Visible to the public Security solutions for Web Service attacks in a dynamic composition scenario

TitleSecurity solutions for Web Service attacks in a dynamic composition scenario
Publication TypeConference Paper
Year of Publication2014
AuthorsSindhu, S.M., Kanchana, R.
Conference NameAdvanced Communication Control and Computing Technologies (ICACCCT), 2014 International Conference on
Date PublishedMay
KeywordsAPI, application program interfaces, authentication, authorisation, Authorization, confidentiality, data integrity, dynamic composition scenario, Electronic publishing, Information services, integrity, Internet, Lead, nonrepudiation, Protocols, SAS API, schema hardening, schema validation, security, security solutions, service oriented architecture, service-oriented architecture, Simple object access protocol, SOA, SOAP, SOAP messages, SOAPAction spoofing, Standards, UDDI, Web service attacks, web services, WS-Addressing spoofing, WSAS API, WSDL, XML injection

Web Services can be invoked from anywhere through internet without having enough knowledge about the implementation details. In some cases, single service cannot accomplish user needs. One or more services must be composed which together satisfy the user needs. Therefore, security is the most important concern not only at single service level but also at composition level. Several attacks are possible on SOAP messages communicated among Web Services because of their standardized interfaces. Examples of Web Service attacks are oversize payload, SOAPAction spoofing, XML injection, WS-Addressing spoofing, etc. Most of the existing works provide solution to ensure basic security features of Web Services such as confidentiality, integrity, authentication, authorization, and non-repudiation. Very few of the existing works provide solutions such as schema validation and schema hardening for attacks on Web Services. But these solutions do not address and provide attack specific solutions for SOAP messages communicated between Web Service. Hence, it is proposed to provide solutions for two of the prevailing Web Service attacks. Since new types of Web Service attacks are evolving over time, the proposed security solutions are implemented as APIs that are pluggable in any server where the Web Service is deployed.

Citation Key7019163