Adaptive security architecture for protecting RESTful web services in enterprise computing environment

Beer, M.I. and Hassan, M.F. (2018) Adaptive security architecture for protecting RESTful web services in enterprise computing environment. Service Oriented Computing and Applications, 12 (2). pp. 111-121.

Full text not available from this repository.
Official URL: https://www.scopus.com/inward/record.uri?eid=2-s2....

Abstract

In this modern era of enterprise computing, the enterprise application integration (EAI) is a well-known industry-recognized architectural principle that is built based on loosely coupled application architecture, where service-oriented architecture (SOA) is the architectural pattern for the implementation of EAI, whose computational elements are called as �services.� Though SOA can be implemented in a wide range of technologies, the web services implementation of SOA becomes the current selective choice due to its simplicity that works on basic Internet protocols. Web service technology defines several supporting protocols and specifications such as SOAP and WSDL for communication with client and server for data interchange. A new architectural paradigm has emerged in SOA in recent years called REpresentational State Transfer (REST) that is also used to integrate loosely coupled service components, named RESTful web services, by system integration consortiums. This SOA implementation does not possess adequate security solutions within it, and its security is completely dependent on network/transport layer security that is obsolete owing to latest web technologies such as Web 2.0 and its upgraded version, Web 3.0. Vendor security products have major implementation constraints such as they need secured organizational environment and breach to SOA specifications, hence introducing new vulnerabilities. Herein, we examine the security vulnerabilities of RESTful web services in the view of popular OWASP rating methodologies and analyze the gaps in the existing security solutions. We hence propose an adaptive security solution for REST that uses public key infrastructure techniques to enhance the security architecture. The proposed security architecture is constructed as an adaptive way-forward Internet-of-Things (IoT) friendly security solution that is comprised of three cyclic parts: learn, predict and prevent. A novel security component named �intelligent security engine� is introduced which learns the possible occurrences of security threats on SOA using artificial neural networks learning algorithms, then it predicts the potential attacks on SOA based on obtained results by the developed theoretical security model, and the written algorithms as part of security solution prevent the SOA attacks. This paper is written to present one of such algorithms to prevent SOA attacks on RESTful web services along the discussion on the obtained results of the conducted proof-of-concept on the real-time SOA environment. A comparison of the proposed system with other competing solutions demonstrates its superiority. © 2017, Springer-Verlag London Ltd., part of Springer Nature.

Item Type: Article
Impact Factor: cited By 0
Uncontrolled Keywords: Computer architecture; Distributed computer systems; Information services; Internet of things; Internet protocols; Network architecture; Network layers; Neural networks; Public key cryptography; Security of data; Service oriented architecture (SOA); Software architecture; Specifications; Web services; Websites, Application architecture; Enterprise application integration; Enterprise computing environment; Internet of Things (IOT); Public key infrastructure; Representational state transfer; REST; Security, Network security
Departments / MOR / COE: Research Institutes > Institute for Autonomous Systems
Depositing User: Mr Ahmad Suhairi Mohamed Lazim
Date Deposited: 01 Aug 2018 03:14
Last Modified: 07 Nov 2018 03:28
URI: http://scholars.utp.edu.my/id/eprint/21517

Actions (login required)

View Item
View Item