• DocumentCode
    3126851
  • Title

    A Stateful Web Service Firewall for BPEL

  • Author

    Gruschka, N. ; Jensen, M. ; Luttenberger, N.

  • Author_Institution
    Christian-Albrechts-Univ. of Kiel, Kiel
  • fYear
    2007
  • fDate
    9-13 July 2007
  • Firstpage
    142
  • Lastpage
    149
  • Abstract
    Today, the Business Process Execution Language (BPEL) is the most emerging specification for Web Service Composition, which is an important part of the SOA paradigm. Defining a stateful communication protocol, BPEL enables potential for new security vulnerabilities. In this paper, we present a severe Denial-of-Service attack on a leading BPEL engine, illustrating new threats on availability in the context of BPEL. Derived from our observations, we developed a protection concept and implemented an application level firewall fending these types of attacks.
  • Keywords
    Web services; authorisation; business data processing; software architecture; BPEL; SOA paradigm; Web service composition; business process execution language; denial-of-service attack; stateful Web service firewall; stateful communication protocol; Access protocols; Availability; Business communication; Computer crime; Protection; Search engines; Security; Service oriented architecture; Web server; Web services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Web Services, 2007. ICWS 2007. IEEE International Conference on
  • Conference_Location
    Salt Lake City, UT
  • Print_ISBN
    0-7695-2924-0
  • Type

    conf

  • DOI
    10.1109/ICWS.2007.173
  • Filename
    4279593
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3126851