Architectural Framework for Secure Composite Web Services

The exorbitant growth in the field of web services technology has challenged the web developers, vendors and researchers to design and development a variety of enterprise web applications for diverse organizations. Since, security is considered to be an essential part in the development of web applications, web services security has also become an emerging trend in Web services technology. Even though there has been considerable amount of research work carried out in these areas, there is no solid scheme offered so far to build a secure academic-oriented web application. Hence, a novel architectural framework is intended solely for the academic institutions with the aim of providing efficient and secure composite web services for the web users. The concept of multi-level security is also included in the proposed framework to handle various security concerns at different levels.

[1]  Bhavani M. Thuraisingham,et al.  Enhancing Security Modeling for Web Services Using Delegation and Pass-On , 2008, 2008 IEEE International Conference on Web Services.

[2]  J.G.R. Sathiaseelan,et al.  Multi-Level Secure Architecture for distributed integrated Web services , 2010, 2010 3rd International Conference on Computer Science and Information Technology.

[3]  Yuefei Zhu,et al.  Efficient Solution to Password-based Key Exchange for Large Groups , 2009, J. Networks.

[5]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM 2007.

[6]  Athula Ginige Web engineering: managing the complexity of web systems development , 2002, SEKE '02.

[7]  Toru Ishida,et al.  Service Supervision: Coordinating Web Services in Open Environment , 2009, 2009 IEEE International Conference on Web Services.

[8]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[9]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[10]  Joachim Biskup,et al.  Towards Secure Execution Orders for CompositeWeb Services , 2007, IEEE International Conference on Web Services (ICWS 2007).

[11]  Mary Shaw,et al.  Software architecture - perspectives on an emerging discipline , 1996 .

[12]  Steven M. Bellovin,et al.  Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password file compromise , 1993, CCS '93.

[13]  S. Albert Rabara,et al.  Multi-Level Secure Framework (MLSF) for composite web services , 2009, ICIS '09.

[14]  Cynthia E. Irvine,et al.  Analysis of three multilevel security architectures , 2007, CSAW '07.

[15]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[16]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[17]  Paul Clements,et al.  Software Architecture in Practice (Second Edition) , 2011 .

[18]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .

[19]  Dar,et al.  Engineering Introduction , 2022 .

[20]  Steve Hansen,et al.  Web Engineering: A New Discipline for Development of Web-Based Systems , 2001, Web Engineering.

[21]  Robert H. Deng,et al.  A practical password-based two-server authentication and key exchange system , 2006, IEEE Transactions on Dependable and Secure Computing.

[22]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[23]  Gwan-Hwan Hwang,et al.  An Operational Model and Language Support for Securing Web Services , 2007, IEEE International Conference on Web Services (ICWS 2007).

[24]  Siddharth Bajaj,et al.  Web Services Federation Language (WS- Federation) , 2003 .

[25]  Ninghui Li,et al.  Toward Formal Verification of Role-Based Access Control Policies , 2008 .

[26]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[27]  Roger S. Pressman,et al.  Web Engineering , 2001, Lecture Notes in Computer Science.

[28]  Stéphanie Chollet,et al.  An Extensible Abstract Service Orchestration Framework , 2009, 2009 IEEE International Conference on Web Services.

[29]  Douglas Stebila,et al.  Multi-Factor Password-Authenticated Key Exchange , 2010, AISC.

[30]  Daryl McCullough,et al.  A Hookup Theorem for Multilevel Security , 1990, IEEE Trans. Software Eng..

[31]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[32]  Martin Gaedke,et al.  Web Engineering - Introduction. , 2000 .

[33]  R. Sandhu,et al.  Access control: principles and practice , 1994, IEEE Commun. Mag..

[34]  Ninghui Li,et al.  Towards Formal Verification of Role-Based Access Control Policies , 2008, IEEE Transactions on Dependable and Secure Computing.

[35]  Song Han,et al.  Deniable Authentication Protocol Resisting Man-in-the-Middle Attack , 2007 .

[36]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.