ATENOS: un programa para mejorar la seguridad en WSDL

Con el crecimiento de internet y las distintas dinámicas de la sociedad actual, ha cambiado en gran medida la forma de interactuar e intercambiar información entre las personas y las empresas. Este intercambio se vuelve blanco de ataques por parte de todos aquellos actores que quieren obtener información útil y valiosa a sus propios intereses o de terceros. Ante este panorama se vuelve imperioso implementar todo tipo de medidas y acciones tendientes a evitar estos ataques, por tal motivo nace lo que se denomina Seguridad Informática. Toda acción, herramienta o metodología enfocada a evitar, contrarrestar o retrasar ataques contra activos sensibles juega un rol sumamente importante para los diversos actores. Por lo antes explicado, se describe en este artículo una herramienta cuyo principal objetivo es desarrollar e incrementar el nivel de seguridad de Servicios Web.info:eu-repo/semantics/publishedVersio

Participant Domain Name Token Profile for security enhancements supporting service oriented architecture

This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP). A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue. The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost