• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Journal of Computers >A Security Evaluation Method Based on Threat Classification for Web Service
【24h】

A Security Evaluation Method Based on Threat Classification for Web Service

机译:基于威胁分类的Web服务安全评估方法

获取原文
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system’s security design.
机译:Web服务是基于开放标准技术构建的分布式计算模型,具有松耦合,语言中立,平台独立等特点,如何有效地评估Web服务的安全性是一个充满挑战的研究课题。当前的研究更多地关注Web服务的测试,很少关注服务安全性评估的问题。在分析当前Web服务安全威胁的基础上,提出了一种基于威胁分类的Web服务安全评估方法,该方法可以从欺骗,篡改,抵赖,攻击,威胁,攻击等不同角度对Web服务进行安全评估。消息公开,拒绝服务和特权提升,并且可以通过威胁建模和评估安全程度为用户提供Web服务安全性的参考评估指标。最后,以SOA应用为例进行了详细的研究,实验结果表明该模型有效地工作,可以为检查Web服务的安全漏洞提供有价值的参考,并有助于优化系统的安全设计。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号