The accountability problem of flooding attacks in service-oriented architectures

Proceedings - International Conference on Availability, Reliability and Security, ARES 2009

Volumn , Issue , 2009, Pages 25-32

  Jensen, Meiko ^a   Schwenk, Jörg ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ATTACK MODEL; COMPLEX TASK; DENIAL OF SERVICE ATTACKS; DISTRIBUTED SERVICE; GENERAL SOLUTIONS; NETWORK-BASED SERVICES; SERVICE ORIENTED;

COMPUTER CRIME; INFORMATION SERVICES; SERVICE ORIENTED ARCHITECTURE (SOA);

SECURITY OF DATA;

EID: 70349687721     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ARES.2009.11     Document Type: Conference Paper

References (27)

1. Tuomas Aura, Pekka Nikander, and Jussipekka Leiwo. DOS-resistant authentication with client puzzles. Lecture Notes in Computer Science, 2133:170+, 2001.
2. Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, and Ed Simon. XML-Signature Syntax and Processing. W3C Recommendation, 2002.
3. Ramy Bebawy, Hesham Sabry, Sherif El-Kassas, Youssef Hanna, and Youssef Youssef. Nedgty: Web services firewall. In ICWS '05: Proceedings of the IEEE International Conference on Web Services, pages 597-601, Washington, DC, USA, 2005. IEEE Computer Society.
4. Johann Bizer, Rüdiger Grimm, Steffen Staab, Sebastian Meissner, Daniel Pähler, Christoph Ringelstein, Martin Rost, Jan Schallaböck, and Felix Schwagereit. SOAinVO - Chancen und Risiken von Service-orientierten Architekturen in Virtuellen Organisationen (german). 2007.
5. Nils Gruschka, Ralph Herkenhöner, and Norbert Luttenberger. Access control enforcement for web services by event-based security token processing. In T. Braun, G. Carle, and B. Stiller, editors, 15. ITG/Gi Fachtagung Kommunikation in Verteilten Systemen (KiVS 2007), pages 371-382, 2007.
6. Nils Gruschka, Meiko Jensen, and Norbert Luttenberger. A Stateful Web Service Firewall for BPEL. Proceedings of the IEEE International Conference on Web Services (ICWS 2007), 2007.
7. Nils Gruschka and Norbert Luttenberger. Protecting Web Services from DoS Attacks by SOAP Message Validation. In Proceedings of the IFIP TC-11 21. International Information Security Conference (SEC 2006), 2006.
8. Nils Gruschka, Norbert Luttenberger, and Ralph Herkenhöner. Eventbased SOAP Message Validation for WS-SecurityPolicy-enriched Web Services. In Proceedings of the 2006 International Conference on Semantic Web & Web Services, 2006.
9. Martin Gudgin, Marc Hadley, and Tony Rogers. Web Services Addressing 1.0 - SOAP Binding. W3C Recommendation, May 2006.
10. Alefiya Hussain, John Heidemann, and Christos Papadopoulos. A framework for classifying denial of service attacks. In SIGCOMM '03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 99-110, New York, NY, USA, 2003. ACM Press.
11. Meiko Jensen. A Fault Propagation Approach for Highly Distributed Service Compositions. In Proceedings of the 2008 IEEE International Conference on Services Computing (SCC), volume 2, pages 507-510, 2008.
12. Meiko Jensen and Nils Gruschka. Flooding Attack Issues of Web Services and Service-Oriented Architectures. In Proceedings of the Workshop on Security for Web Services and Service-Oriented Architectures (SWSOA, held at GI Jahrestagung 2008), pages 117-122, 2008.
13. Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, and Norbert Luttenberger. SOA and Web Services: New Technologies, New Standards - New Attacks. In Proceedings of the 5th IEEE European Conference on Web Services (ECOWS), 2007.
14. Meiko Jensen, Nils Gruschka, and Norbert Luttenberger. The Impact of Flooding Attacks on Network-based Services. In Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES), 2008.
15. Sherif Khattab, Rami Melhem, Daniel Mossé, and Taieb Znati. Honeypot back-propagation for mitigating spoofing distributed denial-of-service attacks. J. Parallel Distrib. Comput., 66(9):1152-1164, 2006.
16. J. Klensin. Rfc 2821: Simple mail transfer protocol. IETF Requests for Comments, 2001.
17. J. Leiwo, P. Nikander, and T. Aura. Towards Network Denial of Service Resistant Protocols. In Proc. of the 15th International Information Security Conference (IFIP/SEC), 2000.
18. Tim Moses. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, 2005.
19. Anthony Nadalin, Marc Goodner, Martin Gudgin, Abbie Barbir, and Hans Granqvist (Editors). Web Services Trust Language (WS-Trust). OASIS Standard, 2007.
20. Anthony Nadalin, Chris Kaler, Ronald Monzillo, and Phillip Hallam-Baker. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). 2006.
21. Kihong Park and Heejo Lee. On the effectiveness of route-based packet filtering for distributed dos attack prevention in power-law internets. SIGCOMM Comput. Commun. Rev., 31(4):15-26, 2001.
22. Supranamaya Ranjan, R. Swaminathan, M. Uysal, and Edward W. Knightly. DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection. In INFOCOM, 2006.
23. Valentin Razmov. Denial of service attacks and how to defend against them. 2000.
24. Christoph L. Schuba, Ivan V. Krsul, Markus G. Kuhn, Eugene H. Spafford, Aurobindo Sundaram, and Diego Zamboni. Analysis of a Denial of Service Attack on TCP. In SP '97: Proceedings of the 1997 IEEE Symposium on Security and Privacy, pages 208-223, Washington, DC, USA, May 1997. IEEE Computer Society.
25. Anoop Singhal. Web services security: Challenges and techniques. In POLICY '07: Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, page 282, Washington, DC, USA, 2007. IEEE Computer Society.
26. Mudhakar Srivatsa, Arun Iyengar, Thomas A. Mikalsen, Isabelle Rouvellou, and Jian Yin. An access control system for web service compositions. In Proceedings of the IEEE International Conference on Web Services (ICWS), pages 1-8, 2007.
27. Sanjiva Weerawarana, Francisco Curbera, Frank Leymann, Tony Storey, and Donald F. Ferguson. Web Services Platform Architecture: SOAP, WSDL, WS-Policy, WS-Addressing, WS-BPEL, WS-Reliable Messaging, and More. Prentice Hall PTR, 2005.