Policy-driven and Content-based Web Services Security Gateway

German Journal of Agricultural Economics (Online) (Impact Factor: 0.28). 01/2009; 62(3).
Source: DOAJ


Web Services are widely used to provide services and exchange data among business units, customers, partners and suppliers for enterprises. Although Web Services significantly improve the interaction and development of processes in the business world, they raise several security concerns, since they greatly increase the exposure of critical enterprise data. Web Services exchange data using SOAP messages that are based on the interoperable XML language. We have previously introduced XPRIDE as an enhanced security architecture for assuring confidentiality and integrity of SOAP messages. XPRIDE uses content-based encryption to secure SOAP messages based on their XML content, and depends on security policies to define the parts of the SOAP message that need to be encrypted. Security policies are defined by administrators for each Web Service that needs to be secured. This paper extends XPRIDE using a modular design approach to ensure extensibility, such that new modules can be developed and deployed to handle the security of different types of data. In addition, we show a new implementation of XPRIDE as a gateway capable of applying content-based security on attachments of SOAP messages, where a single gateway serves several web servers in a web farm. These new features significantly improve the security, scalability, and deployability of XPRIDE.

Download full-text


Available from: Ali Chehab,
  • [Show abstract] [Hide abstract]
    ABSTRACT: Today networks are interconnected wired and wireless network. With the explosive growth and increasing complexity of network applications, malware attacks such as worm attack against network are critical. Although of the evolution of worm detection techniques, worms are still the most malware threats attacking computer systems. Early detection of unknown worms is still a problem. Swarm Intelligence (SI) in recent patents seeks inspiration in the behavior of swarms of insects or other animals such as ants. SI is applied in other fields with success. We used it in the field of worm detection. Artificial neural networks may either be used to gain an understanding of biological neural networks, or for solving artificial intelligence problems without necessarily creating a model of a real biological system. This paper introduces a system for detecting unknown worms based on the collected information from local victim using Particle Swarm Optimization (PSO) and Artificial Neural Network (ANN). This system can detect unknown worms effectively in both small and large size networks. In addition, this system produces prediction to the infection percentage in the network. This prediction mechanism supports the network administrator in decision-making process to respond quickly to worm propagation accurately.
    06/2014; 7(1). DOI:10.2174/2213275907666140612003641
  • [Show abstract] [Hide abstract]
    ABSTRACT: Injection attacks are dangerous and ubiquitous, contributing enormously to some of the most elaborate Web hacks. Enforcing proper input validation is an effective countermeasure to improve injection flaws. Unless a web application has a strong, centralized mechanism for validating all input from HTTP requests, injection flaws are very likely to exist. However, improper constraining rules may induce some detection error. False negatives may render security risks and false positives will cause improper limits of input characters. In this paper, we design an auto-tuning system to help validating input for each vulnerable injection point. A proper validation rule can be automatically generated through an auto-tuning mechanism. The experimental results show that the system can effectively protect against injection attacks and lower false positives while compared with traditional methods.