A New Security Metric for SOA Implementations

被引:0
|
作者
Larson, Dave [1 ]
Liu, Jigang [1 ]
机构
[1] Metropolitan State Univ, St Paul, MN 55106 USA
来源
2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C) | 2013年
关键词
component; Service-Oriented Architecture security; Web Serives; SOAP security; XPath Injection;
D O I
10.1109/SERE-C.2013.34
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.
引用
收藏
页码:103 / 109
页数:7
相关论文
共 50 条
  • [1] An Ontological Approach to Connecting SOA Implementations
    McGregor, Wesley
    E-TECHNOLOGIES-INNOVATION IN AN OPEN WORLD, 2009, 26 : 40 - +
  • [2] Towards Interdisciplinary Approach to SOA Implementations
    Li, Zheng
    Zhang, He
    O'Brien, Liam
    EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING, ENASE 2011, 2013, 275 : 185 - 202
  • [3] TOWARDS TECHNOLOGY INDEPENDENT STRATEGIES FOR SOA IMPLEMENTATIONS
    Li, Zheng
    Zhang, He
    O'Brien, Liam
    ENASE 2011: PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL APPROACHES TO SOFTWARE ENGINEERING, 2011, : 143 - 154
  • [4] Service Oriented Architecture (SOA) Concepts and Implementations
    Sward, Ricky E.
    SIGADA 2009: PROCEEDINGS OF THE ACM INTERNATIONAL CONFERENCE ON ADA AND RELATED TECHNOLOGIES, 2009, : 15 - 15
  • [5] WiMAX Network Security Plan Open Target for New Implementations
    Dogaru, Catalin-Teodor
    PROCEEDINGS OF THE 2010 8TH INTERNATIONAL CONFERENCE ON COMMUNICATIONS (COMM), 2010, : 431 - 434
  • [6] A new approach on interactive SOA security model based on automata
    Amouzegar, Hamidreza
    Mohammadi, Shahriar
    Tarokh, Mohammad Jafar
    Hidaji, Anahita Naghilouye
    7TH IEEE/ACIS INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION SCIENCE IN CONJUNCTION WITH 2ND IEEE/ACIS INTERNATIONAL WORKSHOP ON E-ACTIVITY, PROCEEDINGS, 2008, : 667 - 671
  • [7] Runtime Monitoring of SOA Applications: Importance, Implementations and Challenges
    Safy, Farag Zakaria
    El-Ramly, Mohammad
    Salah, Akram
    2013 IEEE SEVENTH INTERNATIONAL SYMPOSIUM ON SERVICE-ORIENTED SYSTEM ENGINEERING (SOSE 2013), 2013, : 315 - 319
  • [8] Certification and accreditation of SOA implementations: Programmatic rules for the DoD
    Scott, Anthony David
    Malloy, Michael
    Clay, Peter
    Masone, Mark
    CrossTalk, 2009, 22 (11-12): : 19 - 24
  • [9] Service-Oriented Architecture (SOA) Concepts and Implementations
    Sward, Ricky E.
    Boleng, Jeff
    SIGADA 2011: PROCEEDINGS OF THE 2011 ACM INTERNATIONAL CONFERENCE ON ADA AND RELATED TECHNOLOGIES, 2011, : 3 - 4
  • [10] Security Analysis of ElGamal Implementations
    El Laz, Mohamad
    Gregoire, Benjamin
    Rezk, Tamara
    PROCEEDINGS OF THE 17TH INTERNATIONAL JOINT CONFERENCE ON E-BUSINESS AND TELECOMMUNICATIONS (SECRYPT), VOL 1, 2020, : 310 - 321
12345