Preventing Service Oriented Denial of Service (PreSODoS): A Proposed Approach

Abstract

Today Web services have grown in context of both business to business (B2B) and business to customer (B2C) applications. Web services are the most popular mode of implementing service oriented architecture (SOA). With this growth and acceptance in the industry, the role of security is crucial. Most of the existing security mechanisms in Web services like XML encryption, digital signatures, user tokens etc. provide security on one basic assumption that source of the request is legitimate. But a typical denial of service attacker can use these sources as reflectors and play around with the contents of a Web service body to create an attack scenario. In this paper, we propose PreSODoS - a framework to detect and prevent XML based denial of service (XDoS) attacks on Web services based applications. The framework relies on content introspection to detect any XDoS possibility. We use a Patricia trie based representation so that the schemas and the request messages can be compared and validated in a performance efficient manner. PreSODoS is capable of detecting any repetitive request message and sense an attack scenario and trigger corresponding prevention mechanisms