Multi-Level Secure Framework (MLSF) for composite web services

Sathiaseelan, J. G. R.; Rabara, S. Albert; Martin, Jeremy

doi:10.1145/1655925.1656030

Cited by 5 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another example is work in [27], and he proposed an architectural framework for secure composite web services using multi-level security concept. Number of security features such as authentication, data confidentiality, data integrity, and authorization are provided.…”

Section: Related Workmentioning

confidence: 99%

“…The SecureITree application provides a tool to assess threats from an adversary's perspective. It uses an attack-tree method for assessing how an asset can be attacked by an attacker, what harm he does with his attack, and what measures need to be taken to become immune to that attack [27]. Each category of threats that has been identified in the previous section may include further possible threats.…”

Section: Crescent Threat Analysismentioning

confidence: 99%

See 1 more Smart Citation

CRESCENT+: a self-protecting framework for reliable composite web service delivery

et al. 2018

View full text Add to dashboard Cite

One way to ensure reliable and secure composite web service delivery is by making them autonomous (i.e., become selfmanaging services, where they can be self-organizing, self-healing, self-optimizing, and self-protecting). The CRESCENT framework was previously proposed towards achieving such vision. It managed to satisfy the first three properties, but did not handle the self-protection property. To overcome such limitation, this paper extends CRESCENT and proposes CRES-CENT+; a self-protecting framework for reliable composite web service delivery. This is done by performing vulnerability analysis to identify CRESCENT weaknesses, then performing a STRIDE-based threat analysis to identify possible attacks on CRESCENT, and finally proposing different solutions and countermeasures to be integrated into CRESCENT to overcome such problems. Experimental results show that CRESCENT+ increased the reliability of the CRESCENT framework trading off the overall throughput. However, we argue that such loss in the overall throughput is still acceptable as a price for having autonomous composite web services; especially, the obtained overall throughput is still higher than existing industrial standards.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Crescent Threat Analysismentioning

confidence: 99%

CRESCENT+: a self-protecting framework for reliable composite web service delivery

et al. 2018

View full text Add to dashboard Cite

show abstract

“…Such proposals have been mostly intended for the secure enterprise web services but with some significant limitations. In this context, the design and development of Multi-Level Secure Framework (MLSF) for Composite Web Services [9] has become the pioneer model and an extended version of this proposal is presented [12].An enhanced model from the earlier versions is presented as a novel architectural framework in this paper. It is meant exclusively for the academic-related composite web services with multilevel security.…”

Section: Related Workmentioning

confidence: 99%

“…Nevertheless, there has been no attempt made so far towards the development of academic-related web application. Such a situation has motivated us greatly to develop a framework [9] for academic-related web services. While providing several benefits, web services technology has been facing serious threats like prefix hijacking and interception [10] in the Internet due to a man-in-the-middle attack [11].…”

Section: Introductionmentioning

confidence: 99%

Architectural Framework for Secure Composite Web Services

Sathiaseelan¹

2013

IJCA

View full text Add to dashboard Cite

The exorbitant growth in the field of web services technology has challenged the web developers, vendors and researchers to design and development a variety of enterprise web applications for diverse organizations. Since, security is considered to be an essential part in the development of web applications, web services security has also become an emerging trend in Web services technology. Even though there has been considerable amount of research work carried out in these areas, there is no solid scheme offered so far to build a secure academic-oriented web application. Hence, a novel architectural framework is intended solely for the academic institutions with the aim of providing efficient and secure composite web services for the web users. The concept of multi-level security is also included in the proposed framework to handle various security concerns at different levels.

show abstract

“…Although the types may be related, our implementation publishes them as separate, independent services. Clients then reference these services directly [11].…”

Section: Service Provisionmentioning

confidence: 99%

Efficient and Secure Web Services by using Multi Agents

Esfandi¹

2012

IJCA

View full text Add to dashboard Cite

Mobile agents are an excellent technology for implementing Web services. Within a set of federated Web services, mobile agents can reduce bandwidth requirements and mitigate the effects of high-latency network connections. This paper presents a model for implementing Web services with mobile agents where agents are free to move between cooperating Web servers to implement the service functionality.Also for increasing security of web services, we illustrate a novel distributed protocol for multi agent environments. In this approach, the encrypted private key and the message are broken into different parts carrying by different agents, which make it difficult for malicious entities to mine the private key for message encryption, while the private key for the encrypted key is allocated on the predetermined destination nodes. On the other hand, all of the previously proposed encryption algorithms can be applied in the proposed approach that deteriorates the key discovery process. To improve the overall security, the paper makes use of Advanced Encryption Standard (AES) as the encryption base for message encryption.Our mobile agent Web services present typical WSDL interfaces, so mobile agent functionality can be consumed from legacy clients, and federated services can be gradually migrated to a mobile agent implementation. General TermsMulti agent, Cryptographic Protocol, Mobile Agents, Security, and Web services et. al.

show abstract

Multi-Level Secure Framework (MLSF) for composite web services

Cited by 5 publications

References 4 publications

CRESCENT+: a self-protecting framework for reliable composite web service delivery

CRESCENT+: a self-protecting framework for reliable composite web service delivery

Architectural Framework for Secure Composite Web Services

Efficient and Secure Web Services by using Multi Agents

Contact Info

Product

Resources

About