Multiple Dimension Security Assessment Of Web Service

Web Service provides a neutral, language-independent platform that supports the interactive operation between machines on the network. However, calls between different parts of the application produce a security threat. WS security in message exchange is considered a very important issue, and becoming an important bottleneck of WS widely used. The recipient of the message should be able to confirm the message integrity, and discover the message has not been modified. Messages should be encrypted to send to the recipient, and only authorized users can read and know the identity of the sender and decide what operation the message requests should be doing. And services can audit everything to ensure its availability and non-repudiation. However, the security research focuses on how to design better safety standards or the use of traditional risk assessment methods to evaluate the Web services security. Users who want to select the service are difficult to determine whether the services meet the security requirement, nor can insure the service selected according to their preferences. Therefore, user preferences-based security assessment for optional Web services as an important issue.This article expands the existing Web services model by adding Web services security assessment centers (Security Evaluation Center), and evaluate security of web services based on security attributes and user preferences from three levels. First, data collection of the user preferences and security attributes. Use user interface (Request Handle) collected system parameters and user preferences, use Monitor to collect data and security attributes of the sending and receiving services which valued by risk. Secondly, constraints-based service filtering. Use Analytic Hierarchy Process method to filter for optional services will not meet the security needs of service users to remove and narrow set of optional services. Finally, the security assessment of using information entropy in Multiple-attribute Decision Making Theory. Through introduction of preference model, use security attribute preferences of user to correct the objective weights, so that the optional services that are more suitable to user requirements. In the end, the experiment shows that this method can modify the security attributes according to user preference weights, and have good impact on improving the accuracy of service selection and availability.