Title :
Information Flow Analysis of Web Service Net
Author :
Jin-Liang, Xing ; Xiao-Hong, Li ; Yan, Cao ; Zhi-Yong, Feng ; Ran, Liu
Author_Institution :
Sch. of Comput. Sci. & Technol., Master Tianjin Univ., Tianjin, China
fDate :
June 29 2010-July 1 2010
Abstract :
A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface information flow; critical information is checked to see whether it is disclosed through the interface information flow. Vulnerability proliferation of a service net is found through analyzing process of interface calling between two web services in which the critical information is transmitted and disclosed. A security report describing test results of a test scene is provided to verify the correctness of security analysis process.
Keywords :
Web services; program diagnostics; security of data; Web service net; Web service protocol; Web service security analysis model; information flow analysis; program slicing; service interfaces; source code; Analytical models; Data mining; Driver circuits; Global Positioning System; Security; Software; Web services; program slicing; service net; vulnerability proliferation; web service security;
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
DOI :
10.1109/CIT.2010.287
