PIRAP: Security Assessment Framework for Heterogeneous Web Service Composition

Abstract

In recent times, enterprise environments such as E-banking, E-commerce, etc., are greatly affected by the evolution of web services and their associated attacks. The process of web service composition gives rise to security issues due to the incompatibility standards of the Simple Object Access Protocol (SOAP) and representational state transfer (REST) features and the compromising service-level agreement (SLA) between the end parties which has not been considered yet. Also, the security assessment process needs to cooperate with good security standards and web services. In case of heterogeneous web services, assessment done using machine learning technologies makes use of pattern analysis where this does not work with the evolving trend behind the web service environment. Hence, there is a need for a security assessment model which will incorporate finite state machine (FSM) in its assessment process to keep track of the various WS-attacks that arise in the web application via web services in heterogeneous environments. The proposed model does the web service composition by compromising all the security conflicts that arise due to the usage of dissimilar web services. We experimented the concept by testing several web services and observed that the performance of the proposed framework in attack detection is accurate and automatic thereby achieving traceability and computability metrics.