Title :
A new security framework against Web services´ XML attacks in SOA
Author :
Shahgholi, Narges ; Seyyedi, Mir Ali ; Mohsenzadeh, Mehran ; Qorani, Saleh Hafez
Author_Institution :
Dept. of Comput. Eng., Islamic Azad Univ. North Tehran Branch, Tehran, Iran
Abstract :
Service-Oriented Architecture (SOA) is an architectural style whose primary goal is to achieve minimal dependency among interacting software agents. And as with all new technologies, it comes with its share of challenges. Of particular difficulty is the challenge of securing a service oriented system. Since Web services supply a significant way to provide SOA requirements, any brought up issues, like security of SOA, can be related to Web services. On the other hand, Web services are well-known XML1_based technologies. So the security of Web services can be directly affected by XML security. In this study, a new security framework is proposed which aims to defend main XML threats, especially WSDL attacks in an SOA environment. To the best of our knowledge, it is for the first time that such a practical solution has been offered, which not only handle one aspect of XML vulnerabilities like SOAP2 messages but, also try to defend WSDL3 threats, in an SOA environment.
Keywords :
Web services; XML; security of data; service-oriented architecture; software agents; SOA; WSDL attacks; Web services XML attacks; XML security; security framework; service-oriented architecture; software agents; Encryption; Public key; Service oriented architecture; XML; SOA; WSDL; Web service; XKMS XML encryption; XML; XML signature;
Conference_Titel :
Next Generation Web Services Practices (NWeSP), 2011 7th International Conference on
Conference_Location :
Salamanca
Print_ISBN :
978-1-4577-1125-1
DOI :
10.1109/NWeSP.2011.6088197
