Defending Against XML-Based Attacks Using State-Based XML Firewall
With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as...
Gespeichert in:
Veröffentlicht in: | Journal of computers 2011-11, Vol.6 (11), p.2395-2395 |
---|---|
Hauptverfasser: | , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 2395 |
---|---|
container_issue | 11 |
container_start_page | 2395 |
container_title | Journal of computers |
container_volume | 6 |
creator | Xu, Haiping Reddyreddy, Abhinay Fitch, Daniel F. |
description | With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented systems, XML firewalls have recently been introduced as one of the major means for web services security. In this paper, we present a framework for state-based XML firewall, called S-Wall, which supports dynamic role-based access control (D-RBAC) and detection of XML-based attacks in real-time. We provide a detailed design of the SWall security model by defining state-based information, user information, access control policies, and detection and verification (D&V) rules. The D&V rules are modularized into separate units, which support real-time detection and verification of various types of attacks using state-based information. To illustrate the effectiveness of our approach, we develop a prototype S-Wall, and utilize a case study to demonstrate how S-Wall can be used to efficiently detect and defend against XML-based attacks. Index Terms-State-based XML firewall (S-Wall), web services security, service-oriented architecture, dynamic role-based access control (D-RBAC), XML-based attack, detection and verification (D&V) |
doi_str_mv | 10.4304/jcp.6.11.2395-2407 |
format | Article |
fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1031309406</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1031309406</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2397-1aea32226c1a2db91c55f553b2f713a5e062468c8f72dc3334a48aa5b1806fc03</originalsourceid><addsrcrecordid>eNpNkMFKw0AQhhdRsNS-gKccvSTu7OxukmNbbRUiHrTQ2zLd7JbUNK3ZFPHtTWgPzuUf-D-G4WPsHngikcvHnT0mOgFIBOYqFpKnV2wEaa5jwXF9_W-_ZZMQdrwfRMiAj9jsyXnXlFWzjaZbqprQReu3Ip5RcGU07TqyXyFahaH_6Khzl6ZnokXVuh-q6zt246kObnLJMVstnj_nL3HxvnydT4vY9n-lMZAjFEJoCyTKTQ5WKa8UboRPAUk5roXUmc18KkqLiJJkRqQ2kHHtLccxezjfPbaH75MLndlXwbq6psYdTsEAR0CeS657VJxR2x5CaJ03x7baU_vbQ2ZwZnpnRhsAMzgzgzP8A2-XXXM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1031309406</pqid></control><display><type>article</type><title>Defending Against XML-Based Attacks Using State-Based XML Firewall</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Xu, Haiping ; Reddyreddy, Abhinay ; Fitch, Daniel F.</creator><creatorcontrib>Xu, Haiping ; Reddyreddy, Abhinay ; Fitch, Daniel F.</creatorcontrib><description>With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented systems, XML firewalls have recently been introduced as one of the major means for web services security. In this paper, we present a framework for state-based XML firewall, called S-Wall, which supports dynamic role-based access control (D-RBAC) and detection of XML-based attacks in real-time. We provide a detailed design of the SWall security model by defining state-based information, user information, access control policies, and detection and verification (D&V) rules. The D&V rules are modularized into separate units, which support real-time detection and verification of various types of attacks using state-based information. To illustrate the effectiveness of our approach, we develop a prototype S-Wall, and utilize a case study to demonstrate how S-Wall can be used to efficiently detect and defend against XML-based attacks. Index Terms-State-based XML firewall (S-Wall), web services security, service-oriented architecture, dynamic role-based access control (D-RBAC), XML-based attack, detection and verification (D&V)</description><identifier>ISSN: 1796-203X</identifier><identifier>EISSN: 1796-203X</identifier><identifier>DOI: 10.4304/jcp.6.11.2395-2407</identifier><language>eng</language><subject>Access control ; Computer information security ; Dynamics ; Extensible Markup Language ; Firewalls ; Real time ; Web services ; XML</subject><ispartof>Journal of computers, 2011-11, Vol.6 (11), p.2395-2395</ispartof><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2397-1aea32226c1a2db91c55f553b2f713a5e062468c8f72dc3334a48aa5b1806fc03</citedby><cites>FETCH-LOGICAL-c2397-1aea32226c1a2db91c55f553b2f713a5e062468c8f72dc3334a48aa5b1806fc03</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27903,27904</link.rule.ids></links><search><creatorcontrib>Xu, Haiping</creatorcontrib><creatorcontrib>Reddyreddy, Abhinay</creatorcontrib><creatorcontrib>Fitch, Daniel F.</creatorcontrib><title>Defending Against XML-Based Attacks Using State-Based XML Firewall</title><title>Journal of computers</title><description>With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented systems, XML firewalls have recently been introduced as one of the major means for web services security. In this paper, we present a framework for state-based XML firewall, called S-Wall, which supports dynamic role-based access control (D-RBAC) and detection of XML-based attacks in real-time. We provide a detailed design of the SWall security model by defining state-based information, user information, access control policies, and detection and verification (D&V) rules. The D&V rules are modularized into separate units, which support real-time detection and verification of various types of attacks using state-based information. To illustrate the effectiveness of our approach, we develop a prototype S-Wall, and utilize a case study to demonstrate how S-Wall can be used to efficiently detect and defend against XML-based attacks. Index Terms-State-based XML firewall (S-Wall), web services security, service-oriented architecture, dynamic role-based access control (D-RBAC), XML-based attack, detection and verification (D&V)</description><subject>Access control</subject><subject>Computer information security</subject><subject>Dynamics</subject><subject>Extensible Markup Language</subject><subject>Firewalls</subject><subject>Real time</subject><subject>Web services</subject><subject>XML</subject><issn>1796-203X</issn><issn>1796-203X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2011</creationdate><recordtype>article</recordtype><recordid>eNpNkMFKw0AQhhdRsNS-gKccvSTu7OxukmNbbRUiHrTQ2zLd7JbUNK3ZFPHtTWgPzuUf-D-G4WPsHngikcvHnT0mOgFIBOYqFpKnV2wEaa5jwXF9_W-_ZZMQdrwfRMiAj9jsyXnXlFWzjaZbqprQReu3Ip5RcGU07TqyXyFahaH_6Khzl6ZnokXVuh-q6zt246kObnLJMVstnj_nL3HxvnydT4vY9n-lMZAjFEJoCyTKTQ5WKa8UboRPAUk5roXUmc18KkqLiJJkRqQ2kHHtLccxezjfPbaH75MLndlXwbq6psYdTsEAR0CeS657VJxR2x5CaJ03x7baU_vbQ2ZwZnpnRhsAMzgzgzP8A2-XXXM</recordid><startdate>20111101</startdate><enddate>20111101</enddate><creator>Xu, Haiping</creator><creator>Reddyreddy, Abhinay</creator><creator>Fitch, Daniel F.</creator><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20111101</creationdate><title>Defending Against XML-Based Attacks Using State-Based XML Firewall</title><author>Xu, Haiping ; Reddyreddy, Abhinay ; Fitch, Daniel F.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2397-1aea32226c1a2db91c55f553b2f713a5e062468c8f72dc3334a48aa5b1806fc03</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Access control</topic><topic>Computer information security</topic><topic>Dynamics</topic><topic>Extensible Markup Language</topic><topic>Firewalls</topic><topic>Real time</topic><topic>Web services</topic><topic>XML</topic><toplevel>online_resources</toplevel><creatorcontrib>Xu, Haiping</creatorcontrib><creatorcontrib>Reddyreddy, Abhinay</creatorcontrib><creatorcontrib>Fitch, Daniel F.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of computers</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Xu, Haiping</au><au>Reddyreddy, Abhinay</au><au>Fitch, Daniel F.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Defending Against XML-Based Attacks Using State-Based XML Firewall</atitle><jtitle>Journal of computers</jtitle><date>2011-11-01</date><risdate>2011</risdate><volume>6</volume><issue>11</issue><spage>2395</spage><epage>2395</epage><pages>2395-2395</pages><issn>1796-203X</issn><eissn>1796-203X</eissn><abstract>With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented systems, XML firewalls have recently been introduced as one of the major means for web services security. In this paper, we present a framework for state-based XML firewall, called S-Wall, which supports dynamic role-based access control (D-RBAC) and detection of XML-based attacks in real-time. We provide a detailed design of the SWall security model by defining state-based information, user information, access control policies, and detection and verification (D&V) rules. The D&V rules are modularized into separate units, which support real-time detection and verification of various types of attacks using state-based information. To illustrate the effectiveness of our approach, we develop a prototype S-Wall, and utilize a case study to demonstrate how S-Wall can be used to efficiently detect and defend against XML-based attacks. Index Terms-State-based XML firewall (S-Wall), web services security, service-oriented architecture, dynamic role-based access control (D-RBAC), XML-based attack, detection and verification (D&V)</abstract><doi>10.4304/jcp.6.11.2395-2407</doi><tpages>1</tpages><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1796-203X |
ispartof | Journal of computers, 2011-11, Vol.6 (11), p.2395-2395 |
issn | 1796-203X 1796-203X |
language | eng |
recordid | cdi_proquest_miscellaneous_1031309406 |
source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
subjects | Access control Computer information security Dynamics Extensible Markup Language Firewalls Real time Web services XML |
title | Defending Against XML-Based Attacks Using State-Based XML Firewall |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T03%3A54%3A45IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Defending%20Against%20XML-Based%20Attacks%20Using%20State-Based%20XML%20Firewall&rft.jtitle=Journal%20of%20computers&rft.au=Xu,%20Haiping&rft.date=2011-11-01&rft.volume=6&rft.issue=11&rft.spage=2395&rft.epage=2395&rft.pages=2395-2395&rft.issn=1796-203X&rft.eissn=1796-203X&rft_id=info:doi/10.4304/jcp.6.11.2395-2407&rft_dat=%3Cproquest_cross%3E1031309406%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1031309406&rft_id=info:pmid/&rfr_iscdi=true |