2015 IEEE World Congress on Services最新文献

{"title":"High-Performance Classification of Phishing URLs Using a Multi-modal Approach with MapReduce","authors":"Niju Shrestha, Rajan Kumar Kharel, Jason Britt, Ragib Hasan","doi":"10.1109/SERVICES.2015.38","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.38","url":null,"abstract":"Classifying phishing websites can be expensive both computationally and financially given a large enough volume of suspect sites. A distributed cloud environment can reduce the computational time and financial cost significantly. To test this idea, we apply a multi-modal feature classification algorithm to classify phishing websites in a non-distributed and several distributed environments. A multi-modal approach combines both visual and text features for classification. The implementation extracts color feature and histogram feature from the screenshot of a phishing website and text from its html source code. Feature extraction and comparison is accomplished by applying the MapReduce framework. Implementing the multi-modal approach in a distributed environment proves to reduce the runtime as well as the financial costs. We present results that show our work is 30 times faster than existing state of the art systems in phishing website classification problem.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114297790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Framework for Managing Services in a Virtual Community Context","authors":"J. Itani, E. Gouardères, P. Aniorté","doi":"10.1109/SERVICES.2015.42","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.42","url":null,"abstract":"Virtual Communities (VCs) are dominating our daily activities from different insights. Social, Business, Professional, Educational and many VCs are competing to conquer the cloud by targeting more audience through the services they provide. The diversity, magnitude and quality of provided services raise a new challenge for managing these services. Consequently, the success or failure of VCs depends to a great extent on the robustness and dynamicity of managing their services. The concepts of decoupling and dynamic allocation of services found in SOA encourage us to adopt this architecture to develop a framework to manage services provided inside VCs. The core of this framework is a service mediation system in charge of providing, monitoring and maintaining services inside VCs. The objective of this work is to make sure community members are getting the services they need with the quality they request at the time they want within the VC they belong to. We intend to have this work generic enough to be adapted to different service oriented disciplines.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114741380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Location Obfuscation for Location Data Privacy","authors":"Vaibhav Ankush Kachore, J. Lakshmi, S. Nandy","doi":"10.1109/SERVICES.2015.39","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.39","url":null,"abstract":"Advances in wireless internet, sensor technologies, mobile technologies, and global positioning technologies have renewed interest in location based services (LBSs) among mobile users. LBSs on smartphones allow consumers to locate nearby products and services, in exchange of their location information. Precision of location data helps for accurate query processing of LBSs but it may lead to severe security violations and several privacy threats, as intruders can easily determine user's common paths or actual locations. Encryption is the most explored approach for ensuring security. It can give protection against third party attacks but it cannot provide protection against privacy threats on the server which can still obtain user location and use it for malicious purposes. Location obfuscation is a technique to protect user privacy by altering the location of the users while preserving capability of server to compute few mathematical functions which are useful for the user over the obfuscated location information. This work mainly concentrates on LBSs which wants to know the distance travelled by user for providing their services and compares encryption and obfuscation techniques. This study proposes various methods of location obfuscation for GPS location data which are used to obfuscate user's path and location from service provider. Our work shows that user privacy can be maintained without affecting LBSs results, and without incurring significant overheads.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123293486","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Semi-automated Fuzzy MCDM and Lattice Solutions for WS-Policy Intersection","authors":"Abeer Elsafie, Jörg Schwenk","doi":"10.1109/SERVICES.2015.33","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.33","url":null,"abstract":"In order to enable a secure Business-to-Business (B2B) interaction between web services, it is essential to negotiate a common security policy by computing the policy intersection according to the web service (WS)-policy framework. For this purpose, both policies are transformed into Disjunctive Normal Form (DNF). Then the intersection of the two sets of monomials (alternatives) from the two DNFs is computed. If the intersection's output is only one compatible monomial, we are done: We have found a unique security policy supported by both parties. However, two other cases are also possible: There may be more than one compatible monomial, and there may be no intersection which means, no compatible alternatives are found. In both cases, additional processing steps are required in order to communicate: If there are more than one alternatives, we would like to find the optimum security policy amongst all. If there is no intersection, we would like to find a minimal extension of the security policies to enforce an intersection. WS-policy framework does not give any information on how the policy intersection can be calculated or found when alternatives are semi-compatible or fully incompatible. In addition to the issue of multiple compatible alternatives, which alternative to choose. Current research is focusing on how to measure the compatibility, however achieving policy agreement in term of policy intersection is far from being possible. In order to address this problem we introduce two separate solutions for the two cases. For the case of more than one compatible alternative (multiple-intersection), we present a Multiple Criteria Decision Making (MCDM) model using Fuzzy Analytical Hierarchy Process (AHP) for the WS-Security Policy assertions in order to calculate the optimum security policy alternative. For the case of (no-intersection) we provide two algorithms for calculating the least upper bound (lub) or the greatest lower bound (glb) of the ordered sets to enable compatibility. We present a case example using practical policies in order to show the output using the two concepts based on Apache axis2 rampart, Apache neethi and IBM security policies. Outputs are found similar using both concepts.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123348998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Integrating Open SAF High Availability Solution with Open Stack","authors":"P. Heidari, M. Hormati, M. Toeroe, Yanal Alahmad, F. Khendek","doi":"10.1109/SERVICES.2015.41","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.41","url":null,"abstract":"Cloud computing is a popular paradigm for providing computational services. Cloud computing frameworks offer cost efficiency, better resource utilization and scalability. Availability remains as one of the main challenges for the cloud. Solutions, such as Heat, have been proposed and integrated with cloud controllers like Open Stack. These solutions protect services against application and infrastructure failure. However, the recovery for the application is tied to recovery of the underlying infrastructure, therefore, the service recovery and outage time may be substantial. In this paper we propose an architecture which integrates an existing middleware solution for high availability, OpenSAF, with OpenStack, for the management of the availability of the applications and the infrastructure. We show that in comparison with Heat, the proposed solution improves the service recovery and outage time and offers flexibility in terms of redundancy models and recovery actions.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123025090","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Towards an Elasticity Framework for Legacy Highly Available Applications in the Cloud","authors":"Hassan Hawilo, A. Kanso, A. Shami","doi":"10.1109/SERVICES.2015.44","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.44","url":null,"abstract":"Elasticity is a key characteristic of cloud computing where the provisioning of resources can be directly proportional to the runtime demand. Legacy highly available applications typically rely on the underlying platform to manage their availability by monitoring heartbeats, executing recoveries, and attempting repairs to bring the system back to normal. Migrating such applications to the cloud can be particularly challenging, especially if the elasticity policies target the application only, without considering the underlying platform contributing to its high availability (HA). In this paper, we present a comprehensive framework for the elasticity of highly available applications that considers the elastic deployment of the platform and the HA placement of the application's components. We apply our approach to an IP multimedia subsystem (IMS) application and demonstrate how, within a matter of seconds, the IMS application can be scaled up while maintaining its HA status.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"70 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127272890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"A Testbed and Process for Analyzing Attack Vectors and Vulnerabilities in Hybrid Mobile Apps Connected to Restful Web Services","authors":"M. Hale, Seth Hanson","doi":"10.1109/SERVICES.2015.35","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.35","url":null,"abstract":"Web traffic is increasingly trending towards mobile devices driving developers to tailor web content to small screens and customize web apps using mobile-only capabilities such as geo-location, accelerometers, offline storage, and camera features. Hybrid apps provide a cross-platform, device independent, means for developers to utilize these features. They work by wrapping web-based code, i.e., HTML5, CSS, and JavaScript, in thin native containers that expose device features. This design pattern encourages re-use of existing code, reduces development time, and leverages existing web development talent that doesn't depend on platform specific languages. Despite these advantages, the newness of hybrid apps raises new security challenges associated with integrating code designed for a web browser with features native to a mobile device. This paper explores these security concerns and defines three forms of attack that can specifically target and exploit hybrid apps connected to web services. Contributions of the paper include a high level process for discovering hybrid app attacks and vulnerabilities, definitions of emerging hybrid attack vectors, and a test bed platform for analyzing vulnerabilities. As an evaluation, hybrid attacks are analyzed in the test bed showing that it provides insight into vulnerabilities and helps assess risk.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115980483","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Discovering Behavioural Interfaces for Overloaded Web Services","authors":"Fuguo Wei, C. Ouyang, A. Barros","doi":"10.1109/SERVICES.2015.50","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.50","url":null,"abstract":"The growth of APIs and Web services on the Internet, especially through larger enterprise systems increasingly being leveraged for Cloud and software-as-a-service opportunities, poses challenges to improving the efficiency of integration with these services. Interfaces of enterprise systems are typically larger, more complex and overloaded, with single operation having multiple data entities and parameter sets, supporting varying requests, and reflecting versioning across different system releases, compared to fine-grained operations of contemporary interfaces. We propose a technique to support the refactoring of service interfaces by deriving business entities and their relationships. In this paper, we focus on the behavioural aspects of service interfaces, aiming to discover the sequential dependencies of operations (otherwise known as protocol extraction) based on the entities and relationships derived. Specifically, we propose heuristics according to these relationships, and in turn, deriving permissible orders in which operations are invoked. As a result of this, service operations can be refactored on business entity CRUD lines, with explicit behavioural protocols as part of an interface definition. This supports flexible service discovery, composition and integration. A prototypical implementation and analysis of existing Web services, including those of commercial logistic systems (Fedex), are used to validate the algorithms proposed through the paper.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"29 3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125453621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"The IEEE Services Visionary Track on the Future of Software Engineering for/in the Cloud","authors":"R. Bahsoon, Nour Ali, I. Mistrík, T. S. Mohan","doi":"10.1109/SERVICES.2015.13","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.13","url":null,"abstract":"The goal of this track is to strengthen the cross-fertilization of advances from software engineering, services and cloud computing. The workshop aims at exploring, debating and increasing our understanding to the following: (i) how advances in software engineering, with emphasis on engineering requirements software architectures, architecting dependable systems, self-adaptive software architectures, economics-driven software engineering, utility computing, risk management, security software engineering and testing, Search-based software engineering can (not) benefit the case of cloud, (ii) what are the most recent innovations, trends, experiences and concerns in the field that appraise the paradigm-shift in engineering software systems as cloud services or in support of cloud infrastructures, (iii) What are the open research challenges and promising directions for software engineering FOR the cloud? And how cloud is likely to shape the research landscape of software engineering for at least the next decade? (iv) How the paradigm will shape the future of engineering software IN the cloud, i.e. Benefiting from the cloud infrastructure, virtualization and economies of scale?","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126800310","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"IEEE Services Visionary Track on Security and Privacy Engineering (SPE 2015)","authors":"C. Ardagna, Meiko Jensen, Miguel Vargas Martin","doi":"10.1109/SERVICES.2015.30","DOIUrl":"https://doi.org/10.1109/SERVICES.2015.30","url":null,"abstract":"Message from the IEEE Services Visionary Track on Security and Privacy Engineering (SPE 2015) Program Chairs.","PeriodicalId":106002,"journal":{"name":"2015 IEEE World Congress on Services","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128396884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}