When Good Services Go Wild: Reassembling Web Services for Unintended Purposes

نویسندگان

  • Feng Lu
  • Jiaqi Zhang
  • Stefan Savage
چکیده

The rich nature of modern Web services and the emerging “mash-up” programming model, make it difficult to predict the potential interactions and usage scenarios that can emerge. Moreover, while the potential security implications for individual client browsers have been widely internalized (e.g., XSS, CSRF, etc.) there is less appreciation of the risks posed in the other direction— of user abuse on Web service providers. In particular, we argue that Web services and pieces of services can be easily combined to create entirely new capabilities that may themselves be at odds with the security policies that providers (or the Internet community at large) desire to enforce. As a proof-of-concept we demonstrate a fullyfunctioning Web proxy service called CloudProxy. Constructed entirely out of pieces of unrelated Google and Facebook functionality, CloudProxy effectively launders a user’s connection through these provider’s resources.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Specification and Verification of Authorization Policies for Web Services Composition

The management and maintenance of a large number of Web services is not easy and, in particular, needs appropriate authorization policies to be defined so as to realize reliable and secure Web Services. The required authorization policies can be quite complex, resulting in unintended conflicts, which could result in information leaks or prevent access to information needed. This paper proposes ...

متن کامل

High Fuzzy Utility Based Frequent Patterns Mining Approach for Mobile Web Services Sequences

Nowadays high fuzzy utility based pattern mining is an emerging topic in data mining. It refers to discover all patterns having a high utility meeting a user-specified minimum high utility threshold. It comprises extracting patterns which are highly accessed in mobile web service sequences. Different from the traditional fuzzy approach, high fuzzy utility mining considers not only counts of mob...

متن کامل

Automatic QoS-aware Web Services Composition based on Set-Cover Problem

By definition, web-services composition works on developing merely optimum coordination among a number of available web-services to provide a new composed web-service intended to satisfy some users requirements for which a single web service is not (good) enough. In this article, the formulation of the automatic web-services composition is proposed as several set-cover problems and an approxima...

متن کامل

Some Multidimensional Unintended Consequences of Telehealth Utilization: A Multi-Project Evaluation Synthesis

Background Telehealth initiatives have bloomed around the globe, but their integration and diffusion remain challenging because of the complex issues they raise. Available evidence around telehealth usually deals with its expected effects and benefits, but its unintended consequences (UCs) and influencing factors are little documented. This study aims to explore, describe and analyze mult...

متن کامل

Security Analysis for Web ServicesCompositions

As more organizations adopt Web services for increasingly sensitive, mission-critical data the potential impact of breaches of Web services increases both for individuals and organizations. Increasing impacts can result in a worsening of the risk environment for all parties. Web services security and auditing is therefore an important concern. The current trend toward representing Web services ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012