Title :
Intrusion Resistant SOAP Messaging with IAPF
Author :
Sidharth, Navya ; Liu, Jigang
Author_Institution :
MindZephyr Inc, Chaska, MN
Abstract :
Simple object access protocol (SOAP) is the communication protocol used by Web services to communicate between systems. Since SOAP messages have the ability to bypass firewalls and directly get processed by web servers, their security is critical to the security of the Web servers. This paper explores the security vulnerabilities of SOAP messages in a service-oriented architecture (SOA) environment and describes the implementation of the integrated application and protocol framework (IAPF) that can successfully combat the security threats. In addition to the discussion on how IAPF helps in the early detection of both XML injection and parameter tampering attacks, the details about the fundamental implementation of the IAPF mechanisms in supporting intrusion resistant SOAP messaging are also presented.
Keywords :
Web services; XML; access protocols; authorisation; message authentication; software architecture; Web server security; Web service; XML injection; communication protocol; firewall; integrated application; intrusion resistant SOAP messaging; parameter tampering attack; protocol framework; service-oriented architecture; simple object access protocol; Access protocols; Communication system security; Computer architecture; Computer industry; Distributed computing; Service oriented architecture; Simple object access protocol; Web server; Web services; XML; IAPF; SOAP; Web Services; Web Services Security;
Conference_Titel :
Asia-Pacific Services Computing Conference, 2008. APSCC '08. IEEE
Conference_Location :
Yilan
Print_ISBN :
978-0-7695-3473-2
Electronic_ISBN :
978-0-7695-3473-2
DOI :
10.1109/APSCC.2008.221
