Date Added: Nov 2008
Web services as fundamental building blocks for next generation distributed systems, play an important role in today enterprise application architectures. The flexibility and openness of the web services computing model can expose corporate data and business processes to security risks. To support critical applications, the existing web service models need to be extended to assure survivability. This paper presents a multi-layer architecture for intrusion tolerant web services. The specific goal of the architecture is to use single version software fault tolerance concepts in case of malicious failures. The paper will also present a coloured Petri net model, which is used for the formal analysis of the proposed architecture.