Information Flow Analysis of Web Service Net

Author

Jin-Liang, Xing ; Xiao-Hong, Li ; Yan, Cao ; Zhi-Yong, Feng ; Ran, Liu

Author_Institution

Sch. of Comput. Sci. & Technol., Master Tianjin Univ., Tianjin, China

fYear

2010

fDate

June 29 2010-July 1 2010

Firstpage

1622

Lastpage

1626

Abstract

A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface information flow; critical information is checked to see whether it is disclosed through the interface information flow. Vulnerability proliferation of a service net is found through analyzing process of interface calling between two web services in which the critical information is transmitted and disclosed. A security report describing test results of a test scene is provided to verify the correctness of security analysis process.

Keywords

Web services; program diagnostics; security of data; Web service net; Web service protocol; Web service security analysis model; information flow analysis; program slicing; service interfaces; source code; Analytical models; Data mining; Driver circuits; Global Positioning System; Security; Software; Web services; program slicing; service net; vulnerability proliferation; web service security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on

Conference_Location

Bradford

Print_ISBN

978-1-4244-7547-6

Type

conf

DOI

10.1109/CIT.2010.287

Filename

5577944