Service oriented architecture is a current and popular software engineering paradigm providing agile web services to consumers in a dynamically changing enterprise environment. The SOAP messages are used to establish communication between the web services which are vulnerable to rewriting attacks and insecure conversation. XML Signature as specified in WS-Security provides security to the contents of the SOAP messages but is insufficient. This paper proposes a SOAP model where rewriting attacks can be avoided and a secure conversation can be established as well. This paper recommends three steps, firstly using shared key for encrypting timestamp in the message body for generating corresponding signature; Secondly, using value referencing both for signature validation and message processing; and finally encrypting the whole SOAP body instead of sending an open SOAP Message in the network to prevent unauthorized access. The paper concludes that the proposed model successfully detects rewriting attacks and establishes secure conversation in the to-and-fro message transmission.
AN ONTOLOGY-BASED APPROACH FOR DETECTING SOAP MESSAGE ATTACKS
