Top

Published in:

2011 | OriginalPaper | Chapter

7. Denial of Service Defence Appliance for Web Services

Authors : S. Suriadi, A. Clark, H. Liu, D. Schmidt, J. Smith, D. Stebila

Published in: An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks

Publisher: Springer India

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Service-oriented architectures (SOAs), implemented using web services, seek to use open and interoperable standards to facilitate easier enterprise application integration, provide application flexibility and facilitate the dynamic composition of applications from component services. As with traditional distributed computing environments such as common object request broker architecture (CORBA), remote procedure call (RPC) and remote method invocation (RMI), the exposure of information resources via computer networks to remote users and applications requires that those resources be adequately protected.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Cryptographic Approaches to Denial-of-Service Resistance

next chapter DoS Vulnerabilities in IPv6

The figures depicting a WSDL specification are adapted from [31, Chapter 2].

Earlier versions of the SOAP specification indicate that SOAP was an acronym for simple object access protocol; recent versions of the standard no longer use the term SOAP as an acronym.

http://www.securityfocus.com/bid/9185/info.

http://xforce.iss.net/xforce/xfdb/15270.

http://securitytracker.com/alerts/2004/Apr/1009758.html.

It is not clear from the SOAP standard whether SOAP fault messages must always be generated or not. However, from the Web Services Interoperability Organization (WSI) Basic Profile document, one of the requirements (R1027, [5, Section 3.2.2]) is that a recipient must generate a SOAP fault if it cannot process a mandatory SOAP header block (those with the mustUnderstand attribute set).

Nevertheless, it is still possible for multiple non- < wsse:Security > SOAP header blocks to be targeted to the same recipient.

http://www.endace.com/assets/files/resources/Endace_Datasheet_DAG7.5G2-G4_20100330.pdf.

The DMM component is still more of a conceptual idea at this point. It is still a work-in-progress and further research is needed to properly develop this module.

In our subsequent experiments, we have not included codes to verify the freshness of timestamps however, we assume that such a process is straightforward.

Ahmed, E., A. Clark, and G. Mohay. 2008. A novel sliding window based change detection algorithm for asymmetric traffic. In Proceedings of the IFIP International Conference on Network and Parallel Computing, 168–175, Oct 2008.

Algergawy, A., R. Nayak, and G. Saake. 2009. XML schema element similarity measures: A schema matching context. In OTM Conferences (2), 1246–1253, 2009.

Aura, T., P. Nikander, and J. Leiwo. 2000. DoS-resistant authentication with client puzzles. In Security Protocols Workshop 2000, 170–181. Cambridge, Apr 2000.

Badishi, G., A. Herzberg, I. Keidar, O. Romanov, and A. Yachin. 2008. An empirical study of denial of service mitigation techniques. In IEEE Symposium on Reliable Distributed Systems. SRDS ’08, 115–124, Oct 2008.

Ballinger, K., D. Ehnebuske, C. Ferris, M. Gudgin, C. Liu, M. Nottingham, and P. Yendluri. 2006. Basic profile version 1.1 final material. http://www.ws-i.org/profiles/basicprofile-1.1.html. Accessed 17 Feb 2011.

Box, D., D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. 2000. Simple object access protocol (soap) 1.1. http://www.w3.org/TR/2000/NOTE-SOAP-20000508/. Accessed 16 Feb 2011.

Butek, R. 2005. Which style of WSDL should I use? http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/. Accessed 17 Feb 2011.

Chinnici, R., J.-J. Moreau, A. Ryman, and S. Weerawarana. 2007. Web services description language (WSDL) version 2.0. Part 1 Core language. http://www.w3.org/TR/wsdl20/. Accessed 17 Feb 2011.

Christensen, E., F. Curbera, G. Meredith, and S. Weerawarana. 2001. Web services description language (WSDL) 1.1 – W3C note. http://www.w3.org/TR/wsdl.html. Accessed 17 Feb 2011.

10.

Dean, D. and A. Stubblefield. 2001. Using Client Puzzles to Protect TLS. In Proc. 10th USENIX Security Symposium, 2001.

11.

Dwork, C. and M. Naor. 1992. Pricing via processing or combatting junk mail. In CRYPTO ’92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, 139–147, London, 1992. Springer.

12.

Eastlake, D., J. Reagle, D. Eastlake, J. Reagle, T. Imamura, B. Dillaway, and E. Simon. 2002. XML encryption syntax and processing. http://www.w3.org/TR/xmlenc-core/. Accessed 16 Feb 2011.

13.

Eastlake, D., J. Reagle, and D. Solo. 2002. (Extensible markup language) XML signature syntax and processing. http://tools.ietf.org/html/rfc3275. Accessed 16 Feb 2011.

14.

Gudgin, M., M. Hadley, N. Mendelsohn, J.-J. Moreau, H. Nielsen, A. Karmarkar, and Y. Lafon. 2007. SOAP version 1.2. Part 1: Messaging Framework (Second edition). http://www.w3.org/TR/soap12-part1/. Accessed 16 Feb 2011.

15.

Gudgin, M., M. Hadley, N. Mendelsohn, J.-J. Moreau, H. Nielsen, A. Karmarkar, and Y. Lafon. 2007. SOAP version 1.2. Part 2: Adjuncts (Second edition) http://www.w3.org/TR/soap12-part2/. Accessed 16 Feb 2011.

16.

Juels, A. and J. Brainard. 1999. Client puzzles: A cryptographic defense against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS ’99), 151–165, San Diego, Feb 1999. Internet Society Press, Reston.

17.

Kutty, S., T. Tran, R. Nayak, and Y. Li. 2007. Clustering XML documents using closed frequent subtrees: A structural similarity approach. In INEX, 183–194, 2007.

18.

Lawrence, K., C. Kaler, A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist. 2007. ‘WS-Trust 1.3,’ OASIS Standard ws-trust-200512, Mar 2007. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html. Accessed 31 Aug 2011.

19.

Lawrence, K., C. Kaler, A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist. 2008. WS-Securitypolicy 1.2 – OASIS standard incorporating proposed errata. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-errata-cd-01.pdf. Accessed 17 Feb 2011.

20.

Lawrence, K., C. Kaler, A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web services security: SOAP message security 1.1 (WS-Security 2004). http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf. Accessed 16 Feb 2011.

21.

Lawrence, K., C. Kaler, A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web services security X.509 certificate token profile 1.1. docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-x509TokenProfile-01.pdf. Accessed 17 Feb 2011.

22.

Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security kerberos token profile 1.1. http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf. Accessed 17 Feb 2011.

23.

Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security: SAML token profile 1.1. http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf. Accessed 17 Feb 2011.

24.

Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security username token profile 1.1. http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf. Accessed 17 Feb 2011.

25.

McNevin, T., J.-M. Park, and R. Marchany. 2004. pTCP: A client puzzle protocol for defending against resource exhaustion denial of service attacks. Technical report TR-ECE-04-10, Department of Electrical and Computer Engineering, Virginia Tech, Oct 2004. http://www.ece.vt.edu/parkjm/Research/techReport_pTCP.pdf. Accessed 17 Feb 2011.

26.

Mitra, N. and Y. Lafon. 2007. SOAP version 1.2 part 0: Primer (second edition). http://www.w3.org/TR/soap12-part0/. Accessed 16 Feb 2011.

27.

Nayak, R. and S. Xu. 2005. XML documents clustering by structures. In INEX, 432–442, 2005

28.

Nielsen, H. and H. Ruellan. 2004. SOAP 1.2 attachment feature – w3c working group note. http://www.w3.org/TR/soap12-af/. Accessed 17 Feb 2011.

29.

Padmanabhuni, S., V. Singh, K. Kumar, and A. Chatterjee. 2006. Preventing service oriented denial of service (PreSODoS): A proposed approach. In ICWS ’06: Proceedings of the IEEE International Conference on Web Services, 577–584, Washington, DC, 2006. IEEE Computer Society.

30.

Reid, J., A. Clark, J. Gonzalez-Nieto, J. Smith, and K. Viswanathan. 2004. Denial of service issues in voice over IP networks. In First International Conference on E-Business and Telecommunication Networks (ICETE 2004), Setubal, Portugal, 25–28 August 2004

31.

Rosenberg, J. and D. Remy. 2004. Securing web services with WS-security: Demystifying WS-security, WS-policy, SAML, XML signature, and XML encryption. SAMS Publishing.

32.

Siddiqui, B. 2002. Developing web services, Part3: SOAP interoperability. http://www.ibm.com/developerworks/webservices/library/ws-intwsdl3.html. Accessed 17 Feb 2011.

33.

Singhal, A., T. Winograd, and K. Scarfone. 2007. Guide to secure web services – Recommendations of the national institute of standards and technology. Technical report 800-95. http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf. Accessed 17 Feb 2011.

34.

Smith, J., J. Gonzalez-Nieto, and C. Boyd. 2006. Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In R. Buyya, T. Ma, R. Safavi-Naini, C. Steketee, and W. Susilo (eds) ACSW Frontiers 2006, 16–19 January 2006, Australia, Tasmania, Hobart.

35.

Snort Project, T. 2011. SNORT Users Manual. http://www.snort.org/assets/166/snort_manual.pdf.

36.

Stebila, D. and B. Ustaoglu. 2009. Towards denial-of-service-resilient key agreement protocols. In Proceedings of the 14th Australasian Conference on Information Security and Privacy (ACISP), LNCS, vol. 5594, 389–406. Springer.

37.

Suriadi, S., A. Clark, and D. Schmidt. 2010. Validating denial of service vulnerabilities in Web services. In 4th International Conference on Network and System Security (NSS), 175–182, Sept 2010.

38.

Tran, T., R. Nayak, and P. Bruza. 2008. Combining structure and content similarities for XML document clustering. In AusDM, 219–226, 2008.

39.

Vedamuthu, A., D. Orchard, F. Hirsch, M. Hondo, P. Yendluri, T. Boubez, and U. Yalçinalp. 2007. Web Services Policy 1.5 – Attachment. http://www.w3.org/TR/ws-policy-attach/. Accessed 17 Feb 2011.

40.

Vedamuthu, A., D. Orchard, F. Hirsch, M. Hondo, P. Yendluri, T. Boubez, and U. Yalçinalp. 2007. Web Services Policy 1.5 – Framework. http://www.w3.org/TR/ws-policy/. Accessed 16 Feb 2011.

Title: Denial of Service Defence Appliance for Web Services
Authors: S. Suriadi
A. Clark
H. Liu
D. Schmidt
J. Smith
D. Stebila
Publisher: Springer India
Book: An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks
Print ISBN: 978-81-322-0276-9

Electronic ISBN: 978-81-322-0277-6

Copyright Year: 2011
DOI: https://doi.org/10.1007/978-81-322-0277-6_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"