Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services

Masood, Adnan

doi:10.1109/ths.2013.6698966

Cited by 15 publications

(10 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The information specified by a WSDL interface reveals sensitive information, which allows the attacker to launch other attacks . Metadata spoofing: This attack is aimed to reengineer the web service's metadata descriptions . Attack obfuscation: It uses XML encryption to mask message content from being inspected by the firewall or IDS. These encrypted contents can be used to launch other attacks such as oversize payload, coercive parsing or XML injection, and encryption . Business Process Execution Language (BPEL) state deviation attack: BPEL engine can provide the web service endpoints, which accept the service request. Each BPEL process has more than one process instance; thus, the endpoints will be able to accept the request messages at all times.…”

Section: Attacks On the Cloud Componentsmentioning

confidence: 99%

“…• Attack obfuscation: It uses XML encryption to mask message content from being inspected by the firewall or IDS. These encrypted contents can be used to launch other attacks such as oversize payload, coercive parsing or XML injection, and encryption [64]. • Business Process Execution Language (BPEL) state deviation attack: BPEL engine can provide the web service endpoints, which accept the service request.…”

Section: • Web Services Description Language (Wsdl)mentioning

confidence: 99%

See 1 more Smart Citation

A survey and taxonomy of DoS attacks in cloud computing

Màsdàrí

Jalali

2016

Security Comm. Networks

View full text Add to dashboard Cite

Denial‐of‐service (DoS) attacks are one of the major security challenges in the emerging cloud computing models. Currently, numerous types of DoS attacks are conducted against the various cloud services and resources, which target their availability, service level agreements, and performance. This paper presents an in‐depth study of the various types of the DoS attacks proposed for the cloud computing environment and classifies them based on the cloud components or services, which they target. Besides, it provides a comprehensive analysis of the vulnerabilities utilized in these DoS attacks and investigates about the state‐of‐the‐art solutions presented in the literature to prevent, detect, or deal with each kind of DoS attacks in the cloud. Finally, it presents open research issues. Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Attacks On the Cloud Componentsmentioning

confidence: 99%

Section: • Web Services Description Language (Wsdl)mentioning

confidence: 99%

A survey and taxonomy of DoS attacks in cloud computing

Màsdàrí

Jalali

2016

Security Comm. Networks

View full text Add to dashboard Cite

show abstract

“…The Web service interfaces are public by nature, so different software can use the services for the purpose of integration to share data/knowledge. Due to the public interface of Web services, there are threats to user authentication, authorization, and data integrity [12,21,22]. To avoid suspected aforementioned threats over public network, SSM and XML security modules are integrated with Web service.…”

Section: Web Service Clientmentioning

confidence: 99%

“…The Encryption Key remains valid between BLL and data layer/KLP until the termination of session. The Client Public Key is used to validate the digital signature of the client, in order to check the client verification and XML document validation [22].…”

Section: Profiling Agentmentioning

confidence: 99%

See 1 more Smart Citation

IoT-enabled Web warehouse architecture: a secure approach

Mehmood

Shaikh

Bie

et al. 2015

Pers Ubiquit Comput

View full text Add to dashboard Cite

Web warehouse (WWh) has overcome the geographical dependencies of data warehouse. With the rapid development of WWh, decision makers (humans) and intelligent devices are able to remotely retrieve the information for supporting the effective decision-making process. This paper presents a secure Web service-oriented architecture of the WWh. The proposed architecture provides the better scalability, availability of WWh, and secure analytical service for human and Internet of Things for effective decision making. In addition, the service-oriented architecture of WWh integrates intelligent devices for the process of decision making. The proposed architecture uses XML-based Web services to provide authentication, authorization, and data confidentiality and integrity. Experiments show that the proposed architecture is more reliable, scalable, and secure.

show abstract

Electro search optimization based long short‐term memory network for mobile malware detection

Shanmugam

Venkateswaralu²,

Rajalakshmi

et al. 2022

Concurrency and Computation

View full text Add to dashboard Cite

Mobile malware is malicious software designed specifically for targeting various mobile gadgets like tablets, smartphones, and so forth, in which any type of malicious code affecting the mobile devices without the knowledge of the user. The increasing number of users encourages the hacker for generating various malware applications. Therefore, in this paper, we utilized three vital phases namely the pre‐processing process, Feature extraction process as well as classification process in which the malicious data are detected. In the pre‐processing phase, an Androguard tool is used for decompiling and disassembling the android applications. The API call features are extracted in the feature extraction phase and in the classification phase, long short term memory based electro search optimization (LSTM‐ESO) is employed to detect the unknown mobile applications as benign or malicious. The malicious mobile detecting accuracy deals in requesting permission and exhibiting malicious code applications. In order to enhance the identification of various malware applications, this paper utilized frequency analysis and permissions of API calls. Finally, the experimental analysis is performed by evaluating the performance measures like accuracy, precision, recall, and F‐measure. From the evaluation outcome, it is observed that the classification accuracy obtained is 97.69%.

show abstract

Cyber security for service oriented architectures in a Web 2.0 world: An overview of SOA vulnerabilities in financial services

Cited by 15 publications

References 14 publications

A survey and taxonomy of DoS attacks in cloud computing

A survey and taxonomy of DoS attacks in cloud computing

IoT-enabled Web warehouse architecture: a secure approach

Electro search optimization based long short‐term memory network for mobile malware detection

Contact Info

Product

Resources

About