Title :
A Framework for Enhancing Web Services Security
Author :
Sidharth, Navya ; Liu, Jigang
Author_Institution :
Metropolitan State Univ., St. Paul
Abstract :
The applicability of the security protocols, such as WS-Security, WS-Trust, WS-SecureConversation, WS-Federation, WS-Authorization, and WS-SecurityPolicy, is limited as they only protect SOA (Service Oriented Architecture) communication between two trusted parties with an established security association. The pervasiveness of Web services and SOAP API that can be invoked by anonymous consumers introduces security vulnerabilities are not addressed by the existing standards. In this paper, an Integrated Application and Protocol-based Framework is proposed to tackle the existing WS security problems. The proposed IAPF techniques are envisioned to be a part of the design and implementation structure of a Web service endpoint within the application and transaction handling logic of the SOAP/Web service producer. These techniques will empower application level Web services developers to design and implement SOA producers to the IAPF standard to firstly prevent DoS and DDoS based attacks and secondly mitigate the effects of these attacks.
Keywords :
Web services; access protocols; security of data; Web service pervasiveness; Web service security; denial of service; integrated application; protocol-based framework; security protocol; service-oriented architecture; simple object access protocol; transaction handling logic; Access protocols; Application software; Logic design; Protection; Security; Service oriented architecture; Simple object access protocol; Standards development; Web services; XML;
Conference_Titel :
Computer Software and Applications Conference, 2007. COMPSAC 2007. 31st Annual International
Conference_Location :
Beijing
Print_ISBN :
0-7695-2870-8
DOI :
10.1109/COMPSAC.2007.22
