Evaluation of SOA Security Metrics Using Attack Graphs

Abstract

First, different security metrics are presented. A proposal of risk assessment for service oriented architecture (SOA) is given. This proposal is based on service availability metrics. First metric represents costs (extend of damage), when the service is not available. The second one is a probability that the service is available. Foundations for calculating this probability by simulation using attack graphs are given. The attack graph is a representation of actions that end in a state where an intruder achieved his/her goal. A model of intrusion detection system is given too.