Title :
A Security Evaluation Method Based on STRIDE Model for Web Service
Author :
Jiang, Li ; Chen, Hao ; Deng, Fei
Author_Institution :
Software Sch., Hunan Univ., Changsha, China
Abstract :
Web service is a distributed computing model which has characteristics of loose coupling, self-description and strong self-government, how to evaluate the degree of Web service security is a challenging problem. On the basis of analyzing the threat which Web service facing, a security evaluation method based on STRIDE model for Web service is proposed. According to its own features of Web service and threat classification method of STRIDE model, this paper designed a WS-Security Evaluation Model, it´s provide a valuable way to help user to create the threat modeling and evaluating the safety degree of Web service security. With the case study of SOA system in a certain enterprise, experimental results show that it provides a valuable reference to check out security vulnerabilities of Web service and optimize the system´s security design.
Keywords :
Web services; pattern classification; security of data; software architecture; SOA system; STRIDE model; WS-security evaluation model; Web service security; distributed computing model; security evaluation method; service oriented architecture system; system security design; threat classification method; Application software; Computer security; Distributed computing; Educational institutions; Information security; Local area networks; Safety; Service oriented architecture; Testing; Web services;
Conference_Titel :
Intelligent Systems and Applications (ISA), 2010 2nd International Workshop on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-5872-1
Electronic_ISBN :
978-1-4244-5874-5
DOI :
10.1109/IWISA.2010.5473445
