A Security Evaluation Method Based on Threat Classification for Web Service
Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches...
Gespeichert in:
| Veröffentlicht in: | Journal of software 2011-04, Vol.6 (4), p.595-595 |
|---|---|
| Hauptverfasser: | , , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 595 |
|---|---|
| container_issue | 4 |
| container_start_page | 595 |
| container_title | Journal of software |
| container_volume | 6 |
| creator | Jiang, Li Chen, Hao Deng, Fei Zhong, Qiusheng |
| description | Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system's security design. Index Terms-Web service; security classification; security evaluation model; security abilities property |
| doi_str_mv | 10.4304/jsw.6.4.595-603 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_889401796</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>889401796</sourcerecordid><originalsourceid>FETCH-LOGICAL-c142t-8f2a6086516f42bee5e90b8ec7cdb5eca8e730fd8a5e376695e14f6c14a3f9203</originalsourceid><addsrcrecordid>eNpNkD1PwzAQhi0EEqUws3pjSmrHH4nHUpUPUcRAEWyW45xVV2lT7KSo_x5XZWC6O-l5X-kehG4pyTkjfLKOP7nMeS6UyCRhZ2hESyWzgpZf5__2S3QV45oQqSjnI_Qyxe9gh-D7A57vTTuY3ndb_Ar9qmvwvYnQ4HQvVwFMj2etidE7b0-U6wL-hDo1hL23cI0unGkj3PzNMfp4mC9nT9ni7fF5Nl1klvKizypXGEkqKah0vKgBBChSV2BL29QCrKmgZMQ1lRHASimVAMqdTGHDnCoIG6O7U-8udN8DxF5vfLTQtmYL3RB1VSlOjg8ncnIibehiDOD0LviNCQdNiT5a08malprrZE0na-wX5zhhCw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>889401796</pqid></control><display><type>article</type><title>A Security Evaluation Method Based on Threat Classification for Web Service</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><creator>Jiang, Li ; Chen, Hao ; Deng, Fei ; Zhong, Qiusheng</creator><creatorcontrib>Jiang, Li ; Chen, Hao ; Deng, Fei ; Zhong, Qiusheng</creatorcontrib><description>Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system's security design. Index Terms-Web service; security classification; security evaluation model; security abilities property</description><identifier>ISSN: 1796-217X</identifier><identifier>EISSN: 1796-217X</identifier><identifier>DOI: 10.4304/jsw.6.4.595-603</identifier><language>eng</language><subject>Classification ; Computer programs ; Design engineering ; Elevation ; Mathematical models ; Messages ; Security</subject><ispartof>Journal of software, 2011-04, Vol.6 (4), p.595-595</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27903,27904</link.rule.ids></links><search><creatorcontrib>Jiang, Li</creatorcontrib><creatorcontrib>Chen, Hao</creatorcontrib><creatorcontrib>Deng, Fei</creatorcontrib><creatorcontrib>Zhong, Qiusheng</creatorcontrib><title>A Security Evaluation Method Based on Threat Classification for Web Service</title><title>Journal of software</title><description>Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system's security design. Index Terms-Web service; security classification; security evaluation model; security abilities property</description><subject>Classification</subject><subject>Computer programs</subject><subject>Design engineering</subject><subject>Elevation</subject><subject>Mathematical models</subject><subject>Messages</subject><subject>Security</subject><issn>1796-217X</issn><issn>1796-217X</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2011</creationdate><recordtype>article</recordtype><recordid>eNpNkD1PwzAQhi0EEqUws3pjSmrHH4nHUpUPUcRAEWyW45xVV2lT7KSo_x5XZWC6O-l5X-kehG4pyTkjfLKOP7nMeS6UyCRhZ2hESyWzgpZf5__2S3QV45oQqSjnI_Qyxe9gh-D7A57vTTuY3ndb_Ar9qmvwvYnQ4HQvVwFMj2etidE7b0-U6wL-hDo1hL23cI0unGkj3PzNMfp4mC9nT9ni7fF5Nl1klvKizypXGEkqKah0vKgBBChSV2BL29QCrKmgZMQ1lRHASimVAMqdTGHDnCoIG6O7U-8udN8DxF5vfLTQtmYL3RB1VSlOjg8ncnIibehiDOD0LviNCQdNiT5a08malprrZE0na-wX5zhhCw</recordid><startdate>201104</startdate><enddate>201104</enddate><creator>Jiang, Li</creator><creator>Chen, Hao</creator><creator>Deng, Fei</creator><creator>Zhong, Qiusheng</creator><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>201104</creationdate><title>A Security Evaluation Method Based on Threat Classification for Web Service</title><author>Jiang, Li ; Chen, Hao ; Deng, Fei ; Zhong, Qiusheng</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c142t-8f2a6086516f42bee5e90b8ec7cdb5eca8e730fd8a5e376695e14f6c14a3f9203</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Classification</topic><topic>Computer programs</topic><topic>Design engineering</topic><topic>Elevation</topic><topic>Mathematical models</topic><topic>Messages</topic><topic>Security</topic><toplevel>online_resources</toplevel><creatorcontrib>Jiang, Li</creatorcontrib><creatorcontrib>Chen, Hao</creatorcontrib><creatorcontrib>Deng, Fei</creatorcontrib><creatorcontrib>Zhong, Qiusheng</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of software</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jiang, Li</au><au>Chen, Hao</au><au>Deng, Fei</au><au>Zhong, Qiusheng</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Security Evaluation Method Based on Threat Classification for Web Service</atitle><jtitle>Journal of software</jtitle><date>2011-04</date><risdate>2011</risdate><volume>6</volume><issue>4</issue><spage>595</spage><epage>595</epage><pages>595-595</pages><issn>1796-217X</issn><eissn>1796-217X</eissn><abstract>Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system's security design. Index Terms-Web service; security classification; security evaluation model; security abilities property</abstract><doi>10.4304/jsw.6.4.595-603</doi><tpages>1</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1796-217X |
| ispartof | Journal of software, 2011-04, Vol.6 (4), p.595-595 |
| issn | 1796-217X 1796-217X |
| language | eng |
| recordid | cdi_proquest_miscellaneous_889401796 |
| source | Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals |
| subjects | Classification Computer programs Design engineering Elevation Mathematical models Messages Security |
| title | A Security Evaluation Method Based on Threat Classification for Web Service |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-23T13%3A41%3A50IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Security%20Evaluation%20Method%20Based%20on%20Threat%20Classification%20for%20Web%20Service&rft.jtitle=Journal%20of%20software&rft.au=Jiang,%20Li&rft.date=2011-04&rft.volume=6&rft.issue=4&rft.spage=595&rft.epage=595&rft.pages=595-595&rft.issn=1796-217X&rft.eissn=1796-217X&rft_id=info:doi/10.4304/jsw.6.4.595-603&rft_dat=%3Cproquest_cross%3E889401796%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=889401796&rft_id=info:pmid/&rfr_iscdi=true |