A new customizable security framework for preventing WSDL attacks
The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Conference or Workshop Item |
| Published: |
Institute of Electrical and Electronics Engineers Inc.
2016
|
| Online Access: | https://www.scopus.com/inward/record.uri?eid=2-s2.0-84995593506&doi=10.1109%2fISMSC.2015.7594022&partnerID=40&md5=0aa1b32c17b9a35826d0aa694bd10345 http://eprints.utp.edu.my/30922/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknologi Petronas |
| id |
my.utp.eprints.30922 |
|---|---|
| record_format |
eprints |
| spelling |
my.utp.eprints.309222022-03-25T07:43:40Z A new customizable security framework for preventing WSDL attacks Ibrahim, B.M. Hassan, M.F. The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically. © 2015 IEEE. Institute of Electrical and Electronics Engineers Inc. 2016 Conference or Workshop Item NonPeerReviewed https://www.scopus.com/inward/record.uri?eid=2-s2.0-84995593506&doi=10.1109%2fISMSC.2015.7594022&partnerID=40&md5=0aa1b32c17b9a35826d0aa694bd10345 Ibrahim, B.M. and Hassan, M.F. (2016) A new customizable security framework for preventing WSDL attacks. In: UNSPECIFIED. http://eprints.utp.edu.my/30922/ |
| institution |
Universiti Teknologi Petronas |
| building |
UTP Resource Centre |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Petronas |
| content_source |
UTP Institutional Repository |
| url_provider |
http://eprints.utp.edu.my/ |
| description |
The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically. © 2015 IEEE. |
| format |
Conference or Workshop Item |
| author |
Ibrahim, B.M. Hassan, M.F. |
| spellingShingle |
Ibrahim, B.M. Hassan, M.F. A new customizable security framework for preventing WSDL attacks |
| author_facet |
Ibrahim, B.M. Hassan, M.F. |
| author_sort |
Ibrahim, B.M. |
| title |
A new customizable security framework for preventing WSDL attacks |
| title_short |
A new customizable security framework for preventing WSDL attacks |
| title_full |
A new customizable security framework for preventing WSDL attacks |
| title_fullStr |
A new customizable security framework for preventing WSDL attacks |
| title_full_unstemmed |
A new customizable security framework for preventing WSDL attacks |
| title_sort |
new customizable security framework for preventing wsdl attacks |
| publisher |
Institute of Electrical and Electronics Engineers Inc. |
| publishDate |
2016 |
| url |
https://www.scopus.com/inward/record.uri?eid=2-s2.0-84995593506&doi=10.1109%2fISMSC.2015.7594022&partnerID=40&md5=0aa1b32c17b9a35826d0aa694bd10345 http://eprints.utp.edu.my/30922/ |
| _version_ |
1738657175569432576 |