Web Services Security Assessment: An Authentication-Focused Approach

Abstract : Web services may be able to publish easily their functions to the rest of the web world. At the same time they suffer by several security pitfalls. Currently, there is limited research on how the proposed web-services security countermeasures affect performance and applicability. In this paper, we introduce the threats/attacks vs. web-services authentication, present the most widely used security method for protecting it, and identify the threats/attacks tackled by those methods. Moreover, we evaluate the web service authentication mechanism proposed in these implementations, not only on a theoretical level (by taking into consideration all the security issues of the implementing authentication sub-mechanisms), but also in a laboratory environment (by conducting extensive experiments). Finally we demonstrate the trade-offs between sophisticated web-service security methods and their performance.
Type de document :
Communication dans un congrès
Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.561-566, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_49〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01518251
Contributeur : Hal Ifip <>
Soumis le : jeudi 4 mai 2017 - 13:45:44
Dernière modification le : jeudi 4 mai 2017 - 14:53:52
Document(s) archivé(s) le : samedi 5 août 2017 - 13:12:28

Fichier

978-3-642-30436-1_49_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Yannis Soupionis, Miltiadis Kandias. Web Services Security Assessment: An Authentication-Focused Approach. Dimitris Gritzalis; Steven Furnell; Marianthi Theoharidou. 27th Information Security and Privacy Conference (SEC), Jun 2012, Heraklion, Crete, Greece. Springer, IFIP Advances in Information and Communication Technology, AICT-376, pp.561-566, 2012, Information Security and Privacy Research. 〈10.1007/978-3-642-30436-1_49〉. 〈hal-01518251〉

Partager

Métriques

Consultations de la notice

133

Téléchargements de fichiers

42