An extended XACML model to ensure secure information access for web services

被引:5
作者
Chou, Shih-Chien [1 ]
Huang, Chun-Hao [1 ]
机构
[1] Natl Dong Hwa Univ, Dept Comp Sci & Informat Math, Hsinchu, Taiwan
来源
JOURNAL OF SYSTEMS AND SOFTWARE | 2010年 / 83卷 / 01期
关键词
Web service; Information flow control; Security; Prevent information leakage; OBJECT-ORIENTED SYSTEMS; FLOW CONTROL;
D O I
10.1016/j.jss.2009.06.045
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
More and more software systems based on web services have been developed. Web service development techniques are thus becoming crucial. To ensure secure information access, access control should be taken into consideration when developing web services. This paper proposes an extended XACML model named EXACML to ensure secure information access for web services. It is based on the technique of information flow control. Primary features offered by the model are: (1) both the information of requesters and that of web services are protected, (2) the access control of web services is more precise than just "allow or reject" policy in existing models, and (3) the model will deny non-secure information access during the execution of a web service even when a requester is allowed to invoke the web service. (C) 2009 Elsevier Inc. All rights reserved.
引用
收藏
页码:77 / 84
页数:8
相关论文
共 50 条
  • [31] Profiles for conveying the secure communication requirements of Web services
    Merrill, Duane
    Grimshaw, Andrew
    CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 2009, 21 (08) : 991 - 1011
  • [32] Optimizing secure Web Services with MAWeS: a case study
    Rak, Massimiliano
    Casola, Valentina
    Mazzoccca, Nicola
    Mancini, Emilio Pasquale
    Villano, Umberto
    2007 THIRD INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN COMMUNICATION NETWORKS AND WORKSHOPS, 2007, : 144 - +
  • [33] An Adaptive Web Information System Based on Web Services
    Soukkarieh, Bouchra
    Sedes, Florence
    2008 3RD INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGIES: FROM THEORY TO APPLICATIONS, VOLS 1-5, 2008, : 1462 - 1467
  • [34] Information Security for Web and SQL Services
    Iacob, Nicoleta Magdalena
    PROCEEDINGS OF THE 9TH INTERNATIONAL CONFERENCE ON VIRTUAL LEARNING, 2014, : 408 - 412
  • [35] Model Driven Secure Web Applications
    Idani, Akram
    PROCEEDINGS OF THE FIFTH EUROPEAN CONFERENCE ON THE ENGINEERING OF COMPUTER-BASED SYSTEMS (ECBS 2017), 2017,
  • [36] Data collaborative work flow model for information integration with the support of Web services
    Zhang, J. K.
    Liu, K.
    Tang, Y.
    So, M. C.
    Ke, L. S.
    Mao, A. L.
    IMECS 2008: INTERNATIONAL MULTICONFERENCE OF ENGINEERS AND COMPUTER SCIENTISTS, VOLS I AND II, 2008, : 810 - +
  • [37] A Secure Information Flow Architecture for Web Service Platforms
    College of Computing, Georgia Institute of Technology, 350043 Georgia Tech Station, Atlanta, GA 30332, United States
    不详
    不详
    IEEE Trans. Serv. Comput., 2008, 2 (75-87): : 75 - 87
  • [38] Enabling Secure RESTful Web Services in IoT using OpenStack
    Benomar, Zakaria
    Longo, Francesco
    Merlino, Giovanni
    Puliafito, Antonio
    2020 IEEE 17TH INTERNATIONAL CONFERENCE ON MOBILE AD HOC AND SMART SYSTEMS (MASS 2020), 2020, : 410 - 417
  • [39] Towards an Adaptive Web Information System Based on Web Services
    Soukkarieh, B.
    Sedes, F.
    FOURTH INTERNATIONAL CONFERENCE ON AUTONOMIC AND AUTONOMOUS SYSTEMS (ICAS 2008), 2008, : 272 - 277
  • [40] A Quick XML Parser for extracting signatures of secure web services
    Chen, KY
    Huang, CC
    Hou, TW
    Lee, TC
    Yang, SF
    Cheng, PW
    Fifth International Conference on Computer and Information Technology - Proceedings, 2005, : 1093 - 1098
12345