Protecting Web Services from DoS Attacks by SOAP Message Validation

View Related Documents

Journal Article
A survey of attacks on web services
Classification and countermeasures
Meiko Jensen, Nils Gruschka and Ralph Herkenhöner
Computer Science - Research and Development, 2009, Volume 24, Number 4, Pages 185-197
- Download PDF (378.2 KB)
Book Chapter
Semantic Web Services
2008, Modeling Semantic Web Services, I, Pages 9-21
- Download PDF (258.6 KB)
Book Chapter
Soya: A Programming Model and Runtime Environment for Component Composition Using SSDL
Patric Fornasier, Jim Webber and Ian Gorton
Lecture Notes in Computer Science, 2007, Volume 4608, Component-Based Software Engineering, Pages 227-241
- Download PDF (329.6 KB)
Book Chapter
An Adaptive Multi-agent Solution to Detect DoS Attack in SOAP Messages
Cristian I. Pinzón, Juan F. De Paz, Javier Bajo and Juan M. Corchado
Advances in Intelligent and Soft Computing, 2009, Volume 63, Computational Intelligence in Security for Information Systems, Pages 77-84
- Download PDF (234.6 KB)
Book Chapter
Protecting Global SOA from DoS and Other Security Threats
Deven Shah, Ashish Mangal, Mayank Agarwal, Mahendra Mehra and Tushar Dave, et al.
Lecture Notes in Computer Science, 2009, Volume 5576, Advances in Information Security and Assurance, Pages 652-661
- Download PDF (562.1 KB)
Book Chapter
SOAP Web Services
2009, Beginning Java™ EE 6 Platform with GlassFish™ 3, Pages 393-427
- Download PDF (339.9 KB)
Book Chapter
Exploring XML Perturbation Techniques for Web Services Testing
Paulo Silveira and Ana C. V. de Melo
Lecture Notes in Computer Science, 2009, Volume 5648, Web Engineering, Pages 355-369
- Download PDF (254.1 KB)
Book Chapter
Web Services Protocols
Computer Communications and Networks, 2009, From P2P and Grids to Services on the Web, IV, Pages 269-290
- Download PDF (2.7 MB)
Book Chapter
Web Services
2007, Enabling Semantic Web Services, Part I, Pages 37-54
- Download PDF (497.9 KB)
Book Chapter
Communicating with XML
2007, Beginning JSP, JSF, and Tomcat Web Development, Pages 181-210
- Download PDF (370.8 KB)

Abstract

Though Web Services become more and more popular, not only inside closed intranets but also for inter-enterprise communications, few efforts have been made so far to secure a Web Service’s availability. Existing security standards like e.g. WS-Security only address message integrity and confidentiality, and user authentication and authorization. In this article we present a system for protecting Web Services from Denial-of-Service (DoS) attacks. DoS attacks often rely on misformed and/or overly long messages that engage a server in resource-consuming computations. Therefore, a suitable means to prevent such kinds of attacks is the full grammatical validation of messages by an application level gateway before forwarding them to the server. We discuss specific kinds of DoS attacks against Web Services, show how message grammars can automatically be derived from formal Web Service descriptions (written in the Web Service Description Language), and present an application level gateway solution called “Checkway” that uses these grammars to filter Web service messages. The paper closes by giving some performance figures for full grammatical validation.

Fulltext Preview

Image of the first page of the fulltext document

Frequently asked questions General info on journals and books Send us your feedback Impressum Contact us

SpringerLink

Protecting Web Services from DoS Attacks by SOAP Message Validation

View Related Documents

Abstract

Fulltext Preview