Title :
Web Service Security Analysis Model Based on Program Slicing
Author :
Li, Xiaohong ; Cao, Yan ; Feng, Zhiyong ; Liu, Ran
Abstract :
A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface information flow; critical information is checked to see whether it is disclosed through the interface information flow. Vulnerability proliferation of a service net is found through analyzing process of interface calling between two web services in which the critical information is transmitted and disclosed. A security report describing test results of a test scene is provided to verify the of security analysis process.
Keywords :
Web services; program slicing; security of data; critical information disclosure; program slicing; source code; vulnerability proliferation; web service net; web service protocol; web service security analysis; Analytical models; Data mining; Java; Protocols; Security; Web services; program slicing; service net; vulnerability; web service security;
Conference_Titel :
Quality Software (QSIC), 2010 10th International Conference on
Conference_Location :
Zhangjiajie
Print_ISBN :
978-1-4244-8078-4
Electronic_ISBN :
1550-6002
DOI :
10.1109/QSIC.2010.66
