Modeling the Evaluation Criteria for Security Patterns in Web Service Discovery

Current trends in performing business-to-business transactions and enterprise application integration have been extended to the use of web service. With web services being accepted and deployed in both research and industrial areas, the security related issues become important. Web services security has attracted the attention of researchers in the area of security due to the proven fact that most attacks to businesses and organizations exploit web service vulnerabilities. The main goal of this research is to achieve security concept of the web service can be summarized to this single value. In this paper, we evaluate common security patterns with respect to the STRIDE model of attacks by examining the attacks performed in different web services system. In order to evaluate security we introduce a new measure for the computation of a security rating of web service based on STRIDE test case model such that the security concept of the system can be summarized to single value. The overall severity for the risk that can expressed in measurable way.

[1]  Yuichi Nakamura,et al.  Implementation and Performance of WS-Security , 2004, Int. J. Web Serv. Res..

[2]  J. R. Williams,et al.  A practical approach to measuring assurance , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[3]  Karl Aberer,et al.  QoS-Based Service Selection and Ranking with Trust and Reputation Management , 2005, OTM Conferences.

[4]  Shrideep Pallickara,et al.  Performance of Web Services Security , 2004 .

[5]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[6]  Gary McGraw,et al.  Exploiting Software: How to Break Code , 2004 .

[7]  Colin Atkinson,et al.  A Practical Approach to Web Service Discovery and Retrieval , 2007, IEEE International Conference on Web Services (ICWS 2007).

[8]  Tao Li,et al.  SWSDS: Quick Web Service Discovery and Composition in SEWSIP , 2006, The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services (CEC/EEE'06).

[9]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[10]  Jeremy L. Jacob,et al.  Security specifications , 1988, Proceedings. 1988 IEEE Symposium on Security and Privacy.

[11]  Symeon Papavassiliou,et al.  Performance Comparison of Web Services Security: Kerberos Token Profile Against X.509 Token Profile , 2007, International Conference on Networking and Services (ICNS '07).

[12]  John Zic,et al.  Performance Evaluation and Modeling of Web Services Security , 2007, IEEE International Conference on Web Services (ICWS 2007).

[13]  Matjaz B. Juric,et al.  Comparison of performance of Web services, WS-Security, RMI, and RMI-SSL , 2006, J. Syst. Softw..

[14]  Mike Shema,et al.  Hacking Exposed Web Applications , 2010 .

[15]  Hui Xiong,et al.  Web Service Discovery via Semantic Association Ranking and Hyperclique Pattern Discovery , 2006, 2006 IEEE/WIC/ACM International Conference on Web Intelligence (WI 2006 Main Conference Proceedings)(WI'06).

[16]  Marco Furini,et al.  International Journal of Computer and Applications , 2010 .

[17]  Athanasios K. Tsakalidis,et al.  Web Service Discovery Mechanisms: Looking for a Needle in a Haystack? , 2004 .