{"title":"A New Security Metric for SOA Implementations","authors":"Dave Larson, Jigang Liu","doi":"10.1109/SERE-C.2013.34","DOIUrl":null,"url":null,"abstract":"Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.","PeriodicalId":150535,"journal":{"name":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","volume":"3 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-06-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE Seventh International Conference on Software Security and Reliability Companion","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SERE-C.2013.34","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Service Oriented Architecture (SOA) is an architectural style used to handle transactions involving money, identity, and other sensitive and valuable information. Web Services that implement an SOA must be secure. This paper will describe the common vulnerabilities of Web Services and SOA and the best practices that should be followed in securing the software behind them, and then a new security metric, XPath Exposure Ratio, for Web Services and SOA implementations is proposed. In addition to the discussion on how to apply the new metric, the advantages of the new security metric are also illustrated.