Advertisement

Denial of Service Defence Appliance for Web Services

  • S. Suriadi
  • A. Clark
  • H. Liu
  • D. Schmidt
  • J. Smith
  • D. Stebila
Chapter

Abstract

Service-oriented architectures (SOAs), implemented using web services, seek to use open and interoperable standards to facilitate easier enterprise application integration, provide application flexibility and facilitate the dynamic composition of applications from component services. As with traditional distributed computing environments such as common object request broker architecture (CORBA), remote procedure call (RPC) and remote method invocation (RMI), the exposure of information resources via computer networks to remote users and applications requires that those resources be adequately protected.

Keywords

Simple Object Access Protocol Internet Protocol Address Common Object Request Broker Architecture Simple Object Access Protocol Message Legitimate Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Ahmed, E., A. Clark, and G. Mohay. 2008. A novel sliding window based change detection algorithm for asymmetric traffic. In Proceedings of the IFIP International Conference on Network and Parallel Computing, 168–175, Oct 2008.Google Scholar
  2. 2.
    Algergawy, A., R. Nayak, and G. Saake. 2009. XML schema element similarity measures: A schema matching context. In OTM Conferences (2), 1246–1253, 2009.Google Scholar
  3. 3.
    Aura, T., P. Nikander, and J. Leiwo. 2000. DoS-resistant authentication with client puzzles. In Security Protocols Workshop 2000, 170–181. Cambridge, Apr 2000.Google Scholar
  4. 4.
    Badishi, G., A. Herzberg, I. Keidar, O. Romanov, and A. Yachin. 2008. An empirical study of denial of service mitigation techniques. In IEEE Symposium on Reliable Distributed Systems. SRDS ’08, 115–124, Oct 2008.Google Scholar
  5. 5.
    Ballinger, K., D. Ehnebuske, C. Ferris, M. Gudgin, C. Liu, M. Nottingham, and P. Yendluri. 2006. Basic profile version 1.1 final material. http://www.ws-i.org/profiles/basicprofile-1.1.html. Accessed 17 Feb 2011.
  6. 6.
    Box, D., D. Ehnebuske, G. Kakivaya, A. Layman, N. Mendelsohn, H. F. Nielsen, S. Thatte, and D. Winer. 2000. Simple object access protocol (soap) 1.1. http://www.w3.org/TR/2000/NOTE-SOAP-20000508/. Accessed 16 Feb 2011.
  7. 7.
    Butek, R. 2005. Which style of WSDL should I use? http://www.ibm.com/developerworks/webservices/library/ws-whichwsdl/. Accessed 17 Feb 2011.
  8. 8.
    Chinnici, R., J.-J. Moreau, A. Ryman, and S. Weerawarana. 2007. Web services description language (WSDL) version 2.0. Part 1 Core language. http://www.w3.org/TR/wsdl20/. Accessed 17 Feb 2011.
  9. 9.
    Christensen, E., F. Curbera, G. Meredith, and S. Weerawarana. 2001. Web services description language (WSDL) 1.1 – W3C note. http://www.w3.org/TR/wsdl.html. Accessed 17 Feb 2011.
  10. 10.
    Dean, D. and A. Stubblefield. 2001. Using Client Puzzles to Protect TLS. In Proc. 10th USENIX Security Symposium, 2001.Google Scholar
  11. 11.
    Dwork, C. and M. Naor. 1992. Pricing via processing or combatting junk mail. In CRYPTO ’92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, 139–147, London, 1992. Springer.Google Scholar
  12. 12.
    Eastlake, D., J. Reagle, D. Eastlake, J. Reagle, T. Imamura, B. Dillaway, and E. Simon. 2002. XML encryption syntax and processing. http://www.w3.org/TR/xmlenc-core/. Accessed 16 Feb 2011.
  13. 13.
    Eastlake, D., J. Reagle, and D. Solo. 2002. (Extensible markup language) XML signature syntax and processing. http://tools.ietf.org/html/rfc3275. Accessed 16 Feb 2011.
  14. 14.
    Gudgin, M., M. Hadley, N. Mendelsohn, J.-J. Moreau, H. Nielsen, A. Karmarkar, and Y. Lafon. 2007. SOAP version 1.2. Part 1: Messaging Framework (Second edition). http://www.w3.org/TR/soap12-part1/. Accessed 16 Feb 2011.
  15. 15.
    Gudgin, M., M. Hadley, N. Mendelsohn, J.-J. Moreau, H. Nielsen, A. Karmarkar, and Y. Lafon. 2007. SOAP version 1.2. Part 2: Adjuncts (Second edition) http://www.w3.org/TR/soap12-part2/. Accessed 16 Feb 2011.
  16. 16.
    Juels, A. and J. Brainard. 1999. Client puzzles: A cryptographic defense against connection depletion attacks. In Proceedings of the Network and Distributed System Security Symposium (NDSS ’99), 151–165, San Diego, Feb 1999. Internet Society Press, Reston.Google Scholar
  17. 17.
    Kutty, S., T. Tran, R. Nayak, and Y. Li. 2007. Clustering XML documents using closed frequent subtrees: A structural similarity approach. In INEX, 183–194, 2007.Google Scholar
  18. 18.
    Lawrence, K., C. Kaler, A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist. 2007. ‘WS-Trust 1.3,’ OASIS Standard ws-trust-200512, Mar 2007. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws-trust-1.3-os.html. Accessed 31 Aug 2011.
  19. 19.
    Lawrence, K., C. Kaler, A. Nadalin, M. Goodner, M. Gudgin, A. Barbir, and H. Granqvist. 2008. WS-Securitypolicy 1.2 – OASIS standard incorporating proposed errata. http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/ws-securitypolicy-1.2-spec-errata-cd-01.pdf. Accessed 17 Feb 2011.
  20. 20.
    Lawrence, K., C. Kaler, A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web services security: SOAP message security 1.1 (WS-Security 2004). http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-SOAPMessageSecurity.pdf. Accessed 16 Feb 2011.
  21. 21.
    Lawrence, K., C. Kaler, A. Nadalin, C. Kaler, R. Monzillo, and P. Hallam-Baker. 2006. Web services security X.509 certificate token profile 1.1. docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-x509TokenProfile-01.pdf. Accessed 17 Feb 2011.
  22. 22.
    Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security kerberos token profile 1.1. http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf. Accessed 17 Feb 2011.
  23. 23.
    Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security: SAML token profile 1.1. http://www.oasis-open.org/committees/download.php/16768/wss-v1.1-spec-os-SAMLTokenProfile.pdf. Accessed 17 Feb 2011.
  24. 24.
    Lawrence, K., C. Kaler, A. Nadalin, R. Monzillo, and P. Hallam-Baker. 2006. Web services security username token profile 1.1. http://docs.oasis-open.org/wss/v1.1/wss-v1.1-spec-os-UsernameTokenProfile.pdf. Accessed 17 Feb 2011.
  25. 25.
    McNevin, T., J.-M. Park, and R. Marchany. 2004. pTCP: A client puzzle protocol for defending against resource exhaustion denial of service attacks. Technical report TR-ECE-04-10, Department of Electrical and Computer Engineering, Virginia Tech, Oct 2004. http://www.ece.vt.edu/parkjm/Research/techReport_pTCP.pdf. Accessed 17 Feb 2011.
  26. 26.
    Mitra, N. and Y. Lafon. 2007. SOAP version 1.2 part 0: Primer (second edition). http://www.w3.org/TR/soap12-part0/. Accessed 16 Feb 2011.
  27. 27.
    Nayak, R. and S. Xu. 2005. XML documents clustering by structures. In INEX, 432–442, 2005Google Scholar
  28. 28.
    Nielsen, H. and H. Ruellan. 2004. SOAP 1.2 attachment feature – w3c working group note. http://www.w3.org/TR/soap12-af/. Accessed 17 Feb 2011.
  29. 29.
    Padmanabhuni, S., V. Singh, K. Kumar, and A. Chatterjee. 2006. Preventing service oriented denial of service (PreSODoS): A proposed approach. In ICWS ’06: Proceedings of the IEEE International Conference on Web Services, 577–584, Washington, DC, 2006. IEEE Computer Society.Google Scholar
  30. 30.
    Reid, J., A. Clark, J. Gonzalez-Nieto, J. Smith, and K. Viswanathan. 2004. Denial of service issues in voice over IP networks. In First International Conference on E-Business and Telecommunication Networks (ICETE 2004), Setubal, Portugal, 25–28 August 2004Google Scholar
  31. 31.
    Rosenberg, J. and D. Remy. 2004. Securing web services with WS-security: Demystifying WS-security, WS-policy, SAML, XML signature, and XML encryption. SAMS Publishing.Google Scholar
  32. 32.
    Siddiqui, B. 2002. Developing web services, Part3: SOAP interoperability. http://www.ibm.com/developerworks/webservices/library/ws-intwsdl3.html. Accessed 17 Feb 2011.
  33. 33.
    Singhal, A., T. Winograd, and K. Scarfone. 2007. Guide to secure web services – Recommendations of the national institute of standards and technology. Technical report 800-95. http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf. Accessed 17 Feb 2011.
  34. 34.
    Smith, J., J. Gonzalez-Nieto, and C. Boyd. 2006. Modelling denial of service attacks on JFK with Meadows’s cost-based framework. In R. Buyya, T. Ma, R. Safavi-Naini, C. Steketee, and W. Susilo (eds) ACSW Frontiers 2006, 16–19 January 2006, Australia, Tasmania, Hobart.Google Scholar
  35. 35.
    Snort Project, T. 2011. SNORT Users Manual. http://www.snort.org/assets/166/snort_manual.pdf.
  36. 36.
    Stebila, D. and B. Ustaoglu. 2009. Towards denial-of-service-resilient key agreement protocols. In Proceedings of the 14th Australasian Conference on Information Security and Privacy (ACISP), LNCS, vol. 5594, 389–406. Springer.Google Scholar
  37. 37.
    Suriadi, S., A. Clark, and D. Schmidt. 2010. Validating denial of service vulnerabilities in Web services. In 4th International Conference on Network and System Security (NSS), 175–182, Sept 2010.Google Scholar
  38. 38.
    Tran, T., R. Nayak, and P. Bruza. 2008. Combining structure and content similarities for XML document clustering. In AusDM, 219–226, 2008.Google Scholar
  39. 39.
    Vedamuthu, A., D. Orchard, F. Hirsch, M. Hondo, P. Yendluri, T. Boubez, and U. Yalçinalp. 2007. Web Services Policy 1.5 – Attachment. http://www.w3.org/TR/ws-policy-attach/. Accessed 17 Feb 2011.
  40. 40.
    Vedamuthu, A., D. Orchard, F. Hirsch, M. Hondo, P. Yendluri, T. Boubez, and U. Yalçinalp. 2007. Web Services Policy 1.5 – Framework. http://www.w3.org/TR/ws-policy/. Accessed 16 Feb 2011.

Copyright information

© Springer India Pvt. Ltd. 2011

Authors and Affiliations

  • S. Suriadi
    • 1
  • A. Clark
    • 1
  • H. Liu
    • 1
  • D. Schmidt
    • 1
  • J. Smith
    • 1
  • D. Stebila
    • 1
  1. 1.Information Security InstituteQueensland University of TechnologyBrisbaneAustralia

Personalised recommendations