An extended XACML model to ensure secure information access for web services

被引:5
|
作者
Chou, Shih-Chien [1 ]
Huang, Chun-Hao [1 ]
机构
[1] Natl Dong Hwa Univ, Dept Comp Sci & Informat Math, Hsinchu, Taiwan
来源
JOURNAL OF SYSTEMS AND SOFTWARE | 2010年 / 83卷 / 01期
关键词
Web service; Information flow control; Security; Prevent information leakage; OBJECT-ORIENTED SYSTEMS; FLOW CONTROL;
D O I
10.1016/j.jss.2009.06.045
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just "allow or reject" policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service. (C) 2009 Elsevier Inc. All rights reserved.
引用
收藏
页码:77 / 84
页数:8
相关论文
共 50 条
  • [21] Integrated Security Framework for Secure Web Services
    Zhang, Wenjun
    2010 THIRD INTERNATIONAL SYMPOSIUM ON INTELLIGENT INFORMATION TECHNOLOGY AND SECURITY INFORMATICS (IITSI 2010), 2010, : 178 - 183
  • [22] Web services discovery in secure collaboration environments
    Shehab, Mohamed
    Bhattacharya, Kamal
    Ghafoor, Arif
    ACM TRANSACTIONS ON INTERNET TECHNOLOGY, 2008, 8 (01)
  • [23] A personalized on-the-fly approach for secure semantic Web services composition
    Abidi, Sarra
    Fakhri, Myriam
    Essafi, Mehrez
    Ben Ghezala, Henda Hajjami
    2017 IEEE/ACS 14TH INTERNATIONAL CONFERENCE ON COMPUTER SYSTEMS AND APPLICATIONS (AICCSA), 2017, : 1362 - 1369
  • [24] A policy-based approach to secure context in a Web services environment
    Maamar, Zakaria
    Mostefaoui, Ghita Kouadri
    Benslimane, Djamal
    ICEIS 2006: PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON ENTERPRISE INFORMATION SYSTEMS: SOFTWARE AGENTS AND INTERNET COMPUTING, 2006, : 100 - +
  • [25] Semantic Access Control for Web Services
    Liu, Miao
    Xie, Dongqing
    Li, Peng
    Zhang, Xunlai
    Tang, Chunming
    NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 2, PROCEEDINGS, 2009, : 55 - +
  • [26] Apply the technology of RBAC for secure Web application in Web services environment
    He Feng
    Yu Shoujian
    Le Jiajin
    ICCSE'2006: Proceedings of the First International Conference on Computer Science & Education: ADVANCED COMPUTER TECHNOLOGY, NEW EDUCATION, 2006, : 569 - 573
  • [27] Mobile Police Information System Based on Web Services
    尹浩
    付强
    林闯
    谭章熹
    丁嵘
    林一树
    李彦希
    樊燕飞
    Tsinghua Science and Technology, 2006, (01) : 1 - 7
  • [28] Modeling Secure Navigation in Web Information Systems
    Busch, Marianne
    Knapp, Alexander
    Koch, Nora
    PERSPECTIVES IN BUSINESS INFORMATICS RESEARCH, 2011, 90 : 239 - +
  • [29] Secure Web-Based Access for Productive Supercomputing
    Atwood, Christopher A.
    Goebbert, Randy C.
    Calahan, Joshua A.
    Hromadka, Theodore V., III
    Proue, Thomas M.
    Monceaux, Weston
    Hirata, Jason
    COMPUTING IN SCIENCE & ENGINEERING, 2016, 18 (01) : 63 - 72
  • [30] Secure Web Referral Services for Mobile Cloud Computing
    Xu, Le
    Li, Li
    Nagarajan, Vijayakrishnan
    Huang, Dijiang
    Tsai, Wei-Tek
    2013 IEEE SEVENTH INTERNATIONAL SYMPOSIUM ON SERVICE-ORIENTED SYSTEM ENGINEERING (SOSE 2013), 2013, : 584 - 593
12345