JSW 2011 Vol.6(4): 595-603 ISSN: 1796-217X
doi: 10.4304/jsw.6.4.595-603
doi: 10.4304/jsw.6.4.595-603
A Security Evaluation Method Based on Threat Classification for Web Service
Jiang Li1, 2, Chen Hao1, Deng Fei1, 2, Zhong Qiusheng1
1Software School of Hunan University, Changsha, China
2Computer and Information Engineering Department of HuaiHua Vocational and Technical College, Huaihua, China
Abstract—Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system’s security design.
Index Terms—Web service; security classification; security evaluation model; security abilities property
2Computer and Information Engineering Department of HuaiHua Vocational and Technical College, Huaihua, China
Abstract—Web service is a distributed computing model constructed on the basis of open standard technology with the characteristics of loose coupling, language neutrality, platform-independence, etc., how to efficiently evaluate the security of Web service is a challenging research topic. Current researches concern more about the testing of Web service and rarely about the issue of service security evaluation. On the basis of analyzing the current Web services in terms of security threats, a Web service security evaluation method based on threat classification is proposed, which can process security evaluation to Web service from different angles of view, such as spoofing, tampering, repudiation, message disclosure, denial of service and elevation of privilege, and can provide a referential evaluation index of Web service security for the users through the threat modeling and evaluating the degree of security. Finally, a case study on SOA application is discussed in detail, experimental results show that the proposed model works efficiently, it can provide valuable reference to check out security vulnerabilities of Web service and help to optimize the system’s security design.
Index Terms—Web service; security classification; security evaluation model; security abilities property
Cite: Jiang Li, Chen Hao, Deng Fei, Zhong Qiusheng, "A Security Evaluation Method Based on Threat Classification for Web Service," Journal of Software vol. 6, no. 4, pp. 595-603, 2011.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]