An extended XACML model to ensure secure information access for web services

被引:5
|
作者
Chou, Shih-Chien [1 ]
Huang, Chun-Hao [1 ]
机构
[1] Natl Dong Hwa Univ, Dept Comp Sci & Informat Math, Hsinchu, Taiwan
来源
JOURNAL OF SYSTEMS AND SOFTWARE | 2010年 / 83卷 / 01期
关键词
Web service; Information flow control; Security; Prevent information leakage; OBJECT-ORIENTED SYSTEMS; FLOW CONTROL;
D O I
10.1016/j.jss.2009.06.045
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just "allow or reject" policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service. (C) 2009 Elsevier Inc. All rights reserved.
引用
收藏
页码:77 / 84
页数:8
相关论文
共 50 条
  • [1] An Extended XACML Model to Secure Biological Web Services using Access Control Policies.
    Nirmalrani, V
    Saravanan, P.
    Sakthivel, P.
    RESEARCH JOURNAL OF PHARMACEUTICAL BIOLOGICAL AND CHEMICAL SCIENCES, 2016, 7 (03): : 1459 - 1466
  • [2] The Research of Access Process in Web Services Based on XACML
    Dai, Changying
    Gong, Wentao
    Liu, Jing
    2010 2ND INTERNATIONAL WORKSHOP ON DATABASE TECHNOLOGY AND APPLICATIONS PROCEEDINGS (DBTA), 2010,
  • [3] Secure access to personalized web services
    Barone, GB
    Margarita, N
    Mazzeo, A
    Mazzocca, N
    Romano, L
    2001 PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING, PROCEEDINGS, 2001, : 266 - 269
  • [4] A SAML/XACML based Access Control between Portal and Web Services
    Yin, Hao
    Zhou, Jiliu
    Wu, Huilin
    Yu, Liang
    PROCEEDINGS OF THE FIRST INTERNATIONAL SYMPOSIUM ON DATA, PRIVACY, AND E-COMMERCE, 2007, : 356 - +
  • [5] A XACML-based access control model for Web service
    Tao, H
    2005 INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING PROCEEDINGS, VOLS 1 AND 2, 2005, : 1140 - 1144
  • [6] A Secure Information Flow Architecture for Web Services
    Singaravelu, Lenin
    Wei, Jinpeng
    Pu, Calton
    2008 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, VOL 1, 2008, : 182 - 189
  • [7] Secure communication and access control for web services container
    Peng, Yu
    Wu, Quanyuan
    GCC 2005: FIFTH INTERNATIONAL CONFERENCE ON GRID AND COOPERATIVE COMPUTING, PROCEEDINGS, 2006, : 412 - +
  • [8] Secure Browser-based Access to Web Services
    Lo Iacono, Luigi
    Rajasekaran, Hariharan
    2009 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-8, 2009, : 871 - 875
  • [9] A double access control model for web services based information system
    Chen, Xueqin
    Wu, Huizhong
    Zhu, Yaoqin
    2008 PROCEEDINGS OF INFORMATION TECHNOLOGY AND ENVIRONMENTAL SYSTEM SCIENCES: ITESS 2008, VOL 2, 2008, : 1045 - 1050
  • [10] Authorization and access control to secure web services in a grid infrastructure
    Pastore, Serena
    WEBIST 2006: Proceedings of the Second International Conference on Web Information Systems and Technologies: INTERNET TECHNOLOGY / WEB INTERFACE AND APPLICATIONS, 2006, : 264 - 267
12345