Advertisement

Technical analysis on security realization in web services for e-business management

  • Priyadharshini MuthukrishnanEmail author
  • V. Sakthivel
  • Baskaran Ramachandran
  • K. Srihari
Original Article
  • 16 Downloads

Abstract

The web service is proved to be one of significant milestone in the evolution of distributed computing. Applications interoperate with programs providing simple services to deliver sophisticated value-added services. Web service proves to be a loosely coupled way of achieving complex operations with less ownership of the resources in a standard way. Variety of platforms and frameworks communicate with the aim of transferring the business intelligence, domain specific functionalities and so on. The communication between the server providing the service and the client revolves around two main web technologies such as World Wide Web, and Hyper Text Transfer Protocol. As specified earlier web service invocation is achieved due to collaboration of multiple entities on the web. The quality of service factors such as performance, reliability, security, response time, availability etc., are very important to enable this web service invocation. Among which security proves to be a challenging factor due to vulnerabilities in the web that is imposed on the usage of numerous methods, tools and technologies. In the same pace, numerous standards and mechanisms has been introduced to handle the security threats. It is found to be difficult to arrive at a complete solution or standard to address the security issues of web services. As an initiative to provide a broader perspective on security of web services the review presented could provide glimpses of security vulnerabilities and solutions available.

Keywords

Web service Quality of service (QoS) Web service security Distributed computing 

Notes

References

  1. Agalya A, Nagaraj B (2013) Certain investigation on concentration control of CSTR—a comparative approach. Int J Adv Soft Comput Appl 5(2):1–14Google Scholar
  2. Ahn G, Hu H (2007) Realizing a formal RBAC model in real system. In: Twelfth ACM symposium on Access control models and technologies, pp 200–224Google Scholar
  3. Balakrishnan N, Nisi K (2018) A deep analysis on optimization techniques for appropriate PID tuning to incline efficient artificial pancreas. Neural Comput Appl.  https://doi.org/10.1007/s00521-018-3687-7 Google Scholar
  4. Balakrishnan N, Rajendran A, Palanivel K (2019) Meticulous fuzzy convolution C means for optimized big data analytics: adaptation towards deep learning. Int J Mach Learn Cybern.  https://doi.org/10.1007/s13042-019-00945-2 Google Scholar
  5. Barringer H, Havelund K (2011) Trace contract: a Scala DSL for trace analysis. In: Seventeenth international symposium on formal methods, pp 57–72Google Scholar
  6. Barringer H, Rydeheard DE, Havelund K (2010a) Rule systems for run-time monitoring: from Eagle to RuleR. J Log Comput 20(3):675–706CrossRefGoogle Scholar
  7. Barringer H, Groce A, Havelund K, Smith M (2010b) Formal analysis of log files. J Aerosp Comput Inf Commun 7(11):365–390CrossRefGoogle Scholar
  8. Carlo G, Guinea S (2007) In test and analysis of web services. Springer, Berlin, pp 237–264Google Scholar
  9. De Backere F, Hanssens B, Heynssens R, Houthooft R, Zuliani A, Verstichel S, Dhoedt B, De Turck F (2014) Design of a security mechanism for RESTful Web Service communication through mobile clients. In: Network operations and management symposium, pp 1–6Google Scholar
  10. Dierks T, Allen C (1999) The TLS Protocol Version 1.0; Internet RFC 2246. http://tools.ietf.org/html/rfc2246. Jan 1999
  11. Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Sink E, Stewart L (1999) HTTP authentication: basic and digest access authentication. Internet RFC 2617. ftp://ftp.isi.edu/in-notes/rfc2617.txt. June 1999
  12. Gajek S, Liao L, Moller B, Schwenk J (2008) SSL-over-SOAP: towards a token-based key establishment framework for web services. Emerg Web Serv Technol 2:141–157Google Scholar
  13. Halle S, Villemaire R (2012) Runtime enforcement of web service message contracts with data. IEEE Trans Serv Comput 5(2):192–206CrossRefGoogle Scholar
  14. Havelund K (2014) Data automata in Scala. In: Theoretical aspects of software engineering conference, pp 1–9Google Scholar
  15. Havelund K (2014) Monitoring with data automata. In: Sixth international symposium on leveraging applications of formal methods, verification and validation, pp 254–273Google Scholar
  16. Havelund K (2014c) Rule-based runtime verification revisited. Int J Softw Tools Technol Transf 17(2):143–170CrossRefGoogle Scholar
  17. Kristol D, Montulli L (2000) HTTP state management mechanism; Internet RFC 2965. http://tools.ietf.org/html/rfc2965. Oct 2000
  18. Li J, Karp AH (2007) Access control for the service oriented architecture. In: ACM workshop on secure web services, pp 9–17Google Scholar
  19. Liu W, Li Y (2010) Research and implementation based on web services security model. In: International conference on innovative communication and Asia-Pacific conference on information technology and ocean engineering, pp 129–132Google Scholar
  20. Messaoud B, Douri O (2013) Road to a secure Web service exchange. In: Security Days (JNS3), vol 26, no 27, 1–6Google Scholar
  21. Mitchell JC, Shmatikov V, Stern U (1998) Finite-state analysis of SSL 3.0. In: seventh conference on USENIX Security Symposium, San Antonio, Texas, pp 16–19Google Scholar
  22. Nisi K, Nagaraj B, Agalya A (2018) Tuning of a PID controller using evolutionary multi objective optimization methodologies and application to the pulp and paper industry. Int J Mach Learn Cybern 10:2015–2025CrossRefGoogle Scholar
  23. OASIS XACML committee (2011) http://www.oasisopen.org/committees/xacml/. 5 June 2011
  24. OAuth 2.0 Open Authorization standard (2018). https://oauth.net/2/
  25. Paulson LC (1999) Inductive analysis of the internet protocol TLS. ACM Trans Comput Syst Secur 2(3):332–351CrossRefGoogle Scholar
  26. Priyadharshini M, Baskaran R, Srinivasan MK, Rodrigues P (2011) A framework for securing web services by formulating an collaborative security standard among prevailing WS-* security standards. In: International conference on advances in computing and communications, Kochi, Kerala, pp 269–283Google Scholar
  27. Priyadharshini M, Baskaran R, Balaji N, Saleem Basha MS (2013) Analysis on countering XML-based attacks in web services. Int Rev Comput Softw 8(9):2197–2204Google Scholar
  28. Schneier B, Wagner D (1996) Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce, Oakland, California, pp 29–40Google Scholar
  29. Sethuramalingam TK, Nagaraj B (2014) A comparative approach on PID controller tuning using soft computing techniques. Int J Innov Sci Eng Res (IJISER) 1(12):460–465Google Scholar
  30. Sethuramalingam TK, Nagaraj B (2016) A proposed system of ship trajectory control using particle swarm optimization. Procedia Comput Sci 87:294–299CrossRefGoogle Scholar
  31. Simmonds J, Gan Y, Chechik M, Nejati S, O’Farrell B, Litani E, Waterhouse J (2009) Runtime monitoring of web service conversations. IEEE Trans Serv Comput 2(3):223–244CrossRefGoogle Scholar
  32. Sinha S, Sinha SK, Purkayastha BS (2010) Security issues in web services. Assam Univ J Sci Technol 5(2):134–140Google Scholar
  33. Spyridon P, Giorgos V, Despina P (2008) A holistic anonymity framework for web services. In: First international conference on pervasive technologies related to assistive environments, pp 381–388Google Scholar
  34. Sylvain H (2011) Causality in message-based contract violations: a temporal logic “Whodunit”. In: Fifteenth international conference on enterprise distributed object computing conference, pp 171–180Google Scholar
  35. Systique H (2019) Securing RESTful web services using spring and OAuth 2.0. https://www.hsc.com/Portals/0/Uploads/Articles/WP_Securing_RESTful_WebServices_Oauth2635406646412464000.pdf
  36. Tihomirovs Juris, Grabis Janis (2016) Comparison of SOAP and REST based web services using software evaluation metrics. Inf Technol Manag Sci 19(1):92–97Google Scholar
  37. Web Services Security: SOAP Message Security 1.0 2004, OASIS Standard. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0. 1 Mar 2004
  38. Web Services Security Kerberos Token profile 1.1 OASIS 2009 http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf. 20 Apr 2009
  39. Web Services Security Username token profile 1.0 2004. http://docs.oasis-open.org/was/2004/01/oasis-200401-was-username-token-profile-1.0.pdf. 1 Mar 2004
  40. Web Services Security X.509 Certificate Token profile 1.1 OASIS. http://www.oasis-open.org/committeesdownload.php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf. 20 Apr 2009
  41. Yarygina T (2017) RESTful is not secure. In: International conference on applications and techniques in information security, Auckland, New Zealand, pp 141–153Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  • Priyadharshini Muthukrishnan
    • 1
    Email author
  • V. Sakthivel
    • 1
  • Baskaran Ramachandran
    • 2
  • K. Srihari
    • 3
  1. 1.Department of Computer Science and EngineeringKPR Institute of Engineering and TechnologyCoimbatoreIndia
  2. 2.Department of Computer Science and EngineeringAnna UniversityChennaiIndia
  3. 3.Department of Computer Science and EngineeringSNS College of EngineeringCoimbatoreIndia

Personalised recommendations