Policy-driven and Content-based Web Services Security Gateway
ABSTRACT Web Services are widely used to provide services and exchange data among business units, customers, partners and suppliers for enterprises. Although Web Services significantly improve the interaction and development of processes in the business world, they raise several security concerns, since they greatly increase the exposure of critical enterprise data. Web Services exchange data using SOAP messages that are based on the interoperable XML language. We have previously introduced XPRIDE as an enhanced security architecture for assuring confidentiality and integrity of SOAP messages. XPRIDE uses content-based encryption to secure SOAP messages based on their XML content, and depends on security policies to define the parts of the SOAP message that need to be encrypted. Security policies are defined by administrators for each Web Service that needs to be secured. This paper extends XPRIDE using a modular design approach to ensure extensibility, such that new modules can be developed and deployed to handle the security of different types of data. In addition, we show a new implementation of XPRIDE as a gateway capable of applying content-based security on attachments of SOAP messages, where a single gateway serves several web servers in a web farm. These new features significantly improve the security, scalability, and deployability of XPRIDE.
Full-textDOI: · Available from: Ali Chehab, May 29, 2015
[Show abstract] [Hide abstract]
ABSTRACT: This document defines a declarative, object-oriented language for specifying policies for the securityand management of distributed systems. The language includes constructs for specifying thefollowing basic policy types: authorisation policies that define permitted actions; event-triggeredobligation policies that define actions to be performed by manager agents; refrain policies that defineactions that subjects must refrain from performing; and delegation policies that define what...
Article: The tls protocol: version 1
Conference Paper: XPRIDE: Policy-driven web services security based on XML content[Show abstract] [Hide abstract]
ABSTRACT: In this paper we present XPRIDE as an efficient security architecture for assuring the confidentiality and integrity of the XML-based SOAP messages in Web Services. The policy-based approach employed in XPRIDE can be easily configured and modified to provide security according to the content and sensitivity of the data. Implementation shows that XPRIDE has considerable performance gains over existing bulk encryption protocols such as SSL and over existing policy-based solutions such as WS-Security. XPRIDE is designed as a platform-independent architecture and can be seamlessly integrated into existing application servers.Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE; 12/2007