A new quantitative model for web service security

Author

Banaei, O. ; Khorsandi, Siavash

Author_Institution

Comput. Eng. & Inf. Technol. Dept., Amirkabir Univ. of Technol. (Tehran Polytech.), Tehran, Iran

fYear

2012

fDate

9-11 Nov. 2012

Firstpage

749

Lastpage

755

Abstract

Security is one of important QoS properties of web services that need to be quantified. Quantifying Security can help both in selecting among published web services and also in assessing security weaknesses of services by service providers. In this paper we propose a three level hierarchical architecture for web service security. In this architecture we consider all of important aspects of security that they are: authentication, integrity, authorization, confidentiality, availability and non-repudiation. For each aspect is considered the most important web service threats. Furthermore we consider likelihood and impact factor for each threat. Then we compute weight of each impact with using AHP and finally total security index is computed with weighted averaging.

Keywords

Web services; analytic hierarchy process; authorisation; message authentication; quality of service; service-oriented architecture; AHP; QoS properties; SOA; Web service security; Web service threat; authentication; authorization; confidentiality; impact factor; integrity; likelihood factor; nonrepudiation; security index; security weakness assessment; service provider; three level hierarchical architecture; Risk Analysis; SOA; Security; Web Service;

fLanguage

English

Publisher

ieee

Conference_Titel

Communication Technology (ICCT), 2012 IEEE 14th International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4673-2100-6

Type

conf

DOI

10.1109/ICCT.2012.6511304

Filename

6511304