Web services and grid security vulnerabilities and threats analysis and model

Abstract

The paper provides an overview of available Web services security vulnerability models and proposes a classification of the potential grid and Web services attacks and vulnerabilities. This is further used to introduce a security model for interacting grid and Web services that illustrates how basic security services should interact to provide an attack-resilient multilayer protection in a typical service-oriented architecture. The analysis and the model can be used as a basis for developing countermeasures against known vulnerabilities and security services design recommendations. The paper refers to the ongoing work on middleware and operational security in the framework of the European grid infrastructure deployment project EGEE and related coordination groups.