• DocumentCode
    2837760
  • Title

    Architecting Web Service Attack Detection Handlers

  • Author

    Andrekanic, Alex ; Gamble, Rose

  • Author_Institution
    Tandy Sch. of Comput. Sci., Univ. of Tulsa, Tulsa, OK, USA
  • fYear
    2012
  • fDate
    24-29 June 2012
  • Firstpage
    130
  • Lastpage
    137
  • Abstract
    There is a wealth of research on web service attack types and different techniques to mitigate them. However, there is little discussion on reusable methods for implementing these known techniques. In this paper, we introduce two handler architectures that can be reused to implement a broad set of known attack countermeasures. While structurally similar, the architectures differ in the information they require for attack detection, in the needed changes to or restructuring of the message and its content, and in their invocation order among other handlers deployed on the application server and used by the web service. We present the handler architecture designs and how they address the specific web service attack types. We discuss the benefits of their attachment to the Web service. Also, we cover their implementation and deployment details on a JBoss application server and provide a case study to document the results of test runs.
  • Keywords
    Web services; message authentication; service-oriented architecture; JBoss application server; Web service attack detection handler architecture; Web service attack types; message restructuring; Computer architecture; Cryptography; Payloads; Servers; Simple object access protocol; XML; messaging attacks; security; web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Services (ICWS), 2012 IEEE 19th International Conference on
  • Conference_Location
    Honolulu, HI
  • Print_ISBN
    978-1-4673-2131-0
  • Type

    conf

  • DOI
    10.1109/ICWS.2012.69
  • Filename
    6257799
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2837760