A New SOA Security Framework Defending Web Services against WSDL Attacks

Service Oriented Architecture is an architectural paradigm and discipline that may be used to build infrastructures enabling those with needs (consumers) and those with capabilities (providers) to interact via services across disparate domains of technology and ownership. Besides SOAP and UDDI, which make the foundation of SOA, WSDL also plays an important role in this architecture. So far, in most of the security solutions that have been offered for SOA, providing security of SOAP messages has been the main objective. But in this article, the security view has been changed to WSDL files. So a new framework has been proposed which aims to protect Web services against WSDL attacks. Additionally to the best of our knowledge at the time of the writing of this article no other practical solution has been suggested in order to secure Web services WSDL files in SOA environment. Also, in order to provide security requirements, a new extension of WSDL file in the suggested framework has been offered.