Sciweavers

ICWS
2007
IEEE

Guarding Sensitive Information Streams through the Jungle of Composite Web Services

14 years 1 months ago
Guarding Sensitive Information Streams through the Jungle of Composite Web Services
Complex and dynamic web service compositions may introduce unpredictable and unintentional sharing of security-sensitive data (e.g., credit card numbers) as well as unexpected vulnerabilities that cause information leak. This paper describes a fine-grain access policy specification of security-sensitive data items for each component web service. We propose the SFGuard architecture to enforce these access policies at component web services. A prototype implementation of SF-Guard (on Apache Axis2) and its evaluation show that effective protection of security-sensitive information can be achieved at low overhead (a few percent addition to response time) while preserving the functionality of flexible web service composition.
Jinpeng Wei, Lenin Singaravelu, Calton Pu
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2007
Where ICWS
Authors Jinpeng Wei, Lenin Singaravelu, Calton Pu
Comments (0)