Access control enforcement for web services by event-based security token processing

15th ITG/GI Symposium on Communication in Distributed Systems, KiVS 2007

Volumn 2007-January, Issue , 2007, Pages 1-12

  Gruschka, Nils ^a   Herkenhoner, Ralph ^a   Luttenberger, Norbert ^a  

^a UNIVERSITY OF KIEL   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL; NETWORK SECURITY; WEBSITES;

ACCESS CONTROL ENFORCEMENTS; COMPLEX TASK; CONTROL IMPLEMENTATION; PROCESSING MODEL; PROTECTING SERVICES; SECURITY TOKENS; SERVICE ACCESS; SERVICE AVAILABILITY;

WEB SERVICES;

EID: 85027493146     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (25)

1. Gustavo Alonso, Fabio Casati, Harumi Konu, and Vijay Machiraju. Web Services. Springer, 2004.
2. Claudio Agostino Ardagna, Ernesto Damiani, Sabrina De Capitani di Vimercati, and Pierangela Samarati. A Web Service Architecture for Enforcing Access Control Policies. Proc. of the First International Workshop on Views On Designing Complex Architectures (VODCA 2004), September 2004.
3. Keith Ballinger, David Ehnebuske, Christopher Ferris, Martin Gudgin, Canyang Kevin Liu, Mark Nottingham, and Prasad Yendluri. Basic Profile Version 1.1. WS-I Organisation, 2004.
4. Karthikeyan Bhargavan, Cedric Fournet, Andrew D. Gordon, and Greg O'Shea. An advisor for Web Services security policies. In S WS '05: Proceedings of the 2005 workshop on Secure web services, pages 1-9, New York, NY, USA, 2005. ACM Press.
5. David Brownell. SAX2. O'Reilly, 2002.
6. Scott Cantor, John Kemp, Rob Philpott, and Eve Maler. Assertions and protocols for the oasis security assertion markup language (saml) v2.0. OASIS Standard, 2005.
7. Erik Christensen, Francisco Curbera, Greg Meredith, and Sanjiva Weerawarana. Web Services Description Language (WSDL). W3C Note, 2001.
8. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. Securing SOAP E-Services. International Journal of Information Security, 2002.
9. Nils Gruschka and Ralph Herkenhoner. WS-SecurityPolicy decision and enforcement for Web Service firewalls. In Proceedings of the IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation, 2006.
10. Nils Gruschka and Norbert Luttenberger. Protecting Web Services from DoS attacks by SOAP message validation. In Proceedings of the IFIP TC-11 21. International Information Security Conference (SEC 2006), 2006.
11. Nils Gruschka, Norbert Luttenberger, and Ralph Herkenhoner. Event-based SOAP message validation for WS-SecurityPolicy-Enriched Web Services. In Proceedings of the 2006 International Conference on Semantic Web €3 Web Services, 2006.
12. Martin Gudgin, Marc Hadley, Noah Mendelsohn, Jean-Jacques Moreau, and Henrik Frystyk Nielsen. SOAP Version 1.2 Part 1: Messaging Framework. W3C Recommendation, 2003.
13. Martin Gudgin, Marc Hadley, and Tony Rogers. Web Services Addressing 1.0 - SOAP Binding. W3C Recommendation, May 2006.
14. Ralph Herkenhoner. Eventbased and policy-driven Web Service firewall. Diploma thesis, 2005.
15. Maryann Hondo, Nataraj Nagarathnam, and Anthony Nadalin. Securing Web Services. IBM Systems Journal, 41:228-241, 2002.
16. Takeshi Imamura and Michiaki Tatsubori. Patterns for securing Web Services messaging. In OOPSLA 2003 Workshop on Web Services and Service Oriented Architecture, 2003.
17. Tomasz Janczuk. Protect your Web Services through the extensible policy framework in WSE 3.0. MSDN Magazine, 2006.
18. Chris Kaler and Anthony Nadalin (editors). Web Services Security Policy Language (WS-SecurityPolicy) 1.1. 2005.
19. Pete Lindstrom. Attacking and defending Web Service. A Spire Research Report, 2004.
20. Catherine Meadows. A formal framework and evaluation method for network Denial of Service. In PCSF W: Proceedings ot the 12th Computer Security Foundation Workshop, 1999.
21. Jonathan K. Millen. A resource allocation model for Denial of Service. In Proceedings of the IEEE Symposium on Security and Privacy, pages 137-147, 1992.
22. Tim Moses. eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard, 2005.
23. Anthony Nadalin, Chris Kaler, Ronald Monzillo, and Phillip Hallam-Baker. Web Services Security: SOAP Message Security 1.1 (WS-Security 2004). 2006.
24. Giinter Schafer. Sabotageangriffe auf Kommunikationsstrukturen: Angriffstechniken und AbwehrmaBnahmen. PIK 28, pages 130-139, 2005.
25. Michiaki Tatsubori, Takeshi Imamura, and Yuhichi Nakamura. Best-practice patterns and tool support for configuring secure Web Services messaging. In ICWS '04: Proceedings of the IEEE International Conference on Web Services (ICws'04), page 244, Washington, DC, USA, 2004. IEEE Computer Society.