Article

SOA and Web Services: New Technologies, New Standards - New Attacks

Authors:

Meiko Jensen,

Nils Gruschka,

Ralph Herkenhoner,

Norbert LuttenbergerAuthors Info & Claims

ECOWS '07: Proceedings of the Fifth European Conference on Web Services

Pages 35 - 44

https://doi.org/10.1109/ECOWS.2007.24

Published: 26 November 2007 Publication History

Publisher Site

Abstract

Being regarded as the new paradigm for Internet communication, Web Services have introduced a large number of new standards and technologies. Though founding on decades of networking experience, Web Services are not more resistant to security attacks than other open network systems. Quite the opposite is true: Web Services are exposed to attacks well-known from common Internet protocols and additionally to new kinds of attacks targeting Web Services in particular. Along with their severe impact, most of these attacks can be performed with minimum effort from the attacker's side. In this paper we present a list of vulnerabilities in the context of Web Services. To proof the practical relevance of the threats, we performed exemplary attacks on widespread Web Service implementations. Further, general countermeasures for prevention and mitigation of such attacks are discussed.

Cited By

View all

Masdari MJalali M(2016)A survey and taxonomy of DoS attacks in cloud computingSecurity and Communication Networks10.1002/sec.15399:16(3724-3751)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1002/sec.1539
Lemos ADaniel FBenatallah B(2015)Web Service CompositionACM Computing Surveys10.1145/283127048:3(1-41)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1145/2831270
Palmieri FRicciardi SFiore UFicco MCastiglione A(2015)Energy-oriented denial of service attacksThe Journal of Supercomputing10.1007/s11227-014-1242-671:5(1620-1641)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1007/s11227-014-1242-6
Show More Cited By

Index Terms

SOA and Web Services: New Technologies, New Standards - New Attacks
1. Information systems
  1. World Wide Web
    1. Web applications
    2. Web services
2. Software and its engineering
  1. Software organization and properties
    1. Software system structures
      1. Distributed systems organizing principles
        Organizing principles for web applications

Recommendations

Countering DDoS and XDoS Attacks against Web Services
EUC '08: Proceedings of the 2008 IEEE/IFIP International Conference on Embedded and Ubiquitous Computing - Volume 01

Cyber-criminals use distributed denial-of-service attacks (DDoS) and XML denial-of-service attacks (XDoS) to extort money from online service providers. This kind of attacks is normally targeted at a particular service provider to exhaust the network ...
SOA and Web Services
SCC '06: Proceedings of the IEEE International Conference on Services Computing

This tutorial presents the foundational knowledge for the researchers and practitioners on Service- Oriented Architecture (SOA) and Web services. The traditional "triangle” SOA and variations that better support SOA services and solutions will be ...
Experimental analysis of attacks against web services and countermeasures
iiWAS '10: Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services

Web services are increasingly becoming an integral part of next-generation web applications. A Web service is defined as a software system designed to support interoperable machine-to-machine interaction over a network based on a set of XML standards. ...

Comments

Information & Contributors

Information

Published In

ECOWS '07: Proceedings of the Fifth European Conference on Web Services

November 2007

246 pages

ISBN:0769530443

Publisher

IEEE Computer Society

United States

Publication History

Published: 26 November 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Masdari MJalali M(2016)A survey and taxonomy of DoS attacks in cloud computingSecurity and Communication Networks10.1002/sec.15399:16(3724-3751)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1002/sec.1539
Lemos ADaniel FBenatallah B(2015)Web Service CompositionACM Computing Surveys10.1145/283127048:3(1-41)Online publication date: 9-Dec-2015
https://dl.acm.org/doi/10.1145/2831270
Palmieri FRicciardi SFiore UFicco MCastiglione A(2015)Energy-oriented denial of service attacksThe Journal of Supercomputing10.1007/s11227-014-1242-671:5(1620-1641)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1007/s11227-014-1242-6
Siala FGhedira K(2014)How to select dynamically a QoS-driven composite web service by a multi-agent system using CBR methodInternational Journal of Wireless and Mobile Computing10.1504/IJWMC.2014.0630547:4(327-347)Online publication date: 1-Jul-2014
https://dl.acm.org/doi/10.1504/IJWMC.2014.063054
Leitner MRinderle-Ma S(2014)A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directionsInformation and Software Technology10.1016/j.infsof.2013.12.00456:3(273-293)Online publication date: 1-Mar-2014
https://dl.acm.org/doi/10.1016/j.infsof.2013.12.004
Pinzón CDe Paz JTapia DBajo JCorchado J(2012)Improving the security level of the FUSION@ multi-agent architectureExpert Systems with Applications: An International Journal10.1016/j.eswa.2012.01.12739:8(7536-7545)Online publication date: 1-Jun-2012
https://dl.acm.org/doi/10.1016/j.eswa.2012.01.127
Muñoz-Arteaga JFernandez ECaudel-García HMotohashi M(2011)Misuse patternProceedings of the 2nd Asian Conference on Pattern Languages of Programs10.1145/2524629.2524643(1-5)Online publication date: 5-Oct-2011
https://dl.acm.org/doi/10.1145/2524629.2524643
Ghourabi AAbbes TBouhoula APardede ETaniar DPardede E(2010)Experimental analysis of attacks against web services and countermeasuresProceedings of the 12th International Conference on Information Integration and Web-based Applications & Services10.1145/1967486.1967519(195-201)Online publication date: 8-Nov-2010
https://dl.acm.org/doi/10.1145/1967486.1967519
Pinzón CDe Paz JBajo JCorchado J(2009)A multiagent solution to adaptively classify SOAP message and protect against dos attackProceedings of the Current topics in artificial intelligence, and 13th conference on Spanish association for artificial intelligence10.5555/1893496.1893520(181-190)Online publication date: 9-Nov-2009
https://dl.acm.org/doi/10.5555/1893496.1893520
Gruschka NJensen MDziuk TNing PDamiani EProctor S(2007)Event-based application of ws-security policy on soap messagesProceedings of the 2007 ACM workshop on Secure web services10.1145/1314418.1314420(1-8)Online publication date: 2-Nov-2007
https://dl.acm.org/doi/10.1145/1314418.1314420

Abstract

Cited By

Index Terms

Recommendations

Countering DDoS and XDoS Attacks against Web Services