Web Services Security Domain Analysis And Attack Detection Methods

SOA is an enterprise software application integration architecture which is featured with platform interoperability, component loose coupling and dynamic composition, so it has been widely applied and practiced.With the application of SOA and web service, web services and platform are more vulnerable and complex to various attacks from internet and other protocols. Confidentiality and Non-Repudiation of web services message, service platform availability have become a critical factor for SOA software application integration successfully. Though web service was built on Internet which has been practiced for many years, it is not more secure compared with traditional web applications. Web services are easier to attack because they are vulnerable to many new and inherited old security threats, such as XML parsing, SOAP message protocol, service engine and even WS-Security itself.This thesis is mainly focusing on security issues and threats from SOA software application integration which is implemented by web services. It is argued that the security issue should be investigated as an independent domain in parallel with function requirements of the application software. It is pointed out that the security can not achieved by any single effort, and there are at least three aspects are needed to be considered, which consist of service platforms, service message and service assets itself. A multi-tier security model is given in order to realize web service software application security and a security asset model is presented in order to provide security process for each security tier.Based on web services multi-tie security model, this thesis has studied web service firewall for platform security and some attack detection algorithms are established. Two kinds of XML attacks are discussed in detail, one is XML injection attack, and another one is oversized cryptography of SOAP message, which is a kind of XML DoS attack.For XML injection attack, XML elements nesting attack is studied and attack features are analyzed. An XML injection attack detection algorithm is presented based on parameter validation tree which is built up from WSDL document and the service invocation. For oversized cryptography attack, attack scenarios are presented. The features of oversized cryptography SOAP message e following WS-Security standards are obtained through a series of experiments. And an oversized cryptography detection algorithm is provided based on the features of SOAP message. The detection algorithm can find out the suspicious SOAP message which has potential oversized cryptography.For the security of web services assets invocation and confidential data in database, a fine grained web service access control mechanism for SOA applications is studied. The access control mechanism is based on the model of role and business flow status and extension of SOAP message, which can determine access authority according to parameters of service requestor, such as identity, status in business flow. The data confidentiality in service provider side can be guaranteed based on this authority decision. The access control mechanism can make up the defects provided by WS-Security and can be widely used in SOA software application integration.