Web services security is becoming a critical concern for any organization adopting the XML-based Web services approach to application integration. While many access control techniques for Web services are becoming available, several issues still need to be solved in order to correctly split the burden of securing Web services between the perimetral and the service level. In this paper, a technique is presented able to make perimetral defences semantics-aware. Application-level {\it semantics-aware firewalls} enforce filtering rules directly on SOAP messages based on the nature of the services they request. Our semantics-aware firewalls rules are written using a flexible XML-based syntax that allows sharing metadata concepts with service level access control policies, supporting complex security policies that integrate perimetral defences with access control. Moreover, they can be quickly integrated into organizations' existing infrastructure, deployed rapidly and scaled as needed. Also, they integrate easily with existing infrastructure and can be operated by current staff, potentially achieving a low total cost of ownership with respect to service level solutions.

Semantics-aware perimeter protection / M. Cremonini, E. Damiani, P. Samarati - In: Data and applications security XVII : status and prospects : IFIP TC11/WG11.3 seventeenth Annual Working Conference on data and applications security, August 4-6, 2003, Estes Park, Colorado, USA / Sabrina De Capitani di Vimercati, Indrakshi Ray, Indrajit Ray. - Boston : Kluwer academic, 2004. - ISBN 1402080697. - pp. 229-242 (( Intervento presentato al 17. convegno IFIP TC-11 WG 11.3 Seventeenth Annual Working Conference on Data and Application Security, 2003 tenutosi a Estes Park, USA nel 2003.

Semantics-aware perimeter protection

M. Cremonini
Primo
;
E. Damiani
Secondo
;
P. Samarati
Ultimo
2004

Abstract

Web services security is becoming a critical concern for any organization adopting the XML-based Web services approach to application integration. While many access control techniques for Web services are becoming available, several issues still need to be solved in order to correctly split the burden of securing Web services between the perimetral and the service level. In this paper, a technique is presented able to make perimetral defences semantics-aware. Application-level {\it semantics-aware firewalls} enforce filtering rules directly on SOAP messages based on the nature of the services they request. Our semantics-aware firewalls rules are written using a flexible XML-based syntax that allows sharing metadata concepts with service level access control policies, supporting complex security policies that integrate perimetral defences with access control. Moreover, they can be quickly integrated into organizations' existing infrastructure, deployed rapidly and scaled as needed. Also, they integrate easily with existing infrastructure and can be operated by current staff, potentially achieving a low total cost of ownership with respect to service level solutions.
Web services; Security; Semantics; Perimeter protection
Settore INF/01 - Informatica
2004
Book Part (author)
File in questo prodotto:
Non ci sono file associati a questo prodotto.
Pubblicazioni consigliate

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/2434/13317
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 1
  • ???jsp.display-item.citation.isi??? ND
social impact