Title :
API based security solutions for communication among web services
Author :
Rajaram, A. Kanchana ; Babu, B. Chitra ; Kishore Kumar R, C.
Author_Institution :
Comput. Sci. & Eng. Dept., SSN Coll. of Eng., Chennai, India
Abstract :
The popularity of web services has largely influenced the way in which enterprise business is conducted. Since web services enable easy accessibility of data, dynamic connections, and relatively less human interventions, ensuring confidentiality and integrity of data that is transmitted via web services protocols becomes more significant. If a single service does not fulfill the service consumer requirements, it is necessary to compose several web services, which together satisfy the user requirements. Security attacks occur on SOAP messages that are communicated among web services while accessing a service or during service composition. Most of the existing works on web services security have provided solutions only for ensuring client authentication, confidentiality, and integrity of information in network layer and not in application layer. WS-Security and XML based web service security also provides message layer security in network layer and not in application layer. Hence, a novel approach that prevents the message alteration attack on SOAP messages and a security solution that detects and overcomes XML injection attack have been proposed in this paper. Our approach uses pluggable APIs in the service provider side and security services in the middleware side. The attacks were simulated and non-vulnerability of the proposed solutions to these attacks have been verified.
Keywords :
Web services; XML; authorisation; business data processing; computer network security; data integrity; message authentication; middleware; API-based security solutions; SOAP messages; WS-Security; Web service protocol; Web service security; XML injection attack detection; XML-based Web service security; client authentication; data accessibility; data confidentiality; data integrity; dynamic connections; enterprise business; information confidentiality; information integrity; message alteration attack; message layer security; middleware; network layer; security attacks; service composition; service provider; user requirement satisfaction; Computer science; Computers; Cryptography; Educational institutions; Electronic mail; Simple object access protocol; Web servers; API; Composition; Message Alteration Attack; Security; Web Services; XML Injection Attack;
Conference_Titel :
Advanced Computing (ICoAC), 2013 Fifth International Conference on
Conference_Location :
Chennai
Print_ISBN :
978-1-4799-3447-8
DOI :
10.1109/ICoAC.2013.6922014