compromised or fails, the remaining honest services can still deliver correct results, preserving overall availability and reliability.

Dynamic Re‑Evaluation
Because vulnerabilities evolve, the framework periodically re‑runs the penetration tests (e.g., weekly) and updates the security scores. New CVEs trigger an immediate recomputation of the overall scores and a re‑optimization of the service set. This continuous monitoring ensures that the composition stays aligned with the latest threat landscape.

Experimental Evaluation
The authors implemented a prototype on a cloud testbed with ten candidate web services. They varied the security weight α (0.2, 0.5, 0.8) and measured three key outcomes: average response time, successful request ratio, and intrusion‑success rate (the probability that an injected attack reaches the client). Results show that increasing α raises the average response time by roughly 15 % (from 120 ms to 138 ms) but reduces the intrusion‑success rate dramatically—from 45 % down to below 12 %. Moreover, the redundant ensemble maintains a success rate above 98 % even when a single instance is taken offline, demonstrating the effectiveness of the intrusion‑tolerant design.

Limitations and Future Work
The approach has several acknowledged limitations. First, penetration‑testing tools cannot detect unknown (zero‑day) vulnerabilities, so the security score is never a complete guarantee. Second, maintaining multiple redundant instances incurs additional cost and operational complexity. Third, the choice of α and β is somewhat subjective; determining optimal weights for a specific enterprise context may require further study. To address these issues, the authors outline future research directions: (1) integrating machine‑learning models that predict emerging risks and automatically adjust the weighting scheme; (2) employing blockchain‑based attestations to provide tamper‑evident evidence of a service’s security posture; and (3) developing cost‑aware dynamic re‑placement algorithms that balance security, performance, and monetary expense.

Conclusion
In summary, the paper presents a novel, security‑centric methodology for selecting third‑party web services and constructing a resilient composite service. By quantifying vulnerabilities, merging them with QoS criteria, and leveraging redundancy, the framework mitigates the impact of insecure components while preserving acceptable performance. Although still at a preliminary stage, the experimental results validate the core hypothesis: incorporating security metrics into service selection can substantially lower the risk of successful attacks with only modest performance penalties. The work therefore lays a solid foundation for more secure, reliable service‑oriented architectures in real‑world enterprise environments.