论文信息 - Experimental analysis of attacks against web services and countermeasures

Experimental analysis of attacks against web services and countermeasures

Web services are increasingly becoming an integral part of next-generation web applications. A Web service is defined as a software system designed to support interoperable machine-to-machine interaction over a network based on a set of XML standards. This new architecture and set of protocols brings new security challenges such as confidentiality, integrity, anonymity, authentication, authorization and availability of requested services. Vulnerabilities in Web services are very dangerous since they can be used by attackers to damage the company's information system and steal confidential data. In this paper, we carry out an experimental analysis of attacks against Web services. We demonstrate experimentally three types of attacks and we reveal dangerous techniques and tools used by attackers that administrators have to prevent. Moreover, we study the effects of these attacks by observing their impact on Information System data and resources. Finally, we propose general countermeasures to prevent and mitigate such attacks.

Adel Bouhoula | Abdallah Ghourabi | Tarek Abbes

[1] Abhijit Belapurkar,et al. Distributed Systems Security: Issues, Processes and Solutions , 2009 .

[2] Esmiralda Moradian,et al. Possible attacks on XML Web Services , 2006 .

[3] Carla Merkle Westphall,et al. A Security Framework for Input Validation , 2008, 2008 Second International Conference on Emerging Security Information, Systems and Technologies.

[4] Andreas Schaad,et al. Towards secure SOAP message exchange in a SOA , 2006, SWS '06.

[5] Michael McIntosh,et al. XML signature element wrapping attacks and countermeasures , 2005, SWS '05.

[6] Nils Gruschka,et al. SOA and Web Services: New Technologies, New Standards - New Attacks , 2007, ECOWS 2007.

[7] Jonathan Robie,et al. Editors , 2003 .

[8] Nils Gruschka,et al. Protecting Web Services from DoS Attacks by SOAP Message Validation , 2006, SEC.

[9] Nils Agne Nordbotten,et al. XML and Web Services Security Standards , 2009, IEEE Communications Surveys & Tutorials.