Five Criteria for Web-Services Security Architecture

2010 Fourth International Conference on Network and System Security Pub Date : 2010-09-01 DOI:10.1109/NSS.2010.100

R. Addie, A. Colman

{"title":"Five Criteria for Web-Services Security Architecture","authors":"R. Addie, A. Colman","doi":"10.1109/NSS.2010.100","DOIUrl":null,"url":null,"abstract":"Five properties of an architecture for secure access to web services are defined and two existing architectures are evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is the requirement that a protocol exchange which is logically equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security protocols can be combined together arbitrarily to make new protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this regard than the simpler XACML architecture.","PeriodicalId":127173,"journal":{"name":"2010 Fourth International Conference on Network and System Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2010-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 Fourth International Conference on Network and System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NSS.2010.100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Five properties of an architecture for secure access to web services are defined and two existing architectures are evaluated according to these criteria. References to these criteria in the literature and evaluation of the security architectures are tabulated in the conclusion. Policy-sufficiency is defined as the requirement that any meaningful statements can be expressed in policy definitions of the architecture. Protocol neutrality is the requirement that a protocol exchange which is logically equivalent to a valid protocol sequence is also valid. Predicateboundedness is the constraint that a fixed, finite set of predicates (or language constructs) will be sufficient for security policy definitions, i.e. the language does not need to be incrementally extended indefinitely. Protocol-closure requires that security protocols can be combined together arbitrarily to make new protocols. Finally, processing complexity constrains algorithms for evaluating security rules to be of satisfactory (low) complexity. No existing security architectures recieve a tick for all five of these criteria. The RW architecture is more successful in this regard than the simpler XACML architecture.

查看原文本刊更多论文

web服务安全体系结构的五个标准

定义了用于安全访问web服务的体系结构的五个属性，并根据这些标准评估了两个现有体系结构。在结论部分列出了文献中对这些标准的引用和对安全体系结构的评估。策略充分性被定义为任何有意义的语句都可以在体系结构的策略定义中表示的需求。协议中立性是指逻辑上等同于有效协议序列的协议交换也是有效的要求。谓词有界性是一种约束，即一组固定的、有限的谓词(或语言结构)对于安全策略定义就足够了，也就是说，语言不需要无限地增量扩展。协议闭包要求安全协议可以任意组合在一起，形成新的协议。最后，处理复杂度限制了评估安全规则的算法具有令人满意的(低)复杂度。没有任何现有的安全体系结构能够满足所有这五个标准。在这方面，RW体系结构比简单的XACML体系结构更成功。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2010 Fourth International Conference on Network and System Security

自引率

0.00%

发文量