A new customizable security framework for preventing WSDL attacks

Ibrahim, B.M. and Hassan, M.F. (2016) A new customizable security framework for preventing WSDL attacks. In: UNSPECIFIED.

Full text not available from this repository.
Official URL: https://www.scopus.com/inward/record.uri?eid=2-s2....

Abstract

The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically. © 2015 IEEE.

Item Type: Conference or Workshop Item (UNSPECIFIED)
Impact Factor: cited By 5
Uncontrolled Keywords: Distributed computer systems; Electronic document exchange; HTTP; Information services; Internet protocols; Network architecture; Network security; Neural networks; Quality of service; Service oriented architecture (SOA); Websites; WSDL; XML, Developing solutions; Enterprise application integration; Machine architectures; Security frameworks; Sensitive informations; Simple object access protocols; SOA Security; Web service description language, Web services
Depositing User: Ms Sharifah Fahimah Saiyed Yeop
Date Deposited: 25 Mar 2022 07:43
Last Modified: 25 Mar 2022 07:43
URI: http://scholars.utp.edu.my/id/eprint/30922

Actions (login required)

View Item
View Item