A New Security Metric for SOA Implementations

被引:0
|
作者
Larson, Dave [1 ]
Liu, Jigang [1 ]
机构
[1] Metropolitan State Univ, St Paul, MN 55106 USA
来源
2013 IEEE 7TH INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY - COMPANION (SERE-C) | 2013年
关键词
component; Service-Oriented Architecture security; Web Serives; SOAP security; XPath Injection;
D O I
10.1109/SERE-C.2013.34
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.
引用
收藏
页码:103 / 109
页数:7
相关论文
共 50 条
  • [41] Formal security policy implementations in network firewalls
    Macfarlane, Richard
    Buchanan, William
    Ekonomou, Elias
    Uthmani, Omair
    Fan, Lu
    Lo, Owen
    COMPUTERS & SECURITY, 2012, 31 (02) : 253 - 270
  • [42] Microgrids: Technical and Security Recommendations for Future Implementations
    Chasaki, Danai
    Kondrath, Nisha
    2014 IEEE INTERNATIONAL CONFERENCE ON CONSUMER ELECTRONICS (ICCE), 2014, : 315 - 316
  • [43] Security analysis of network access control implementations
    Cetin, F.
    Dagonnier, T.
    Oechslin, P.
    RELIABILITY, RISK AND SAFETY: THEORY AND APPLICATIONS VOLS 1-3, 2010, : 1907 - 1914
  • [44] An improvement of both security and reliability for AES implementations
    Bedoui, Mouna
    Mestiri, Hassen
    Bouallegue, Belgacem
    Hamdi, Belgacem
    Machhout, Mohsen
    JOURNAL OF KING SAUD UNIVERSITY-COMPUTER AND INFORMATION SCIENCES, 2022, 34 (10) : 9844 - 9851
  • [45] A Qualitative Approach to Effort Judgment for Web Service Composition based SOA Implementations
    Li, Zheng
    O'Brien, Liam
    25TH IEEE INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS (AINA 2011), 2011, : 586 - 593
  • [46] An Electronic Commerce Security Model Based on SOA
    Yu, Xin
    Li, Ping
    PROCEEDINGS OF THE SECOND INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY, VOL I, 2009, : 142 - 145
  • [47] ISOAS: Through an independent SOA security specification
    Larrucea, Xabier
    Alonso, Ruben
    SEVENTH INTERNATIONAL CONFERENCE ON COMPOSITION-BASED SOFTWARE SYSTEMS, PROCEEDINGS, 2008, : 92 - 100
  • [48] A Proposed Security Service Set for VANET SOA
    Ibrahim, Safi
    Hamdy, Mohamed
    Shaaban, Eman
    2015 IEEE SEVENTH INTERNATIONAL CONFERENCE ON INTELLIGENT COMPUTING AND INFORMATION SYSTEMS (ICICIS), 2015, : 649 - 653
  • [49] Evaluating the Capabilities of SOA Security Testing Tools
    Kabbani, Nawwar
    Tilley, Scott
    2011 IEEE INTERNATIONAL SYSTEMS CONFERENCE (SYSCON 2011), 2011, : 129 - 134
  • [50] Use of Data Mining to Enhance Security for SOA
    El Yamany, Hany F.
    Capretz, Miriam A. M.
    THIRD 2008 INTERNATIONAL CONFERENCE ON CONVERGENCE AND HYBRID INFORMATION TECHNOLOGY, VOL 1, PROCEEDINGS, 2008, : 551 - 558
12345