2,480 research outputs found
Participant Domain Name Token Profile for security enhancements supporting service oriented architecture
This research proposes a new secure token profile for improving the existing Web Services security standards. It provides a new authentication mechanism. This additional level of security is important for the Service-Oriented Architecture (SOA), which is an architectural style that uses a set of principles and design rules to shape interacting applications and maintain interoperability. Currently, the market push is towards SOA, which provides several advantages, for instance: integration with heterogeneous systems, services reuse, standardization of data exchange, etc. Web Services is one of the technologies to implement SOA and it can be implemented using Simple Object Access Protocol (SOAP).
A SOAP-based Web Service relies on XML for its message format and common application layer protocols for message negotiation and transmission. However, it is a security challenge when a message is transmitted over the network, especially on the Internet. The Organization for Advancement of Structured Information Standards (OASIS) announced a set of Web Services Security standards that focus on two major areas. “Who” can use the Web Service and “What” are the permissions. However, the location or domain of the message sender is not authenticated. Therefore, a new secure token profile called: Participant Domain Name Token Profile (PDNT) is created to tackle this issue.
The PDNT provides a new security feature, which the existing token profiles do not address. Location-based authentication is achieved if adopting the PDNT when using Web Services. In the performance evaluation, PDNT is demonstrated to be significantly faster than other secure token profiles. The processing overhead of using the PDNT with other secure token profiles is very small given the additional security provided. Therefore all the participants can acquire the benefits of increased security and performance at low cost
XML Rewriting Attacks: Existing Solutions and their Limitations
Web Services are web-based applications made available for web users or
remote Web-based programs. In order to promote interoperability, they publish
their interfaces in the so-called WSDL file and allow remote call over the
network. Although Web Services can be used in different ways, the industry
standard is the Service Oriented Architecture Web Services that doesn't rely on
the implementation details. In this architecture, communication is performed
through XML-based messages called SOAP messages. However, those messages are
prone to attacks that can lead to code injection, unauthorized accesses,
identity theft, etc. This type of attacks, called XML Rewriting Attacks, are
all based on unauthorized, yet possible, modifications of SOAP messages. We
present in this paper an explanation of this kind of attack, review the
existing solutions, and show their limitations. We also propose some ideas to
secure SOAP messages, as well as implementation ideas
From service-oriented architecture to service-oriented enterprise
Service-Oriented Architecture (SOA) was originally motivated by enterprise demands for better business-technology alignment and higher flexibility and reuse. SOA evolved from an initial set of ideas and principles to Web services (WS) standards now widely accepted by industry. The next phase of SOA development is concerned with a scalable, reliable and secure infrastructure based on these standards, and guidelines, methods and techniques for developing and maintaining service delivery in dynamic enterprise settings. In this paper we discuss the principles and main elements of SOA. We then present an overview of WS standards. And finally we come back to the original motivation for SOA, and how these can be realized
Improving the Scalability of DPWS-Based Networked Infrastructures
The Devices Profile for Web Services (DPWS) specification enables seamless
discovery, configuration, and interoperability of networked devices in various
settings, ranging from home automation and multimedia to manufacturing
equipment and data centers. Unfortunately, the sheer simplicity of event
notification mechanisms that makes it fit for resource-constrained devices,
makes it hard to scale to large infrastructures with more stringent
dependability requirements, ironically, where self-configuration would be most
useful. In this report, we address this challenge with a proposal to integrate
gossip-based dissemination in DPWS, thus maintaining compatibility with
original assumptions of the specification, and avoiding a centralized
configuration server or custom black-box middleware components. In detail, we
show how our approach provides an evolutionary and non-intrusive solution to
the scalability limitations of DPWS and experimentally evaluate it with an
implementation based on the the Web Services for Devices (WS4D) Java Multi
Edition DPWS Stack (JMEDS).Comment: 28 pages, Technical Repor
- …