Total views : 321
Custom Security in Web Services
Background/Objectives: Service oriented Architecture (SOA) infrastructures using web services are deployed by many firms worldwide. Web Services provide a standard means of inter-operation between heterogeneous software applications that run on a variety of platforms. Most of the web services are offered with HTTP over Simple Object Access Protocol (SOAP) as the underlying infrastructure. The greatest web security threat is accepting the request from the client without proper validation. The objective is to separate the application logic and the security or validation procedures which offers more advantage for software reuse since it is not necessary to recompile, when the validation or security requirements change. Methods: An Interceptor is created for validation which has the token based authentication procedures along with the steps for validating the data. The system is devised in such a way that the business logic will be triggered if and only if the data is validated and passed by the interceptor procedures. Findings: The proposed system provides a way to keep the validation and security mechanism out of application logic and hence this does not modify the existing functionality. Thus, combining all custom security as one unit of validation before hitting the business logic is the basic idea of the proposed system.
Custom Security, SOA, Validation Model, Web Service.
- Patel V, Mohandas R, Pais AR. Attacks on web services and mitigation schemes. Proceedings of the 2010 International Conference on Security and Cryptography (SECRYPT). 2010 Jul 1–6.
- Menaka R, Wahida Banu RSD, Ashadevi B. Survey on Signatured Xml Encryption for Multi-Tier Web Services Security. Indian Journal of Science and Technology. 2016
- Murugan A, Vivekanandan K. Xsd ddos trace handler in web service environment. Journal of Software. 2015; 10:086–1095.
- Gupta AN, Thilagam DPS. Attack on web services need to secure xml on web. Computer Science Engineering: An International Journal. 2013; 03:1–11.
- Brinhosa RB, Westphall CM, Westphall CB. Proposal and development of the web services input validation model. IEEE Network Operations and Management Symposium (NOMS). 2012; 03:262–6.
- CDISC, XML Schema Validation for Define.xml, CDISC INC.
- Suriadi S, Stebila D, Clark A, Liu H. Defending web services against denial of service attacks using client puzzles. 2011 IEEE International Conference on Web Services (ICWS). 2011; 01. p. 25–32.
- Sheng Y, Lu Z. A online user authentication scheme for web-based services. Business and Information Management, 2008. ISBIM ’08. International Seminar. 2008; 02:173–6.
- Kim A, Khashnobish A, Kang M. An architecture for web services authentication and authorization in a maritime environment. International Conference on Information Technology, IEEE. 2007; 14. p. 560–6.
- Auletta V, Blundo C, Cimato S. Authenticated web services: A wssecurity based implementation. European Commission through the IST program under Contract IST-2002-507932. 2002; 01:1596–608.
- Brinhosa RB, Westphall CB, Westphall CM. A security framework for input validation. The Second International Conference on Emerging Security Information, Systems and Technologies. 2008; 01. p. 88–92.
- Jensen H. Input Validation Framework for Web Services. NTNU Innovation and creativity.
- Lad N, Baria J. Ddos prevention on rest based web services. International Journal of Computer Science and Information Technologies. 2014; 05:7314–7.
- Prabu SS, Kumar DVS. Countering the ddos attacks for a secured web service. Indian Journal of Computer Science and Engineering. 2013; 04:149–54.
- Kalman M. Rule-based web service validation. 2014 IEEE International Conference on Web Services (ICWS). 2014; 01. p. 542–9.
- Li Z, Jin Y, Han J. A runtime monitoring and validation framework for web service interactions. Proceedings of the 2006 Australian Software Engineering Conference. 2006; 01. p. 79–89.
- Sindhu S, Kanchana R. Security solutions for web service attacks in a dynamic composition scenario. IEEE International Conference on Advanced Communication Control and Computing Teclmologies. 2014; 01. p. 624–8.
- Kargl F, Maier J, Weber M. Protecting web servers from distributed denial of service attacks. Proceedings of the 10th International Conference on World Wide Web. 2001; 10. p. 514–24.
- Stienne DS, Clarke N, Reynolds P. Strong authentication for web services using smartcards. Proceedings of the 7th Australian Information Security Management Conference. 2013; 03. p. 55–62.
- Thelin J, Murray PJ. A Public Web Services Security Framework based on Current and Future usage Scenarios. Proceedings of the International Conference on Internet Computing.
- Uma E, Kannan A. Self-aware message validating algorithm for preventing XML-based injection attacks. International Journal of Technology and Engineering Studies. 2016; 2(3):60–9.
- Zhang W, van Engelen RA. High-Performance XML Parsing and Validation with Permutation Phrase Grammar Parsers. IEEE International Conference on Web Services. 2008.
- RajKumar N, Vinod V. Integrated Educational Information Systems for Disabled Schools via a Service Bus using SOA. Indian Journal of Science and Technology. 2015.
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.