An approach for benchmarking the security of web service frameworks

Rui Andre Oliveira; Miquel Martinez Raga; Nuno Laranjeiro; Marco Vieira

首页> 外文期刊>Future generation computer systems >An approach for benchmarking the security of web service frameworks

【24h】

An approach for benchmarking the security of web service frameworks

机译：基准测试Web服务框架安全性的方法

获取原文

获取原文并翻译 | 示例

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Web services are a popular technology for deploying applications on the Web. They are supported by frameworks, the middleware that handles most communication aspects. Security in the Web is a key concern as the exposure to attacks is high and may result in catastrophic consequences for the deployed services. Selecting the most secure framework is challenging, especially considering their diversity and the complexity involved in any security assessment. This paper is an initial contribution aiming at the definition of a security benchmark for assessing and comparing the security of web service frameworks. The proposed benchmark is based on two phases: Security Qualification and Trustworthiness Assessment. In the first phase, state-of-the-art techniques are used to detect vulnerabilities in the frameworks. If vulnerabilities are found, the framework is disqualified. In the second phase, the qualified frameworks are analyzed for evidences of potentially unsecure aspects, being the observed behavior used to compute a score using the Logic Score of Preferences technique. Such score allows comparing frameworks from a trustworthiness perspective. We applied our approach for the case of DoS Attacks and benchmarked ten frameworks. Results show that six frameworks fail in qualifying for the second phase and that the remaining ones can be ranked using the computed score, allowing developers to make informed decisions about their deployments.

机译：Web服务是一种用于部署Web上应用程序的流行技术。它们由框架支持，中间件处理大多数通信方面。 Web中的安全性是关键问题，因为攻击攻击很高，可能导致部署服务的灾难性后果。选择最安全的框架是具有挑战性的，特别是考虑到他们的多样性和任何安全评估所涉及的复杂性。本文是针对评估和比较Web服务框架的安全性的安全基准定义的初步贡献。拟议的基准基于两阶段：安全资格和可信度评估。在第一阶段，最先进的技术用于检测框架中的漏洞。如果发现漏洞，则框架被取消资格。在第二阶段，分析了合格的框架以证明可能的不安全方面的证据，是使用偏好技术的逻辑评分来计算分数的观察到的行为。此类分数允许将框架与值得信赖的角度来看。我们将我们的方法应用于DOS攻击和基准十个框架。结果表明，六个框架在排位赛中失败，第二阶段，剩余的框架可以使用计算的分数排列，允许开发人员对其部署进行明智的决策。

著录项

来源
《Future generation computer systems》 |2020年第9期|833-848|共16页
作者
Rui Andre Oliveira; Miquel Martinez Raga; Nuno Laranjeiro; Marco Vieira;
展开▼
作者单位

CISUC Department of Informatics Engineering University of Coimbra Portugal;

ITACA at Universitat Politecnica de Valencia (UPV) Valencia Spain;

CISUC Department of Informatics Engineering University of Coimbra Portugal;

CISUC Department of Informatics Engineering University of Coimbra Portugal;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Web services; Frameworks; Benchmarking; Security; Trustworthiness;

机译：网页服务;构架;基准;安全;值得信赖;

相似文献

外文文献
中文文献
专利

1. Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples [J] . Antunes Nuno, Vieira Marco Services Computing, IEEE Transactions on . 2015,第2期

机译：评估和比较Web服务的漏洞检测工具：基准化方法和示例
2. Assessing the security of web service frameworks against denial of service attacks [J] . Rui Andre Oliveira, Nuno Laranjeiro, Marco Vieira Operations Research . 2017,第3期

机译：评估Web服务框架针对拒绝服务攻击的安全性
3. Security framework for RESTful mobile cloud computing Web services [J] . AlShahwan Feda, Faisal Maha, Ansa Godwin Journal of ambient intelligence and humanized computing . 2016,第5期

机译：RESTful移动云计算Web服务的安全框架
4. Web Services Security Proxy: a Centralized Thin-Client Framework of Web Services on Enterprise Environments [C] . Yu-Cai FENG, Yong ZHANG 7th World Multiconference on Systemics, Cybernetics and Informatics(SCI 2003) vol.3: Communication, Network and Control Systems, Technologies and Applications . 2003

机译：Web服务安全代理：企业环境上Web服务的集中式瘦客户端框架
5. An Android approach to the web services resource framework. [D] . Garcia Kunzel, Adriana. 2010

机译：一种用于Web服务资源框架的Android方法。
6. Retracted: An Automatic Web Service Composition Framework Using QoS-Based Web Service Ranking Algorithm [O] . The Scientific World Journal 2016

机译：缩回：使用基于QoS的Web服务排名算法的自动Web服务组合框架
7. Research on Technical Requirements of Security for Migration, Combination, and Separation of Web-Contents and Development of Cooperation Service Framework in N-Screen Services [O] . Howon Lee 2014

机译：迁移，组合和网络内容分离的安全技术要求及合作服务框架的技术要求

An approach for benchmarking the security of web service frameworks

摘要

著录项

相似文献

相关主题

期刊订阅