Abstract
Web services security is becoming a critical concern for any organization adopting the XML-based Web services approach to application integration. While many access control techniques for Web services are becoming available, several issues still need to be solved in order to correctly split the burden of securing Web services between the perime-tral and the service level. In this paper, a technique is presented able to make perimetral defences semantics-aware. Application-level semantics-aware firewalls enforce filtering rules directly on SOAP messages based on the nature of the services they request. Our semantics-aware firewalls rules are written using a flexible XML-based syntax that allows sharing metadata concepts with service level access control policies, supporting complex security policies that integrate perimetral defences with access control. Moreover, they can be quickly integrated into organizations’ existing infrastructure, deployed rapidly and scaled as needed. Also, they integrate easily with existing infrastructure and can be operated by current staff, potentially achieving a low total cost of ownership with respect to service level solutions.
Chapter PDF
Similar content being viewed by others
Keywords
- Access Control
- Access Control Policy
- Simple Object Access Protocol
- Remote Method Invocation
- Simple Object Access Protocol Message
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Atkinson, B. and et al. Web services security (ws-security), April 2002. http://msdn.microsoft.com/ws/2002/04/Security.
Box, D. and et al. Simple Object Access Protocol (SOAP) 1.1. World Wide Web Consortium (W3C), May 2000. http://www.w3.org/TR/SOAP.
Bray, T., Paoli, J., Sperberg-McQueen, C.M., and Maler, E. Extensible Markup Language (XML) 1.0 (Second Edition). World Wide Web Consortium (W3C), October 2000. http://www.w3.org/TR/REC-xml.
Brenton, C. and Hunt, C. Active Defense: A Comprehensive guide to network security. Sybex, 2001.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Controlling access to XML documents. IEEE Internet Computing, 5(6): 18–28, November/December 2001.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. A fine-grained access control system for XML documents. ACM Transactions on Information and System Security, 5(2):169–202, May 2002.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Securing SOAP e-services. International Journal of Information Security (IJIS), 1(2): 100–115, February 2002.
Damiani, E., De Capitani di Vimercati and Samarati, P. Towards Securing XML Web Services. In Proc. of the 2002 ACM Workshop on XML Security, Washington, DC, USA, November 2002.
Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P. and Berners-Lee, T. Hypertext Transfer Protocol-HTTP/1.1, June 1999. http://www.ietf.org/rfc/rfc2616.txt.
Graham, S. and et. al. Building Web Services with Java: Making Sense of XML, SOAP, WSDL, and UDDI. Sams Publishing, 2002.
Kudo, M.and Hada, S. XML Document Security and e-Business applications. In Proc. of the 7th ACM Conference on Computer and Communication Security, Athens, Greece, November 2000.
Mitra, N. SOAP Version 1.2 Part 0: Primer. World Wide Web Consortium (W3C), May 2002. http://www.w3.org/TR/soap12-part0/.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer Science + Business Media, Inc.
About this chapter
Cite this chapter
Cremonini, M., Damiani, E., Samarati, P. (2004). Semantics-Aware Perimeter Protection. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds) Data and Applications Security XVII. IFIP International Federation for Information Processing, vol 142. Springer, Boston, MA. https://doi.org/10.1007/1-4020-8070-0_17
Download citation
DOI: https://doi.org/10.1007/1-4020-8070-0_17
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4020-8069-2
Online ISBN: 978-1-4020-8070-8
eBook Packages: Springer Book Archive