Access Control in Dynamic XML-Based Web-Services with X-RBAC
نویسندگان
چکیده
Policy specification for securing Web services is fast emerging as a key research area due to rapid proliferation of Web services in modern day enterprise applications. Whilst the use of XML technology to support these Web services has resulted in their tremendous growth, it has also introduced a new set of security challenges specific to these Web services. Though there has been recent research in areas of XML-based document security, these challenges have not been addressed within the XML framework. In this paper, we present X-RBAC, an XML-based RBAC policy specification framework for enforcing access control in dynamic XML-based Web services. An X-RBAC system has been implemented as a Java application, and is based on a specification language that addresses specific security requirements of these Web services. We discuss the salient features of the specification language, and present the software architecture of our X-RBAC system.
منابع مشابه
Defending Against XML-Based Attacks Using State-Based XML Firewall
With the proliferation of service-oriented systems and cloud computing, web services security has gained much attention in recent years. Web service attacks, called XML-based attacks, typically occur at the SOAP message level, thus they are not readily handled by existing security mechanisms such as a conventional firewall. In order to provide effective security mechanisms for service-oriented ...
متن کاملAn Extended Role-based Access Control Model for Enterprise Systems and Web Services
This thesis intends to develop application-level access control models to address several major security issues in enterprise environments. The first goal is to provide simple and efficient authorization specifications to reduce the complexity of security management. The second goal is to provide dynamic access control for Web service applications. The third goal is to provide an access control...
متن کاملSchema Based XML Security: RBAC Approach
As a platform-independent solution, XML is going to be used in many environments such as application integration and Web Services. Security of XML instance is a basic problem, especially in enterprise with large number of users and XML objects as well as complex authorizations administration. In this paper, a role-based access control (RBAC) model based on XML Schema is proposed. RBAC has been ...
متن کاملA petri net based XML firewall security model for web services invocation
An XML firewall differs from a conventional firewall because its major task is to control access to web services rather than to filter untrusted addresses. An XML firewall can effectively protect web services from being attacked by inspecting a complete XML message including its head and data segments, and rejecting unauthorized web services invocation. In this paper, we propose a formal XML fi...
متن کاملAn Evaluation of RBAC Policy Languages for Web Applications
The rapid growth of the Internet and a range of web applications bring the urgency of security issues, especially for access control. Role-based Access Control (RBAC) is recognized as a superior alternative and less error-prone to traditional discretionary and mandatory access controls. In this paper, we examine the representation of RBAC policies in web applications under distributed environme...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003