Title :
A New SOA Security Framework Defending Web Services against WSDL Attacks
Author :
Shahgholi, Narges ; Mohsenzadeh, Mehran ; Seyyedi, MirAli ; Qorani, S.H.
Author_Institution :
Dept. of Comput. Eng., Islamic Azad Univ., Tehran, Iran
Abstract :
Service Oriented Architecture is an architectural paradigm and discipline that may be used to build infrastructures enabling those with needs (consumers) and those with capabilities (providers) to interact via services across disparate domains of technology and ownership. Besides SOAP and UDDI, which make the foundation of SOA, WSDL also plays an important role in this architecture. So far, in most of the security solutions that have been offered for SOA, providing security of SOAP messages has been the main objective. But in this article, the security view has been changed to WSDL files. So a new framework has been proposed which aims to protect Web services against WSDL attacks. Additionally to the best of our knowledge at the time of the writing of this article no other practical solution has been suggested in order to secure Web services WSDL files in SOA environment. Also, in order to provide security requirements, a new extension of WSDL file in the suggested framework has been offered.
Keywords :
Web services; security of data; service-oriented architecture; SOA security framework; SOAP; UDDI; WSDL attacks; Web services; service oriented architecture; Encryption; Public key; Service oriented architecture; XML; SOA; WSDL; Web service; XML; XML encryption XKMS;
Conference_Titel :
Privacy, Security, Risk and Trust (PASSAT) and 2011 IEEE Third Inernational Conference on Social Computing (SocialCom), 2011 IEEE Third International Conference on
Conference_Location :
Boston, MA
Print_ISBN :
978-1-4577-1931-8
DOI :
10.1109/PASSAT/SocialCom.2011.132
