[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ Skip to main content
Log in

Technical analysis on security realization in web services for e-business management

  • Original Article
  • Published:
Information Systems and e-Business Management Aims and scope Submit manuscript

Abstract

The web service is proved to be one of significant milestone in the evolution of distributed computing. Applications interoperate with programs providing simple services to deliver sophisticated value-added services. Web service proves to be a loosely coupled way of achieving complex operations with less ownership of the resources in a standard way. Variety of platforms and frameworks communicate with the aim of transferring the business intelligence, domain specific functionalities and so on. The communication between the server providing the service and the client revolves around two main web technologies such as World Wide Web, and Hyper Text Transfer Protocol. As specified earlier web service invocation is achieved due to collaboration of multiple entities on the web. The quality of service factors such as performance, reliability, security, response time, availability etc., are very important to enable this web service invocation. Among which security proves to be a challenging factor due to vulnerabilities in the web that is imposed on the usage of numerous methods, tools and technologies. In the same pace, numerous standards and mechanisms has been introduced to handle the security threats. It is found to be difficult to arrive at a complete solution or standard to address the security issues of web services. As an initiative to provide a broader perspective on security of web services the review presented could provide glimpses of security vulnerabilities and solutions available.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
£29.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (United Kingdom)

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  • Agalya A, Nagaraj B (2013) Certain investigation on concentration control of CSTR—a comparative approach. Int J Adv Soft Comput Appl 5(2):1–14

    Google Scholar 

  • Ahn G, Hu H (2007) Realizing a formal RBAC model in real system. In: Twelfth ACM symposium on Access control models and technologies, pp 200–224

  • Balakrishnan N, Nisi K (2018) A deep analysis on optimization techniques for appropriate PID tuning to incline efficient artificial pancreas. Neural Comput Appl. https://doi.org/10.1007/s00521-018-3687-7

    Article  Google Scholar 

  • Balakrishnan N, Rajendran A, Palanivel K (2019) Meticulous fuzzy convolution C means for optimized big data analytics: adaptation towards deep learning. Int J Mach Learn Cybern. https://doi.org/10.1007/s13042-019-00945-2

    Article  Google Scholar 

  • Barringer H, Havelund K (2011) Trace contract: a Scala DSL for trace analysis. In: Seventeenth international symposium on formal methods, pp 57–72

  • Barringer H, Rydeheard DE, Havelund K (2010a) Rule systems for run-time monitoring: from Eagle to RuleR. J Log Comput 20(3):675–706

    Article  Google Scholar 

  • Barringer H, Groce A, Havelund K, Smith M (2010b) Formal analysis of log files. J Aerosp Comput Inf Commun 7(11):365–390

    Article  Google Scholar 

  • Carlo G, Guinea S (2007) In test and analysis of web services. Springer, Berlin, pp 237–264

    Google Scholar 

  • De Backere F, Hanssens B, Heynssens R, Houthooft R, Zuliani A, Verstichel S, Dhoedt B, De Turck F (2014) Design of a security mechanism for RESTful Web Service communication through mobile clients. In: Network operations and management symposium, pp 1–6

  • Dierks T, Allen C (1999) The TLS Protocol Version 1.0; Internet RFC 2246. http://tools.ietf.org/html/rfc2246. Jan 1999

  • Franks J, Hallam-Baker P, Hostetler J, Lawrence S, Leach P, Luotonen A, Sink E, Stewart L (1999) HTTP authentication: basic and digest access authentication. Internet RFC 2617. ftp://ftp.isi.edu/in-notes/rfc2617.txt. June 1999

  • Gajek S, Liao L, Moller B, Schwenk J (2008) SSL-over-SOAP: towards a token-based key establishment framework for web services. Emerg Web Serv Technol 2:141–157

    Google Scholar 

  • Halle S, Villemaire R (2012) Runtime enforcement of web service message contracts with data. IEEE Trans Serv Comput 5(2):192–206

    Article  Google Scholar 

  • Havelund K (2014) Data automata in Scala. In: Theoretical aspects of software engineering conference, pp 1–9

  • Havelund K (2014) Monitoring with data automata. In: Sixth international symposium on leveraging applications of formal methods, verification and validation, pp 254–273

  • Havelund K (2014c) Rule-based runtime verification revisited. Int J Softw Tools Technol Transf 17(2):143–170

    Article  Google Scholar 

  • Kristol D, Montulli L (2000) HTTP state management mechanism; Internet RFC 2965. http://tools.ietf.org/html/rfc2965. Oct 2000

  • Li J, Karp AH (2007) Access control for the service oriented architecture. In: ACM workshop on secure web services, pp 9–17

  • Liu W, Li Y (2010) Research and implementation based on web services security model. In: International conference on innovative communication and Asia-Pacific conference on information technology and ocean engineering, pp 129–132

  • Messaoud B, Douri O (2013) Road to a secure Web service exchange. In: Security Days (JNS3), vol 26, no 27, 1–6

  • Mitchell JC, Shmatikov V, Stern U (1998) Finite-state analysis of SSL 3.0. In: seventh conference on USENIX Security Symposium, San Antonio, Texas, pp 16–19

  • Nisi K, Nagaraj B, Agalya A (2018) Tuning of a PID controller using evolutionary multi objective optimization methodologies and application to the pulp and paper industry. Int J Mach Learn Cybern 10:2015–2025

    Article  Google Scholar 

  • OASIS XACML committee (2011) http://www.oasisopen.org/committees/xacml/. 5 June 2011

  • OAuth 2.0 Open Authorization standard (2018). https://oauth.net/2/

  • Paulson LC (1999) Inductive analysis of the internet protocol TLS. ACM Trans Comput Syst Secur 2(3):332–351

    Article  Google Scholar 

  • Priyadharshini M, Baskaran R, Srinivasan MK, Rodrigues P (2011) A framework for securing web services by formulating an collaborative security standard among prevailing WS-* security standards. In: International conference on advances in computing and communications, Kochi, Kerala, pp 269–283

  • Priyadharshini M, Baskaran R, Balaji N, Saleem Basha MS (2013) Analysis on countering XML-based attacks in web services. Int Rev Comput Softw 8(9):2197–2204

    Google Scholar 

  • Schneier B, Wagner D (1996) Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce, Oakland, California, pp 29–40

  • Sethuramalingam TK, Nagaraj B (2014) A comparative approach on PID controller tuning using soft computing techniques. Int J Innov Sci Eng Res (IJISER) 1(12):460–465

    Google Scholar 

  • Sethuramalingam TK, Nagaraj B (2016) A proposed system of ship trajectory control using particle swarm optimization. Procedia Comput Sci 87:294–299

    Article  Google Scholar 

  • Simmonds J, Gan Y, Chechik M, Nejati S, O’Farrell B, Litani E, Waterhouse J (2009) Runtime monitoring of web service conversations. IEEE Trans Serv Comput 2(3):223–244

    Article  Google Scholar 

  • Sinha S, Sinha SK, Purkayastha BS (2010) Security issues in web services. Assam Univ J Sci Technol 5(2):134–140

    Google Scholar 

  • Spyridon P, Giorgos V, Despina P (2008) A holistic anonymity framework for web services. In: First international conference on pervasive technologies related to assistive environments, pp 381–388

  • Sylvain H (2011) Causality in message-based contract violations: a temporal logic “Whodunit”. In: Fifteenth international conference on enterprise distributed object computing conference, pp 171–180

  • Systique H (2019) Securing RESTful web services using spring and OAuth 2.0. https://www.hsc.com/Portals/0/Uploads/Articles/WP_Securing_RESTful_WebServices_Oauth2635406646412464000.pdf

  • Tihomirovs Juris, Grabis Janis (2016) Comparison of SOAP and REST based web services using software evaluation metrics. Inf Technol Manag Sci 19(1):92–97

    Google Scholar 

  • Web Services Security: SOAP Message Security 1.0 2004, OASIS Standard. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0. 1 Mar 2004

  • Web Services Security Kerberos Token profile 1.1 OASIS 2009 http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf. 20 Apr 2009

  • Web Services Security Username token profile 1.0 2004. http://docs.oasis-open.org/was/2004/01/oasis-200401-was-username-token-profile-1.0.pdf. 1 Mar 2004

  • Web Services Security X.509 Certificate Token profile 1.1 OASIS. http://www.oasis-open.org/committeesdownload.php/16785/wss-v1.1-spec-os-x509TokenProfile.pdf. 20 Apr 2009

  • WS-Secure Conversation 1.3 2007, OASIS Standard. http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/ws-secureconversation-1.3-os.html. 1 Mar 2007

  • Yarygina T (2017) RESTful is not secure. In: International conference on applications and techniques in information security, Auckland, New Zealand, pp 141–153

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Priyadharshini Muthukrishnan.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Muthukrishnan, P., Sakthivel, V., Ramachandran, B. et al. Technical analysis on security realization in web services for e-business management. Inf Syst E-Bus Manage 18, 427–438 (2020). https://doi.org/10.1007/s10257-019-00423-w

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10257-019-00423-w

Keywords

Navigation