An extended XACML model to ensure secure information access for web services

被引:5
|
作者
Chou, Shih-Chien [1 ]
Huang, Chun-Hao [1 ]
机构
[1] Natl Dong Hwa Univ, Dept Comp Sci & Informat Math, Hsinchu, Taiwan
来源
JOURNAL OF SYSTEMS AND SOFTWARE | 2010年 / 83卷 / 01期
关键词
Web service; Information flow control; Security; Prevent information leakage; OBJECT-ORIENTED SYSTEMS; FLOW CONTROL;
D O I
10.1016/j.jss.2009.06.045
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just "allow or reject" policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service. (C) 2009 Elsevier Inc. All rights reserved.
引用
收藏
页码:77 / 84
页数:8
相关论文
共 50 条
  • [1] An Extended XACML Model to Secure Biological Web Services using Access Control Policies.
    Nirmalrani, V
    Saravanan, P.
    Sakthivel, P.
    RESEARCH JOURNAL OF PHARMACEUTICAL BIOLOGICAL AND CHEMICAL SCIENCES, 2016, 7 (03): : 1459 - 1466
  • [2] Secure IoT Resources with Access Control over RESTful Web Services
    Aloufi, Khalid
    Alhazmi, Omar
    JORDAN JOURNAL OF ELECTRICAL ENGINEERING, 2020, 6 (01): : 63 - 77
  • [3] Secure Browser-based Access to Web Services
    Lo Iacono, Luigi
    Rajasekaran, Hariharan
    2009 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS, VOLS 1-8, 2009, : 871 - 875
  • [4] A double access control model for web services based information system
    Chen, Xueqin
    Wu, Huizhong
    Zhu, Yaoqin
    2008 PROCEEDINGS OF INFORMATION TECHNOLOGY AND ENVIRONMENTAL SYSTEM SCIENCES: ITESS 2008, VOL 2, 2008, : 1045 - 1050
  • [5] The hybrid model for web services security Access control and information flow control
    Kedjar, Saadia
    Tari, Abdelkamel
    2013 8TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST), 2013, : 194 - +
  • [6] An adaptive access control model for Web services
    Bertino, Elisa
    Squicciarini, Anna C.
    Martino, Lorenzo
    Paci, Federica
    INTERNATIONAL JOURNAL OF WEB SERVICES RESEARCH, 2006, 3 (03) : 27 - 60
  • [7] MEDINFO CLOUD-A Cloud Based Solution to Ensure Secure Access to Health Related Information
    Senthil, Sankari
    Ramya, R.
    Saranya, B.
    GLOBAL TRENDS IN COMPUTING AND COMMUNICATION SYSTEMS, PT 1, 2012, 269 : 654 - 660
  • [8] Secure cloud services - extended cryptographic model of data storage
    Grocholewska-Czurylo, Anna
    Retinger, Marek
    PRZEGLAD ELEKTROTECHNICZNY, 2018, 94 (03): : 162 - 167
  • [9] Developing secure web services for computational portals
    Youn, C
    Pierce, M
    Fox, G
    SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2, 2003, : 367 - 372
  • [10] Access Control and Information Flow Control for Web Services Security
    Kedjar, Saadia
    Tari, Abdelkamel
    Bertok, Peter
    INTERNATIONAL JOURNAL OF INFORMATION TECHNOLOGY AND WEB ENGINEERING, 2016, 11 (01) : 44 - 76
12345