CFP last date
20 May 2024
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Modeling the Evaluation Criteria for Security Patterns in Web Service Discovery

by V.Prasath
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 1 - Number 13
Year of Publication: 2010
Authors: V.Prasath
10.5120/282-444

V.Prasath . Modeling the Evaluation Criteria for Security Patterns in Web Service Discovery. International Journal of Computer Applications. 1, 13 ( February 2010), 53-60. DOI=10.5120/282-444

@article{ 10.5120/282-444,
author = { V.Prasath },
title = { Modeling the Evaluation Criteria for Security Patterns in Web Service Discovery },
journal = { International Journal of Computer Applications },
issue_date = { February 2010 },
volume = { 1 },
number = { 13 },
month = { February },
year = { 2010 },
issn = { 0975-8887 },
pages = { 53-60 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume1/number13/282-444/ },
doi = { 10.5120/282-444 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:46:29.613385+05:30
%A V.Prasath
%T Modeling the Evaluation Criteria for Security Patterns in Web Service Discovery
%J International Journal of Computer Applications
%@ 0975-8887
%V 1
%N 13
%P 53-60
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Current trends in performing business-to-business transactions and enterprise application integration have been extended to the use of web service. With web services being accepted and deployed in both research and industrial areas, the security related issues become important. Web services security has attracted the attention of researchers in the area of security due to the proven fact that most attacks to businesses and organizations exploit web service vulnerabilities. The main goal of this research is to achieve security concept of the web service can be summarized to this single value. In this paper, we evaluate common security patterns with respect to the STRIDE model of attacks by examining the attacks performed in different web services system. In order to evaluate security we introduce a new measure for the computation of a security rating of web service based on STRIDE test case model such that the security concept of the system can be summarized to single value. The overall severity for the risk that can expressed in measurable way.

References
  1. Bin Xu, Tao Li, Zhifeng Gu, Gang Wu “Quick Web Service Discovery and Composition in SEWSIP”, Proceedings of the 8th IEEE International Conference on E-Commerce Technology and the 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE’06).
  2. Garofalakis, J., Panagis, Y., Sakkopoulos, E., Tsakalidis, A., “Web Service Discovery Mechanisms: Looking for a Needle in a Haystack?”, International Workshop on Web Engineering, 2004.
  3. Jeffrey R. Williams and George F. Jelen, “A Practical Approach to Measuring Assurance”, Document Number ATR 97043, Arca Systems, Inc., 23 April 1998.
  4. Aabhas V. Paliwal, Nabil R. Adam, Hui Xiong, Christof Bornhövd “Web Service Discovery via Semantic Association Ranking and Hyperclique Pattern Discovery”, Proceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06).
  5. J. Viega and G. McGraw, Building Secure Software, How to Avoid Security Problems the Right Way, Addison Wesley, 2002
  6. G. Hoglund and G. McGraw, Exploiting Software, How to Break Code, Addison Wesley, 2004.
  7. M. Howard and D. LeBlanc, Writing Secure Code, Microsoft Press, 2002.
  8. Vu, L., Hauswirth, M., and Aberer, K. (2005). “QoSbased service selection and ranking with trust and reputation management”. In Proc. of the Intl. conf. on Cooperative Information Systems (CoopIS), Agia apa, Cyprus.
  9. Colin Atkinson, Philipp Bostan, Oliver Hummel and Dietmar Stoll, “A Practical Approach to Web Service Discovery and Retrieval”,IEEE International conference on Web Services (ICWS 2007).
  10. J. Scambray and M. Shema, Hacking Exposed Web Applications, McGrawHill, 2002
  11. http://www.softpedia.com/get/Authoring-tools/Authoring-Related/SOAPSonar-Enterprise-Edition.shtml
  12. S. Chen, J. Zic, K. Tang, and D. Levy. Performance evaluationand modeling of Web services security. In Proceedings of the IEEE International Conference on Web Services (ICWS’07), pages 431–438, 2007.
  13. H. Liu, S. Pallickara, and G. Fox. Performance of Web services security. In 13th Annual Mardi Gras Conference, Baton Rouge, Lousiana, USA, Feburay 2005.
  14. M. B. Juric, I. Rozman, B. Brumen, M. Colnaric, and M. Hericko. Comparison of performance of Web services,WS-Security, RMI, and RMI-SSL. Journal of Systems and Software, 79(5):689–700, 2006.
  15. S. Makino, K. Tamura, T. Imamura, and Y. Nakamura. Implementation and performance of WS-Security. Int. J. Web Service Res., 1(1):58–72, 2004.
  16. A. Moralis, V. Pouli, M. Grammatikou, S. Papavassiliou, V. Maglaris. Performance comparison of Web services security: Kerberos token profile against X.509 token profile. In ICNS ’07: Proceedings of the Third International Conference on Networking and Services, page 28, Washington,DC, USA, 2007. IEEE Computer Society.
  17. H. Liu, S. Pallickara, and G. Fox. Performance of Web services security. In 13th Annual Mardi Gras Conference, Baton Rouge, Lousiana, USA, Feburay 2005.
  18. Network Working Group. The Transport LayerProtocol Version1.1 (RFC4346). Available at http://www.faqs.org/rfcs/rfc4346.html.
  19. Oasis Consortium. WS-Security specification, 2004. Available from www.oasis-open.org.
  20. Weippl, 2005. Weippl, E.R.: Security in E-Learning,Learn Magazine, Association for Computing achinery (ACM), article from 16/03/05, URL:http://elearnmag .org, visited: 01/03/2006.
  21. Voydock/Kent, 1983. Voydock, V.L.; Kent, S.T.: Security Mechanisms in High-Level Network Protocols, ACM Computing Surveys, Vol. 15, No. 2, Juni 1983, pp. 135-171.
  22. MSDN (n. d.). Evaluating security threats. Retrieved March 1, 2006 from http://msdn2.microsoft.com/en-us/library(d=robot)/ms172104.aspx
  23. href="http://www.owasp.org/index.php?title=Threat_ Risk_Modeling.
  24. D. Box, D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. (2000, May 8). Simple Object Access Protocol (SOAP) 1.1. W3C Standard. [Online]. Available at http://www.w3c.org/TR/SOAP.
  25. Netscape Corporation. (1998, October 10). Netscape DevEdge. [Online]. Available at http://developer.netscape.com/docs/manuals/security/sslin/index.htm
  26. Martin G. Nystrom,“Securing Web Services”, Graduate Programs, North Carolina State University W3C Standard. [Online]. Available at http://www.w3c.org/TR/SOAP.
Index Terms

Computer Science
Information Sciences

Keywords

Risk analysis Stride WSSecurity Security rating Web service discovery

Powered by PhDFocusTM