Model-Based Approach to Ensuring Reliability and Security of Web-services

In the paper, we analyze problems of reliability and security in the world practice and in Russia. We consider aspects of modeling software/hardware systems from service resources and ready-made reuses with ensuring reliability and security. We present the formed basic and theoretical foundations of the modeling problem, the experience of using modern service tools SOA, SCA, SOAP in software/hardware systems and Web systems to ensure their reliability and security on the Internet. We note that software/hardware systems and Web systems are created by the assembly build method in modern environments: IBM WSDK + WebSphere, Apache Axis + Tomcat; Microsoft .Net + IIS, etc. Verification and testing of systems should be conducted for searching of errors that occur in exceptional cases (cyber-attacks, forbidden access to the database, etc.). We describe methods for analyzing such situations and applying reliability and security methods to ensure stable and trouble-free operation of software/hardware systems service components in the Internet information environment.

1. Ushakov I. Is Reliability Theory still alive? Reliability: Theory & Applications, vol. 2, no 1, 2007, pp. 6-19.

2. Laprie J.C. Dependability: Basic Concepts and Terminology. Springer, 1992, 245 p.

3. Information Technology Security Evaluation Criteria (ITSEC): Preliminary Harmonised Criteria. Document COM(90) 314, Version 1.2. Commission of the European Communities, 1991.

4. Avizienis A., Laprie J.-C., Randell B., Landwehr C., Dobson I.E Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. on Dependable and Secure Computing, vol. 1, no. 1, 2004, pp. 11-33.

5. Chan P.P.W., Lyu M.R., Malek M. Making Services Fault Tolerant. Lecture Notes in Computer Science, vol. 4328, 2006, pp. 43–61.

6. Tartanoglu F., Issarny V., Romanovsky A., Levy N. Coordinated Forward Error Recovery for Composite Web Services. In Proc. of the 22nd Symposium on Reliable Distributed Systems (SRDS), 2003, pp. 167-176.

7. Липаев В.В. Надежность программного обеспечения. М., СИНТЕГ, 1998, 231 стр. / Lipaev V.V. Reliability of the software. M., SINTEG, 1998 г., 231 p. (in Russian).

8. Липаев В.В. Методы обеспечения качества крупномасштабных программных систем. М., СИНТЕГ, 2003 г., 510 стр. / Lipaev V.V. Quality assurance methods for large-scale software systems. M., SINTEG, 2003, 510 p. (in Russian).

9. Липаев В.В. Надежность и функциональная безопасность комплексов программ реального времени. Москва, Светлица, 2013 г., 193 стр. / Lipaev V.V. Reliability and functional safety of real-time software complexes. Moscow, Svetlitsa, 2013, 193 p. (in Russian).

10. Андон Ф.И., Коваль Г.И. и др. Основы инженерии качества программных систем. Киев, Наукова думка, 2007 г., 670 стр. / Andon F.I., Koval G.I. et al. Fundamentals of quality engineering of software systems. Kiev, Naukova Dumka, 2007, 670 p. (in Russian).

11. Горбенко А.В., Засуха С.А. и др. Безопасность ракетно-космической техники и надежность компьютерных систем. Авиационно-космическая техника и технология, no. 1(78), 2011 г., стр. 9–20 / Gorbenko A.V., Zasukha S.A. and other Safety of rocket and space technology and reliability of computer systems. Aerospace engineering and technology, no. 1 (78), 2011, pp. 9–20.

12. Лаврищева Е.М., Пакулин Н.В., Рыжов А.Г., Зеленов С.В. Анализ методов оценки надежности оборудования и систем. Практика применения методов. Труды ИСП РАН, том 30, вып.3, 2018 г., стр. 99-120 / Lavrischeva E.M., Pakulin N.V., Ryzhov A.G., Zelenov S.V. Analysis of methods for assessing the reliability of equipment and systems. Practice of methods. Trudy ISP RAN/Proc. ISP RAS, том 30, вып. 3, 2018 г., стр. 99-120 (in Russian). DOI: 10.15514/ISPRAS-2018-30(3)-8.

13. Lavrischeva E.M., Mutilin V.S., Ryzhov A.G. Designing variability models for software, operating systems and their families. Trudy ISP RAN/Proc. ISP RAS, vol. 29, issue 5, 2017, pp. 93-110. DOI: 10.15514/ISPRAS-2017-29(5)-6.

14. Тарасюк О.М., Горбенко А.В. Безопасность и устойчивость Веб- и облачных систем. Практикум. Министерство образования и науки Украины, Национальный аэрокосмический университет им. Н.Е. Жуковского «ХАИ», 2017 г., 40 стр. / Tarasyuk O.M., Gorbenko A.V. Security and Resilience of Web and Cloud Systems. Workshop. Ministry of Education and Science of Ukraine, National Aerospace University «Kharkiv Aviation Institute», 2017, 40 p. (in Russian).

15. Лаврищева Е.М., Грищенко В.Н. Связь разноязыковых модулей в ОС ЕС ЭВМ. Москва, Финансы и статистика, 1982 г., 137 стр. / Lavrischeva E.M., Grishchenko V.N. Linking multilingual modules in the OS of ES computers. Moscow, Finance and Statistics, 1982, 137 p. (in Russian).

16. Лаврищева Е.М., Грищенко В.Н. Сборочное программирование. Киев, Наукова думка, 1991 г., 282 cтр. / Lavrischeva E.M., Grishchenko V.N. Assembly programming. Kiev, Naukova Dumka, 1991, 282 p. (in Russian).

17. Липаев В.В., Позин Б.А., Штрих А.А. Технология сборочного программирования. М., Радио и связь, 1992 г., 287 стр. / Lipaev V.V., Pozin B.A., Shtrikh A.A. Assembly programming technology. M., Radio and communication, 1992, 287 p. (in Russian).

18. Лаврищева Е.М., Петренко А.К. Моделирование семейств программных систем. Труды ИСП РАН, том 28, вып. 6, 2016 г., стр. 49-64 / Lavrischeva K.M., Petrenko A.K. Software Product Lines Modeling. Trudy ISP RAN/Proc. ISP RAS, vol. 28, issue 6, 2016, pp. 49-64 (in Russian). DOI: 10.15514/ISPRAS-2016-28(6)-4.

19. Лаврищева Е.М. Рыжов А.Г. Применение теории общих типов данных стандарта ISO/IEC 11404 GDT к Big Data. Евразийский союз ученых, no. 31, 2016 г., стр. 99-110 / Lavrischeva E.M., Ryzhov A.G. application of the theory of general data types standard ISO/IEC 11404 GDT to Big Data. Eurasian Union of Scientists, no. 31, 2016, pp. 99-110 (in Russian).

20. Лаврищева Е.М., А.Г. Рыжов. Подход к моделированию систем и сайтов из готовых ресурсов. Труды ХХ Всероссийской конференции «Научный сервис в сети Интернет», 2018 г., стр. 321-345 / Lavrischeva E.M., Ryzhov A.G. Approach to the modeling of systems and sites from ready resources. In Proc. of the XX All-Russian Conference on Scientific Services on the Internet, 2018, pp. 321-345 (in Russian),

21. Лаврищева Е.М., Петренко А.К. Технология сборки интеллектуальных и информационных ресурсов Интернет. Труды ХХI Всероссийской конференции «Научный сервис в сети Интернет», 2019 г., стр. 469-488 / Lavrischeva K.M., Petrenko A.K. Technology of Assembly of intellectual and information resources of the Internet, In Proc. of the XXI All-Russian Conference on Scientific Services on the Internet, 2019, pp. 469-488 (in Russian).

22. Service-Oriented Architecture Ontology. The Open Group, 2010, 114 p.

23. Paik H., Lemos A.L., Barukh M.C., Benatallah B., Natarajan A. Service Component Architecture (SCA). In Web Service Implementation and Composition Techniques. Springer, 2017, pp. 2-3-250.

24. Web Services Description Language (WSDL), Version 2.0, Part 1: Core Language. W3C Recommendation, 26 June 2007.

25. Боркус В. Web-сервисы: современные стандарты. Аналитический обзор. PCWeek, 2005 г. / Borkus V. Web services: modern standards. Analytical review. PCWeek, 2005 (in Russian),

26. Лаврищева Е.М. Software Engineering компьютерных систем. Парадигмы. Технологии. CASE- системы программирования. Киев, Наукова думка, 2013, 280 стр. / Lavrischeva E.M. Software Engineering of Computer Systems. Paradigms. Technology. CASE- programming systems. Kiev, Naukova Dumka, 2013, 280 p. (in Russian).

27. Matthews B. Semantic Web Technologies. E-Learning, vol. 6, no. 6, 2005.

28. Interface Definition Language. The Object Management Group. URL: https://www.omg.org/spec/IDL, accessed 20.10.2020.

29. Jopera for Eclipse. URL: http://www.jopera.ethz.ch, accessed 20.10.2020

30. Taverna plugins. URL: http://www.mygrid.org.uk/usermanual1.7/taverna_plugins.html, accessed 20.10.2020

31. SOAP Version 1.2, Part 1: Messaging Framework (Second Edition). W3C Recommendation, 27 April 2007.