Top

Published in:

2020 | OriginalPaper | Chapter

WS-SM: Web Services - Secured Messaging Framework with Pluggable APIs

Authors : Kanchana Rajaram, Chitra Babu

Published in: Computational Intelligence in Data Science

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Dynamic composition of web services is important in B2B applications where user requirements and business policies change and new services get added to the service registry frequently. In a dynamic composition environment, ensuring the security of messages communicated among the web services becomes challenging since, several attacks are possible on SOAP messages in the public network due to their standardized interfaces. Most of the existing works on web services security provide solutions to ensure basic security features such as confidentiality, integrity, authentication, authorization, and non-repudiation. Few existing works that provide solutions such as schema validation and schema hardening for attacks on web services do not provide attack-specific solutions. The web services security standard and all the existing works have addressed only the security of messages between a client and a single web service but not the security for messages between two services which is quite challenging. Hence, a security framework for secured messaging among web services has been proposed to provide attack-specific solutions. Since new types of web service attacks are evolving over time, the proposed security solutions are implemented as APIs that are pluggable in any server where the web service is deployed. The proposed framework has been tested for compliance with WSI-BP to demonstrate its interoperability and subjected to vulnerability testing which proved its immunity to attacks. The stress testing results revealed that the throughput decreased only by 35% achieving a good trade-off between performance and security.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Driveable Area Detection Using Semantic Segmentation Deep Neural Network

next chapter Online Product Recommendation System Using Multi Scenario Demographic Hybrid (MDH) Approach

Layer7 Technology, (2013), http://www.layer7tech.com/solutions/web-api-attack-protection.

IBM WSSAPI, (2014), https://www.ibm.com/support/knowledgecenter/SSEQTP_8.5.5/com.ibm.websphere.base.doc/ae/cwbs_wss_api.html.

Encryption Algorithm, (2014), https://www.princeton.edu/~ota/disk2/1987/8706/870612.PDF.

Principal Spoofing, (2014), https://capec.mitre.org/data/definitions/195.html.

XML Signature, (2013), http://www.xml.com/pub/a/2001/08/08/xmldsig.html.

WS-I Basic Security Profile, (2007), http://ws-i.org/Profiles/BasicProfile-2.0-2010-11-09.html.

WS-I Basic Security Profile Tool, (2009), http://www.ws-i.org/deliverables/workinggroup.aspx?wg=testingtools.

Eston, T., J. Abraham, and K. Johnson.: Dont Drop the SOAP: Real World Web Service Testing. Retrieved July 6, 2013.

WS-Attacker, (2013), http://sourceforge/p/ws-attacker/wiki/Home.

WSBang Testing Tool, (2014), https://www.isecpartners.com/tools/application-security/wsbang.aspx.

Erl, T.: Service-Oriented Architecture concept, Technology, and Design. Pearson Education, London (2006)

Schmelzer, R., Vandersypen, T.: XML and Web Services Unleashed. Sams Publication, Chennai (2002)

Cerami, E.: Web Services Essentials: Distributed Applications with XML-RPC, SOAP, UDDI & WSDL. O’Reilly Media, Inc., Sebastopol (2002)

Singhal, A., Winograd, T., Scarfone, K.: Guide to secure web services. Technical report of National Institute of Standards and Technology, Special Publication 800-95 (2007)

Lemos, A.L., Daniel, F., Benatallah, B.: Web service composition: a survey of techniques and tools. ACM Comput. Surv. (CSUR) 48(3), 1–41 (2016). Article No. 33

Mouli, V.R., Jevitha, K.P.: Web services attacks and security - a systematic literature review. Procedia Comput. Sci. 93, 870–877 (2016)

Masood, A., Java, J.: Static analysis for web service security - tools & techniques for a secure development life cycle. In: IEEE International Symposium on Technologies for Homeland Security (HST), pp. 1–6 (2015)

Jensen, M., Gruschka, N., Herkenhoner, R.: A survey of attacks on web services - classification and countermeasures. Comput. Sci. Res. Dev. (CSRD) 24(4), 189–197 (2009). https://doi.org/10.1007/s00450-009-0092-6

Nordbotten, N.A.: XML and web services security standards. IEEE Commun. Surv. Tutorials 11(3), 4–21 (2009)MathSciNetCrossRef

10.

Alotaibi, S.J.: Toward a secure web service by using WS-security specifications. J. Comput. Theoret. Nanosci. 14(8), 3837–3842 (2017)

11.

Thelin, J., Murray, P.J.: A public web services security framework based on current and future usage scenarios. In: International Conference on Internet Computing, pp. 825–833 (2002)

12.

Yue, H., Tao, X.: Web services security problem in service-oriented architecture. In: International Conference on Applied Physics and Industrial Engineering, vol. 24, no. 9, pp. 1635–1641 (2001)

13.

Kumar, R.K., Kanchana, R., Babu, C.: Security for SOAP based communication among web service. In: IJCA Proceedings on International Conference on Science. Engineering and Management (ICSEM 2013), pp. 46–51. Foundation of Computer Science, USA (2013)

14.

Altaani, N.A., Jaradat, A.S.: Security analysis and testing in service oriented architecture. Int. J. Sci. Eng. Res. 3(2), 1–9 (1981)

15.

Mainka, C., Somorovsky, J., Schwenk, J.: Penetration testing tool for web service security. In: IEEE 8th World Congress on Services, pp. 163–170 (2012)

16.

Salas, M.I.P., Martins, E.: Security testing methodology for vulnerabilities detection of XSS in web services and WS-security. Electron. Notes Theoret. Comput. Sci. 302, 133–154 (2014)CrossRef

17.

Lowis, L., Accorsi, R.: Vulnerability analysis in SOA-based business processes. IEEE Trans. Serv. Comput. 4(3), 230–242 (2011)CrossRef

Title: WS-SM: Web Services - Secured Messaging Framework with Pluggable APIs
Authors: Kanchana Rajaram
Chitra Babu
Publisher: Springer International Publishing
Book: Computational Intelligence in Data Science
Print ISBN: 978-3-030-63466-7

Electronic ISBN: 978-3-030-63467-4

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-63467-4_19

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner