Enhance Security of SOA with Data Mining
Abstract
Service-Oriented Architecture (SOA) is an architectural paradigm for developing distributed applications so that their design is structured on loosely coupled services such as Web Services. One of the most significant difficulties with developing SOA concerns its security challenges, since the responsibilities of SOA security are based on both the servers and the clients. In recent years, a lot of solutions have been implemented, such as the Web Services Security Standards, including WS-Security and WS Security Policy.However, those standards are completely insufficient for the promising new generations of web applications, such as Web 2.0 and its upgraded edition, Web 3.0. In this work, we are proposing an intelligent security service for SOA using data mining to predict the attacks that could arise with SOAP (Simple Object Access Protocol)messages. Moreover, this service will validate the new security policies before deploying them on the service provider side by testing the probability of their vulnerability.
Keywords
Full Text:
PDFReferences
Jeremy Epstein, Scott Matsumoto and Gray McGraw, "Software Security and SOA: Danger, Will Robinson", IEEE Security & Privacy Trans., Vol. 4, Number 1, Jan.-Feb. 2006, pp: 80–83.
Thomas Erl, Service-Oriented Architecture – Concepts, Technology, and Design, Pearson Education, Inc., 2005.
Igor Sedukhin, "End-to-End Security for Web Services and Services Oriented Architectures", White Paper, March 2003.
Debra D’Agostine, "Security in the World of Web 2.0", Innovations magazine, Issue 3, 2006, pp: 12-15.
Web3.0, http://www.pcmag.com/article2/0,1759,2102852,00.asp.
David Geer, “Taking Steps to Secure Web Services”, IEEE Computer,Vol. 36, Number 10, Oct. 2003, pp: 14-16.
Gunnar Peterson, "Service Oriented Security Architecture", Information Security Bulletin, Vol. 10, Nov.2005, pp: 325-330.
WebService Security (WS-Security), http://www.verisign.com/wss/wss.pdf.
OASIS, Web Services Security: 3 SOAP Message Security 1.0,http://docs.oasis-open.org/wss/2004/01/oasis-200401 wss-soapmessage-security-1.0.pdf.
WS-SecurityPolicy,V1.0, http://www.oasisopen.org/committees/download.php/15979/oasis-wssxwssecuritypolicy-1.0.pdf.
Mohammed Ashiqur Rahaman and Andreas Schaad,"SOAP-based Secure Conversation and Collaboration", In the Proc. of International Conference on Web Services (ICWS 2007), July 2007, pp: 471-480.
Yin-Soon Loh, Wei-Chuen Yau, Chien-Thang Wong and Wai-Chuen Ho, "Design and Implementation of an XMLFirewall",In the Proc. of International Conference on Computational Intelligence and Security,Nov. 2006, pp:1147-1150.
Navya Sidharth and Jigang Liu, "LAPF: A Framework for Enhancing Web Services Security", In the Proc. of 31st Annual International Computer Software and Applications Conference (COMPSAC 2007),July 2007, pp: 23-30.
Jeffrey Hasan, Expert Service-Oriented Architecture in C#: using the Web Services Enhancement 2.0, Apress, 2004.
Zhao Hui Tang and Jamie Meclennan, Data Mining with SQL Server 2005, Wiley Publishing, Inc., 2005.
“Understanding SOA Security Design and Implementation”,http://www.redbooks.ibm.com/abstracts/SG 247310.html
http://www.oracle.com/technology/products/webservices_manager/pdf/owsm10.1.3.1.0datasheet.pdf.
Oracle® SOA Suite Developer's Guide,
Xiaofeng Zhang, Ho-fai Wong; W.K. Cheung, "A Privacy-Aware Service-oriented Platform for Distributed Data Mining", In the Proc. of the 8th IEEE International Conference on and Enterprise Computing and the 3rd IEEE International Conference on Enterprise computing,ECommerce,and E-Services (CEC/EEE’06), 2006, pp:44-48.
http://www.actional.com/products/docs/white_paper_web_service_security_threat.pdf.
http://www.fas.org/sgp/crs/intel/RL31798.pdf.
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution 3.0 License.