CFP last date
20 January 2025
Reseach Article

Identifying SOA Security Threats using Web Mining

by Mohamed Ibrahim B, Mohamed Shanavas A R
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 120 - Number 4
Year of Publication: 2015
Authors: Mohamed Ibrahim B, Mohamed Shanavas A R
10.5120/21214-3929

Mohamed Ibrahim B, Mohamed Shanavas A R . Identifying SOA Security Threats using Web Mining. International Journal of Computer Applications. 120, 4 ( June 2015), 8-14. DOI=10.5120/21214-3929

@article{ 10.5120/21214-3929,
author = { Mohamed Ibrahim B, Mohamed Shanavas A R },
title = { Identifying SOA Security Threats using Web Mining },
journal = { International Journal of Computer Applications },
issue_date = { June 2015 },
volume = { 120 },
number = { 4 },
month = { June },
year = { 2015 },
issn = { 0975-8887 },
pages = { 8-14 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume120/number4/21214-3929/ },
doi = { 10.5120/21214-3929 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:07:10.552026+05:30
%A Mohamed Ibrahim B
%A Mohamed Shanavas A R
%T Identifying SOA Security Threats using Web Mining
%J International Journal of Computer Applications
%@ 0975-8887
%V 120
%N 4
%P 8-14
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The Service Oriented Architecture (SOA) became a dominant paradigm for enterprise computing. The web services are the implementation of SOA that works for heterogeneous platforms as they use common Internet protocols for communication and simple text format such as XML for data representation. The basic SOA architecture does not contain any security solution within it and the security is applied to SOA as an ad-hoc manner and also it depends on the internal architecture of the security products. There is no comprehensive security solution is achieved yet for SOA. This paper identifies the SOA security threats using the data mining technique –web mining. At the end of this paper, a customizable security solution for SOA in the form of framework is presented.

References
  1. Deven Shah and Dhiren Patel, "Architecture Framework Proposal for Dynamic and Ubiquitous Security in Global SOA," International Journal of Computer Science and Applications, Vol. 6, No. 1, pp. 40-52, 2009
  2. Dirk Krafzig, Karl Banke, Dirk Slama, "Enterprise SOA Service Oriented Architecture Best Practices," Pearson Education, Inc, USA, 2005
  3. Johnneth Fonseca, Zair Abdelouahab, Denivaldo Lopes and Sofiane Labidi, "A Security Framework for SOA Applications in Mobile Environment," International Journal of Network Security & Its Applications (IJNSA), Vol. 1, No. 3, pp. 90-107, 2009
  4. Hassan Reza, and Washington Helps, "Toward Security Analysis of Service Oriented Software Architecture," Proceedings of the 2011 International Conference on Software Engineering Research and Practice, Vol. II, 2011
  5. http://www. w3. org/TR/wsdl
  6. http://www. w3. org/TR/soap/
  7. Nayak, Richi. "Data mining in web services discovery and monitoring. " Web Services Research for Emerging Applications: Discoveries and Trends: Discoveries and Trends (2010): 270
  8. M. B. Juric, A. Sasa, B. Brumen, and I. Rozman, "WSDL and UDDI extensions for version support in web services," Elsevier at The Journal of Systems and Software, vol. 82, pp. 1326–1343, 2009
  9. Vorobiev, A. and Han, J. , "Security Attack Ontology for Web Services," Proceedings of the 2nd International Conference on Semantics, Knowledge and Grid (SKG'06), Guilin, China, 2006
  10. Esmiralda Moradian and Anne Hakansson, "Possible attacks on XML Web Services," IJCSNS International Journal of Computer Science and Network Security, Vol. 6, pp. 154-170, 2006
  11. Jeremy Epstein, Scott Matsumoto, Gray McGraw, "Software Security and SOA: Danger", IEEE Security & Privacy, Vol. 4, Issue 1, 2006, pp. 80-83
  12. Devanbu, Premkumar T. , and Stuart Stubblebine. "Software engineering for security: a roadmap. " Proceedings of the Conference on the Future of Software Engineering. ACM, 2000
  13. Johnson R. Burke, and Anthony J. Onwuegbuzie, "Mixed methods research: A research paradigm whose time has come," Educational Researcher 33. 7, 2004, pp. 14-26
  14. Tipnis, A. , and Lomelli, I. , "Security: A Major Imperative for a Service-Oriented Architecture – HP SOA Security Model and Security Assessment", HP Viewpoint Paper, 2009
  15. Jostein Jensen and Asmund Ahlmann Nyre, "SOA Security – An Experience Report," Proceedings of the Norwegian Information Security Conference (NISK), Trondheim, Norway, 2009, pp. 185-196
  16. Navya Sidharth and Jigang Liu, "IAPF: A Framework for Enhancing Web Services Security," 31st Annual International Computer Software and Applications Conference (COMPSAC 2007), 2007
  17. Bhavani Thuraisingham, "Secure Semantic Service Oriented Systems," Auerbach Publications (Taylor & Francis Group), USA, ISBN: 978-1-4200-7331-7
  18. Anu Soosan Baby, Deepu Raveendran, and Aswathy Josephine Joe, "A Study on Secure and Efficient Access Control Framework for SOA," International Journal of Computer Science and Telecommunications, Vol. 3, Issue 6, pp. 71-76, 2012
  19. Yamany, H. F. , and Capretz, L. F. , "Use of Data Mining to Enhance Security for SOA," Proceedings of the 3rd International Conference on Convergence and Hybrid Information Technology (ICCIT), IEEE, Vol. 1, 2008
  20. HP, "Securing web 2. 0: Are your Web Applications Vulnerable?" White-paper, Hewlett-Packard Development Company, L. P, 2007
  21. Jacqui Chetty and Marijke Coetzee, ?Towards An Information Security Framework For Service-oriented Architecture,? Information Security Conference, South Africa, IEEE ISBN: 978-1-4244-5494-5, 2010
  22. Böck, Heiko. "Restful web services. " The Definitive Guide to NetBean Platform 7. Apress, 2011. 345-352
  23. Belqasmi, Fatna, Roch Glitho, and Chunyan Fu. "RESTful web services for service provisioning in next-generation networks: a survey. " Communications Magazine, IEEE 49. 12 (2011): 66-73
  24. Oldooz Karimi, ?Security Model For Service-Oriented Architecture,? Advanced Computing: An International Journal (ACIJ), Vol. 2, No. 4, pp. 48-58, 2011
  25. Ramarao, K. and Prasad, C. "SOA Security," Manning Publication, 2008
  26. Candolin Catharina, ?A Security Service for Service Oriented Architectures?, Proceeding of Military Communications Conference (MILCOM), Florida, 2007
  27. Amrit Tiwana, "Web Security," Digital Press, USA, 1999 (ISBN: 9781555582104)
  28. MSDN Library, "Chapter 2: Threats and Countermeasures for Web Services", Patterns & Practices, Microsoft (Referred on Nov 2011)
  29. Matthew Tanase , "IP Spoofing: An Introduction," White-paper, SecurityFocus, 2003
  30. Garfinkel, S. and Spafford, G. , "Web Security, Privacy & Commerce," 2nd Edition, O'Reilly Media Inc. , 2002
  31. McClure, S. and Shah, S. , "Web Hacking: Attacks and Defense," Pearson Education Inc. , 2002
  32. Lindstrom, P. , "Attacking and Defending Web Services", White-paper, Spire Security, 2004
  33. Demchenko, Y. , "Attacks on Web Services and Grids", White paper, 2004. (http://www. uazone. org/demch/ analytic/draft-grid-security-incident-02. pdf, Referred on Nov 2013)
  34. Fitzgerald, J. Dennis, A. "Business Data Communications and Networking," John Wiley and Sons, 2002
  35. Shema, M. "HackNotes: Web Security Portable Reference," McGraw Hill Professional, 2003
  36. Fengyu Zhao, Xin Peng, and Wenyun Zhao, "Multi-Tier Security Feature Modeling for Service-Oriented Application Integration," 8th IEEE/ACIS International Conference on Computer and Information Science (ICIS 2009), Shanghai, China, 2009
  37. WG Halfond, Jeremy Viegas, and Alessandro Orso, "A Classification of SQL-injection Attacks and Countermeasures," Proceedings of the IEEE International Symposium on Secure Software Engineering, Arlington, VA, USA, 2006
  38. Nuno Antunes, Nuno Laranjeiro, Marco Vieira, and Henrique Madeira, "Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services," IEEE International Conference on Services Computing (SCC '09), 2009
  39. Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna, "Cross-site scripting prevention with dynamic data tainting and static analysis," Citeseer, 2007
  40. Srirama, S. N. , Jarke, M. and Prinz, W. , "Security Analysis of Mobile Web Service Provisioning," International Journal of Internet Technology and Secured Transactions, 2007
  41. Abdallah Ghourabi, Tarek Abbes, and Adel Bouhoula, "Experimental analysis of attacks against web services and countermeasures," Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services, 2010, pp. 195-201
  42. Danish Jamil and Hassan Zaki, "Security Implication of SOAP and Web-Service Interface to the Cloud Computing System," International Journal of Engineering Science and Technology (IJEST), ISSN : 0975-5462 Vol. 3 No. 4, 2011
  43. Stuart McClure, Joel Scambray, and George Kurtz, "Hacking Exposed: Network Security Secrets & Solutions," 7th Edition, McGraw Hill Professional, 2012
  44. Candolin, C. and Kiviharju, M. , "A roadmap towards content based information security," The 6th European Conference on Information Warfare and Security, Shrivenham, UK, 2007
  45. Torry Harris Business Solutions Inc. , White-paper, "Migration and Security in SOA", University of Leeds, 2009
  46. Phan, Cecilia. "Service oriented architecture (soa)-security challenges and mitigation strategies. " Military Communications Conference, 2007. MILCOM 2007. IEEE. IEEE, 2007
  47. Andr´e Miede, Nedislav Nedyalkov, Dieter Schuller, Nicolas Repp, and Ralf Steinmetz, "Cross-organizational Security – The Service-oriented Difference," International Conference on Service Oriented Computing, Springer (ISBN: 978-3-642-16131-5), pp. 72-81, 2010
  48. Taylor, Richard N. , Nenad Medvidovic, and Eric M. Dashofy, "Software Architecture: Foundations, Theory, and Practice," Wiley Publishing, 2009
  49. Reza, Hassan, and Emanuel Grant, "Quality-oriented Software Architecture," Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC), Vol. 1, IEEE, 2005
Index Terms

Computer Science
Information Sciences

Keywords

SOA Security Web Services SOAP Data Mining Web Mining WSDL REFTful Web Services