A Security Review of Event-Based Application Function and Service Component Architecture

A Security Review of Event-Based Application Function and Service Component Architecture

Faisal Nabi, Jianming Yong, Xiaohui Tao
DOI: 10.4018/IJSSSP.2020070104
(Individual Articles)
No Current Special Offers


The term service component is derived from SCA (service component architecture) for event based distributed system design. Although service component pattern offers composite application development and support application reusability functionality. However, security in event based communication in components interaction model mostly discussed on upper layer in SCA while developing service oriented component application logic. This layer is called application business process logic layer, which produces the application's rendering logic, having being authenticated from ACL.The need for such a comprehensive security review is required in this field that could possibly elaborate the issues in composite application and Event based attack in service component architecture model. The paper achieves this target by analysing, reviewing the security issues, modelling techniques in service component application functionality, while application components, that produces, consume, and processing events.
Article Preview

1. Introduction

The Architecture of Service Components (SCA) framework offers a component-based model with a consistency, design and efficiency approach to loose coupling, (Service Component Architecture. https://www.osoa.org/display/Main/Home). A SCA part has two types of interfaces, interfaces supported and demanded. These are used for the incorporation of the service into other components and inter-service event based communication.

Component construction takes place by service interface and reference wiring. Design (Development of Individual Components), Structure (Composition of Components into Systems) and Assembly (Structure of Composite Services or Service Networks) are the key elements of SCA that provide design stability to shape structure of components and service networks.

The event-based communication model is being used more and more commonly for the development of loosely connected, distributed systems for many different industry domains, such as composite applications based on SCA. The Event-based systems range from distributed sensor-based systems to Comprehensive business information services, OASIS Service Component Architecture / Assembly, SCA-Assembly (2018). Compared to synchronous communication using remote procedure calls (RPC), for example, event-based communication between components offers many advantages such as high scalability and extensibility, OASIS Service Component Architecture / Assembly, SCA-Assembly (2018). Being asynchronous in nature, it allows a send-and-forget approach, i.e., a component that sends a message can continue its execution without waiting for the recipient to respond to it. In addition, the loose coupling of components achieved through the mediating middleware framework leads to increased system modularity as components can be quickly added, removed or replaced.

The development of event-based system (EBS) has become one of the popular method in terms of service component architecture, there are number of reason such as the high quality pliability, scalability and quality to being able to adjust properties of new condition. The communication system makes such advantages— implied invocation and inferred competition between components. The event management is non-determinism on the base of coordination structure in event management that is possibly cause to produce relatively inborn vulnerabilities in a process of event attack.

In composite application functionality, the Event Attacks are mostly some different type of attacks, which by manipulating the event-based communication model of the system. This can misuse, trigger and affect a target model. The Event Attacks are harder to prevent because they are treated in a way that is not different from typical normal conditions in event-based communication.

There is extensive use of event-based systems that are introduced utilise the MOM frameworks. Various types of MOM frameworks including Prism-MW, Java Message System, Java Message Service (JMS), (2016), introduce these and Carzaniga, Rosenblum, & Wolf, (2001), in applications such as web based applications or service oriented architecture-driven systems. EBSs have become popular because of its high versatility, scalability and adaptability. Such benefits are allowed by relying on component call by invoking implicitly and implied competition. In a particularly case specifically, components in event-based systems possibly not be aware of the events they publish by customers or they may not necessarily know producers.

In service component based composite application the communication method, however, it is consist on non-deterministic in the handling of events, which may introduce inherent vulnerabilities in a system called event attacks. For instance, developers can create EBSs using externally developing malicious code components and users can use malicious code component EBSs. In those instances, malicious components may cause unintended behaviour, such as by sweeping events in order to obtain unauthorized information or by manipulating data in events to compromise the functionality of the event-based system.

Complete Article List

Search this Journal:
Volume 14: 1 Issue (2023)
Volume 13: 2 Issues (2022): 1 Released, 1 Forthcoming
Volume 12: 2 Issues (2021)
Volume 11: 2 Issues (2020)
Volume 10: 2 Issues (2019)
Volume 9: 4 Issues (2018)
View Complete Journal Contents Listing