Title :
Guarding Sensitive Information Streams through the Jungle of Composite Web Services
Author :
Wei, Jinpeng ; Singaravelu, Lenin ; Pu, Calton
Author_Institution :
Georgia Inst. of Technol., Atlanta
Abstract :
Complex and dynamic web service compositions may introduce unpredictable and unintentional sharing of security-sensitive data (e.g., credit card numbers) as well as unexpected vulnerabilities that cause information leak. This paper describes a fine-grain access policy specification of security-sensitive data items for each component web service. We propose the SF-Guard architecture to enforce these access policies at component web services. A prototype implementation of SF-Guard (on Apache Axis2) and its evaluation show that effective protection of security-sensitive information can be achieved at low overhead (a few percent addition to response time) while preserving the functionality of flexible web service composition.
Keywords :
Web services; security of data; SF-Guard architecture; composite Web services; dynamic Web service compositions; fine-grain access policy specification; security-sensitive data; sensitive information streams; unintentional sharing; Access control; Credit cards; Data security; Information security; Mechanical factors; Privacy; Protection; Prototypes; Service oriented architecture; Web services;
Conference_Titel :
Web Services, 2007. ICWS 2007. IEEE International Conference on
Conference_Location :
Salt Lake City, UT
Print_ISBN :
0-7695-2924-0
DOI :
10.1109/ICWS.2007.93
