SOA - Securing the SOA



Description

Most importantly, securing Service Oriented Architecture (SOA) is necessary to make sure that the services and applications run safely. For many reasons, including service exposures and loose coupling of components, securing SOA is essential because sometimes, exposed services becomes unprotected to attacks.

SOA Attacks

There are different types of attacks to which SOA environment may become unprotected, espcially if it was implemented using web service technology. Most of the people all around the world uses both SOA and web services which are rapidly developing areas, as a result they become more complex and open to attacks. On SAO and web services, most of the attacks takes place on the application service layer since web services communicate using XML and soap messages.

Following is a list of attacks in SOA:

  • Injection Attacks: This attack occurs when no validation on the user input is performed and no separation is done between user input and application. For example, SQL injection, XML injection etc.

  • Schema Poisoning Attack: This attack when occurs, modifies, replaces or even damages XML schemeas that provides the structure of XML documents.

  • Denial Of Service Attacks (DoS): This attack when occurs, do not change the service or its behaviour but can block the use of the service.

Research Contributions

The main contributions are as follows:

  • Providing an integrity for SOA that provides enough conditions for securing data integrity.

  • Implementing testbed for SOA and setting environment of specification based IDS.

  • Proposing intrusion detection system for SOA networks that are capable of detecting intrusions affecting behaviour of services.

  • Recommending SOA testbed where SOAP messages can be monitored.

Advertisements