CFP last date
20 December 2024
Reseach Article

Architectural Framework for Secure Composite Web Services

by J. G. R. Sathiaseelan
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 76 - Number 1
Year of Publication: 2013
Authors: J. G. R. Sathiaseelan
10.5120/13211-0592

J. G. R. Sathiaseelan . Architectural Framework for Secure Composite Web Services. International Journal of Computer Applications. 76, 1 ( August 2013), 18-23. DOI=10.5120/13211-0592

@article{ 10.5120/13211-0592,
author = { J. G. R. Sathiaseelan },
title = { Architectural Framework for Secure Composite Web Services },
journal = { International Journal of Computer Applications },
issue_date = { August 2013 },
volume = { 76 },
number = { 1 },
month = { August },
year = { 2013 },
issn = { 0975-8887 },
pages = { 18-23 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume76/number1/13211-0592/ },
doi = { 10.5120/13211-0592 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T21:44:47.181444+05:30
%A J. G. R. Sathiaseelan
%T Architectural Framework for Secure Composite Web Services
%J International Journal of Computer Applications
%@ 0975-8887
%V 76
%N 1
%P 18-23
%D 2013
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The exorbitant growth in the field of web services technology has challenged the web developers, vendors and researchers to design and development a variety of enterprise web applications for diverse organizations. Since, security is considered to be an essential part in the development of web applications, web services security has also become an emerging trend in Web services technology. Even though there has been considerable amount of research work carried out in these areas, there is no solid scheme offered so far to build a secure academic-oriented web application. Hence, a novel architectural framework is intended solely for the academic institutions with the aim of providing efficient and secure composite web services for the web users. The concept of multi-level security is also included in the proposed framework to handle various security concerns at different levels.

References
  1. Len Bass, Paul Clements and Rick Kazman, "Software Architecture in Practice", Pearson Education, Second Edition, 2004.
  2. M. Shaw and D. Garlan, "Software Architecture: Perspectives on an Emerging Discipline", Prentice-Hall of India Private Limited, New Delhi, 2007
  3. AthulaGinige and San Murugesan, "Web Engineering: A Methodology for Developing Scalable, Maintainable Web Applications", Cutter IT Journal, Vol. 14, No. 7, Pages 24-35, July 2001
  4. S. Murugesan, Y. Deshpande, S. Hansen and A. Ginige, "Web Engineering: A New Discipline for Development of Web-based Systems, Proceedings of the First ICSE Workshop on Web Engineering", International Conference on Software Engineering, Los Angeles, May 1999.
  5. A. Ginige and S. Murugesan, "Web Engineering: An Introduction", IEEE Multimedia, vol. 8, no. 1, pp. 14-18, Jan. –Mar. 2001.
  6. Y. Deshpande, S. Murugesan, A. Ginige, S. Hansen, , D. Schwabe, M. Gaedke, and B. White, "Web Engineering", Journal of Web Engineering, vol. 1, no. 1, pp 3-17, 2002.
  7. A. Ginige and S. Murugesan, "The Essence of Web Engineering – Managing the Diversity and Complexity of Web Application Development", IEEE Multimedia, vol. 8, no. 2, pp. 22-25, Apr. –Jun. 2001.
  8. A. Ginige, "Web Engineering: Managing the Complexity of Web Systems Development", Proceedings of SEKE 02,Ischia, Italy, ACM Press, July 2002.
  9. J. G. R. Sathiaseelan, S. Albert Rabara and J. Ronald Martin, "Multi-Level Secure Framework (MLSF) for Composite Web Services", In Proceedings of the ACM International Conference on Computer Sciences and Convergence Information Technology (ICCIT „09), vol. 2, pp. 580-585, Seoul, South Korea, 2009.
  10. Hitesh Ballani, Paul Francis and Xinyang Zhang, A Study of Prefix Hijacking and Interception in the Internet, SIGCOMM'07, ACM, Kyoto, Japan,27-31, August2007.
  11. Song Han, Wanquan Liu, Elizabeth Chang, Deniable Authentication Protocol Resisting Man-in-the-Middle Attack, World Academy of Science, Engineering and Technology 3 2005.
  12. J. G. R. Sathiaseelan, S. Albert Rabara and J. Ronald Martin, "Multi-Level Secure Architecture for Distributed Integrated Web Services", In Proceedings of 2010 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT '10), vol. 8, pp. 180-184, Chengdu, China, 9 -11 July2010.
  13. Daryl McCullough, "A Hookup Theorem for Multilevel Security", IEEE Transactions on Software Engineering, Vol. 16, No. 6, June 1990.
  14. Timothy E. Levin, Cynthia E. Irvine, Clark Weissman and Thuy D. Nguyen "Analysis of Three Multilevel Security Architectures",CSAW'07,Fairfax, Virginia, USA, ACM, November 2007.
  15. OASIS, "Web Services Security: SOAP Message Security". WSS TC Working Draft, August 2003.
  16. BEA et al. "Web Services Trust Language (WS-Trust)", May, 2004.
  17. IBM, "Web Services Federation Language, (WS-Federation)", July 8, 2003.
  18. Yanjiang Yang, Robert H. Dengand FengBao, "A Practical Password-Based Two-Server Authentication and Key Exchange System", IEEE Transactions on Dependable and Secure Computing, Vol. 3, No. 2, April-June 2006.
  19. Steven M. Bellovin and Michael Merritt, "Encrypted Key Exchange: Password-Based Protocols Secure against Dictionary Attacks", Proc. IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992
  20. S. M. Bellovin and M. Merritt, "Augmented Encrypted Key Exchange: A Password-Based Protocol Secure against Dictionary Attacks and Password File Compromise", Proceedings of the 1st Annual Conference on Computer and Communications Security, pp. 244-250, ACM1993.
  21. Shuhua Wu and Yuefei Zhu, "Efficient Solution to Password-based Key Exchange for Large Groups", Journal of Networks, Vol. 4, No. 2, pp. 244-250, April 2009.
  22. Douglas Stebila, PoornaprajnaUdupi and Sheueling Chang, "Multi-Factor Password-Authenticated Key Exchange", CRPIT, Vol. 105, No. 2, pp. 56-66, Information Security 2010.
  23. R. S. Sandhu, "Lattice-Based Access Control Models", IEEE Computer, Vol. 26, No. 11, pp. 9-19, 1993.
  24. Ravi S. Sandhu and Pierangela Samarati, "Access Control: Principles and Practice", IEEE Computer, Vol. 29, No. 2, pp. 40-48, 1996
  25. SomeshJha, Mahesh Tripunitara, Qihua Wang, and William H. Winsborough, "Toward Formal Verification of Role-Based Access Control Policies", IEEE Transactions on Dependable and Secure Computing, Vol. 5, No. 4, 2008.
  26. DavidF. Ferraiolo and D. Richard Kuhn, "Role-Based Access Control", Proc. 15th National Computer Security Conference, pp. 554 – 563, 1992.
  27. Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein and Charles E. Youman, "Role-Based Access Control Models", IEEE Communications Magazine, Vol. 29, No. 2, pp. 38-47, 1994.
  28. G. H. Hwang, Y. H. Chang and T. K. Chang, "An Operational Model and Language Support for Securing Web Services", IEEE International Conference on Web Services (ICWS), 2007.
  29. Wei She, I-Ling Yen and Bhavani Thuraisingham, "Enhancing Security Modeling for Web Services using Delegation and Pass-on",IEEE International Conference on Web Services (ICWS), 2008.
  30. Joachim Biskup, Barbara Carminati, Elena Ferrari, Frank Muller and Sandra Wortmann, "Towards Secure Execution Orders for Composite Web Services" ,IEEE International Conference on Web Services (ICWS), 2007.
  31. Masahiro Tanaka, Toru Ishida, Yohei Murakami and Satoshi Morimoto, "Service Supervision: Coordinating Web Services in Open Environment", IEEE International Conference on Web Services (ICWS), 2009.
  32. Stephanie Chollet and Philippe Lalanda, "An Extensible Abstract Service Orchestration Framework", IEEE International Conference on Web Services (ICWS), 2009.
Index Terms

Computer Science
Information Sciences

Keywords

Software Architecture Web Engineering Composite Web Services Multi-level Security