A new customizable security framework for preventing WSDL attacks

Abstract

The Service Oriented Architecture (SOA) has emerged as a dominant paradigm in the recent era for Enterprise Application Integration (EAI). Web Services are the implementation of SOA, where a service is Software component which does a specific functionality and does not depend on the context of other services. These services support distributed functionalities which operate irrespective of machine architectures, operating systems and programming languages; where the data transmission is done through the simple Internet protocols such as HTTP in Web Services. As the data is transferred in XML format which is a plain text, it is prone for attacks. The Web Service Description Language (WSDL) is an XML document that describes the services including their input/output parameters, while Simple Object Access Protocol (SOAP) describes the communication part. The standard SOA does not provide any sufficient security mechanisms for both WSDL and SOAP messages. Through literatures, it has been shown that there is a huge interest in developing solutions for SOAP message level attacks; however, there is not much on WSDL attacks. As a matter of fact, the WSDL attacks are severe in nature which can even halt the entire web services down. An attacker can reveal sensitive information as well as can interpret the list of operations that are provided by the web services. In this paper, the possible WSDL attacks are critically analyzed with their impact. A new SOA security framework which prevents the WSDL attacks and preserves the confidentiality and integrity of transmitted WSDL document is proposed. This framework effectively applies available security standards, and as a novelty it uses Artificial Neural Networks for knowledge acquisition of WSDL attacks dynamically.