Service Injection: A Threat to Self-managed Complex Systems

Abstract—The promises of a service-centric Future Internet, where we can mix, match and create rapid-grown services also bring new security challenges. This paper investigates a threat named service injection to self-managed composite service systems that consist of service components from different providers. The overall goal of service injection is to have a malicious service component become a part of a composite service.This can be done by provoking a runtime recomposition and taking the place of a legitimate service component. Service injection could quickly become as prevalent as today’s widespread code injection, it is being held back by the fact that there are not many system configurations in which it may manifest itself. However, with the emerging trends of autonomic and heterogenous system-of-systems, we should start to think about precautions before it is too late. In order to analyze and classify service injection we have used the CAPEC schema for standard attacks.