A New Security Metric for SOA Implementations

被引:0
|
作者
Larson, Dave [1 ]
Liu, Jigang [1 ]
机构
[1] Metropolitan State Univ, St Paul, MN 55106 USA
来源
2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C) | 2013年
关键词
component; Service-Oriented Architecture security; Web Serives; SOAP security; XPath Injection;
D O I
10.1109/SERE-C.2013.34
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.
引用
收藏
页码:103 / 109
页数:7
相关论文
共 50 条
  • [31] Verifying Implementations of Security Protocols by Refinement
    Polikarpova, Nadia
    Moskal, Michal
    VERIFIED SOFTWARE: THEORIES, TOOLS, EXPERIMENTS, 2012, 7152 : 50 - +
  • [32] Security for Distributed SOA at the Tactical Edge
    Maule, R. William
    Lewis, William C.
    MILITARY COMMUNICATIONS CONFERENCE, 2010 (MILCOM 2010), 2010, : 13 - 18
  • [33] Software security and SOA: Danger, Will Robinson!
    Epstein, J
    Matsumoto, S
    McGraw, G
    IEEE SECURITY & PRIVACY, 2006, 4 (01) : 80 - 83
  • [34] Security Modeling of SOA System Using Security Intent DSL
    Saleem, Muhammad Qaiser
    Jaafar, Jafreezal
    Hassan, Mohd Fadzil
    SOFTWARE ENGINEERING AND COMPUTER SYSTEMS, PT 3, 2011, 181 : 176 - 190
  • [35] Security analysis of security protocol Swift implementations based on computational model
    Meng B.
    He X.
    Zhang J.
    Yao L.
    Lu J.
    Tongxin Xuebao/Journal on Communications, 2018, 39 (09): : 178 - 190
  • [36] A Security Analysis Method for Security Protocol Implementations Based on Message Construction
    Lu, Jintian
    Yao, Lili
    He, Xudong
    Huang, Chintser
    Wang, Dejun
    Meng, Bo
    APPLIED SCIENCES-BASEL, 2018, 8 (12):
  • [37] Security Testing of Session Initiation Protocol Implementations
    Harris, Ian G.
    Alrahem, Thoulfekar
    Chen, Alex
    DiGiuseppe, Nick
    Gee, Jefferey
    Hsiao, Shang-Pin
    Mattox, Sean
    Park, Taejoon
    Selvaraj, Saravanan
    Tam, Albert
    Carlsson, Marcel
    ISECURE-ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2009, 1 (02): : 91 - 103
  • [38] Does Coupling Affect the Security of Masked Implementations?
    De Cnudde, Thomas
    Bilgin, Begul
    Gierlichs, Benedikt
    Nikov, Ventzislav
    Nikova, Svetla
    Rijmen, Vincent
    CONSTRUCTIVE SIDE-CHANNEL ANALYSIS AND SECURE DESIGN, 2017, 10348 : 1 - 18
  • [39] Hardware Implementations of Pairings at Updated Security Levels
    Lavice, Arthur
    El Mrabet, Nadia
    Berzati, Alexandre
    Rigaud, Jean-Baptiste
    Proy, Julien
    SMART CARD RESEARCH AND ADVANCED APPLICATIONS (CARDIS 2021), 2022, 13173 : 189 - 209
  • [40] Formal verification of security protocol implementations: a survey
    Avalle, Matteo
    Pironti, Alfredo
    Sisto, Riccardo
    FORMAL ASPECTS OF COMPUTING, 2014, 26 (01) : 99 - 123
12345