Experimental Evaluation of Web Service Frameworks in the Presence of Security Attacks

2012 IEEE Ninth International Conference on Services Computing Pub Date : 2012-06-24 DOI:10.1109/SCC.2012.52

R. Oliveira, N. Laranjeiro, M. Vieira

{"title":"Experimental Evaluation of Web Service Frameworks in the Presence of Security Attacks","authors":"R. Oliveira, N. Laranjeiro, M. Vieira","doi":"10.1109/SCC.2012.52","DOIUrl":null,"url":null,"abstract":"Web services are increasingly being used to provide critical operations in business-to-business and safety-critical environments. In these environments the exploitation of security vulnerabilities may result in major damages in the services infrastructures, financial or reputation losses to the organizations involved, and other catastrophic consequences for the users and the environment. Web services frameworks are the basis for developers to create and deploy web services, and must provide a robust and secure environment, so that an application can deliver its service, even when in presence of security attacks. In this paper we study the behavior of well-known web services frameworks in the presence of security attacks targeting the core web services specifications, i.e., those enabling basic message exchange functionalities. Results show that frameworks are quite resistant to attacks. However, they also indicate that even very popular and highly tested frameworks can be vulnerable to attacks, with potentially catastrophic consequences for the services being deployed.","PeriodicalId":178841,"journal":{"name":"2012 IEEE Ninth International Conference on Services Computing","volume":"73 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE Ninth International Conference on Services Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCC.2012.52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 12

Abstract

Web services are increasingly being used to provide critical operations in business-to-business and safety-critical environments. In these environments the exploitation of security vulnerabilities may result in major damages in the services infrastructures, financial or reputation losses to the organizations involved, and other catastrophic consequences for the users and the environment. Web services frameworks are the basis for developers to create and deploy web services, and must provide a robust and secure environment, so that an application can deliver its service, even when in presence of security attacks. In this paper we study the behavior of well-known web services frameworks in the presence of security attacks targeting the core web services specifications, i.e., those enabling basic message exchange functionalities. Results show that frameworks are quite resistant to attacks. However, they also indicate that even very popular and highly tested frameworks can be vulnerable to attacks, with potentially catastrophic consequences for the services being deployed.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Web服务框架在安全攻击下的实验评估

Web服务越来越多地被用于在企业对企业和安全关键环境中提供关键操作。在这些环境中，利用安全漏洞可能会对服务基础设施造成重大损害，对相关组织造成财务或声誉损失，并对用户和环境造成其他灾难性后果。Web服务框架是开发人员创建和部署Web服务的基础，并且必须提供健壮和安全的环境，以便应用程序能够交付其服务，即使存在安全攻击。在本文中，我们研究了知名web服务框架在针对核心web服务规范(即那些启用基本消息交换功能的规范)的安全攻击下的行为。结果表明，该框架具有较强的抗攻击能力。然而，它们也表明，即使是非常流行和经过高度测试的框架也可能容易受到攻击，从而对所部署的服务造成潜在的灾难性后果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

2012 IEEE Ninth International Conference on Services Computing

自引率

0.00%

发文量