한국정보처리학회:학술대회논문집 (Proceedings of the Korea Information Processing Society Conference)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

웹서비스 보안에서 ?공격에 대한 관대한 계획

A Tolerant Scheme for SOAP Attacks in Web Services Security

  • Hung, Pham Phuoc (Department of Computer Engineering, Dongguk University) ;
  • Nasridinov, Aziz (Department of Computer Engineering, Dongguk University) ;
  • Qing, Lin (Department of Computer Engineering, Dongguk University) ;
  • Byun, Jeongyong (Department of Computer Engineering, Dongguk University)
  • 발행 : 2011.11.11
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Nowadays Web Services are one of the most rapidly developed technologies and have become platform for e-ecommerce as well as B2B model. Therefore, when Web Services use SOAP as a protocol for communication, their security should be considered. However, those SOAP messages are prone to XML attacks that can create a foundation for typical faults and make it vulnerable to use. Unfortunately, recent researches established that solutions to deal with these problems have several limitations. In this paper, we explore attacks on SOAP messages and also provide confidentiality and integrity solutions. It is a tolerant scheme which is able to automatically detect and fix typical faults occurred in SOAP messages to combat with the security threats in order to improve its reliability.

키워드