2,115 research outputs found
XML Rewriting Attacks: Existing Solutions and their Limitations
Web Services are web-based applications made available for web users or
remote Web-based programs. In order to promote interoperability, they publish
their interfaces in the so-called WSDL file and allow remote call over the
network. Although Web Services can be used in different ways, the industry
standard is the Service Oriented Architecture Web Services that doesn't rely on
the implementation details. In this architecture, communication is performed
through XML-based messages called SOAP messages. However, those messages are
prone to attacks that can lead to code injection, unauthorized accesses,
identity theft, etc. This type of attacks, called XML Rewriting Attacks, are
all based on unauthorized, yet possible, modifications of SOAP messages. We
present in this paper an explanation of this kind of attack, review the
existing solutions, and show their limitations. We also propose some ideas to
secure SOAP messages, as well as implementation ideas
Non-Blocking Signature of very large SOAP Messages
Data transfer and staging services are common components in Grid-based, or
more generally, in service-oriented applications. Security mechanisms play a
central role in such services, especially when they are deployed in sensitive
application fields like e-health. The adoption of WS-Security and related
standards to SOAP-based transfer services is, however, problematic as a
straightforward adoption of SOAP with MTOM introduces considerable
inefficiencies in the signature generation process when large data sets are
involved. This paper proposes a non-blocking, signature generation approach
enabling a stream-like processing with considerable performance enhancements.Comment: 13 pages, 5 figure
Non-Blocking Signature of very large SOAP Messages
Data transfer and staging services are common components in Grid-based, or
more generally, in service-oriented applications. Security mechanisms play a
central role in such services, especially when they are deployed in sensitive
application fields like e-health. The adoption of WS-Security and related
standards to SOAP-based transfer services is, however, problematic as a
straightforward adoption of SOAP with MTOM introduces considerable
inefficiencies in the signature generation process when large data sets are
involved. This paper proposes a non-blocking, signature generation approach
enabling a stream-like processing with considerable performance enhancements.Comment: 13 pages, 5 figure
A personal networking solution
This paper presents an overview of research being conducted on Personal Networking Solutions within the Mobile VCE Personal Distributed Environment Work Area. In particular it attempts to highlight areas of commonality with the MAGNET initiative. These areas include trust of foreign devices and service providers, dynamic real-time service negotiation to permit context-aware service delivery, an automated controller algorithm for wireless ad hoc networks, and routing protocols for ad hoc networking environments. Where possible references are provided to Mobile VCE publications to enable further reading
BOF4WSS : a business-oriented framework for enhancing web services security for e-business
When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become
"BURO Case Study" In "Making the Repository Count: lessons from successful implementation"
Matt Holland and Tim Denning continue the research theme and consider the importance of IRs in support of research, focussing on three areas; how the IR fits with the university organisation; how to promote the use of the IR to end users and contributors; and how to secure long term benefits for the broadest range of stakeholders. They incorporate two case studies into the discussion, and include a description of the implementation of Bournemouth University Research Online (BURO). With contributions from Emma Crowley, BURO Manager
Australian subject gateways, the successes and the challenges
The paper provides an overview of subject gateway development in Australia and takes a closer look at three subject gateways coordinated by the University of Queensland: AustLit: Australian Literature Gateway; AVEL Sustainability Knowledge Network, an engineering and sustainable development gateway; and WebLaw, a gateway for legal professionals. The challenges facing subject gateways are examined, including interoperability, coordination and most significantly, sustainability. The paper concludes with the overarching questions being considered by gateway coordinators such as the place of subject gateways and their future given trends in the evolution of the web.<br /
- …