Scheduled System Maintenance:
Some services will be unavailable Sunday, March 29th through Monday, March 30th. We apologize for the inconvenience.
By Topic

A practical approach to secure Web services

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Jie Xu ; Sch. of Comput., Leeds Univ. ; Yang, E.Y. ; Bennett, K.H.

Web services provide the potential to offer interoperability of distributed business-to-business application integration between autonomous organisations, regardless of platforms, operating systems or languages. For both user and vendor organisations, this raises immediate problems of trust, security, privacy and prevention of malicious attacks. Until these problems are addressed and solved properly, the use of Web services will be severely restricted because no-one will trust them. We describe in this paper a service-oriented architecture and an attack-tolerant information retrieval (ATIR) service which tackles certain classes of privacy problems. In particular, we address the problem of protecting a user against malicious attacks upon an information service when the user retrieves some information from the service. Although there have been many theoretical solutions to certain aspects of this problem, the results have yet to be adapted to real systems. We report our experience of integrating the ATIR service with Taverna, a popular workflow system used amongst the UK e-science/grid computing community, to support secure information retrieval in the biology context. Performance studies show that the overhead of ATIR server-side processing is trivial (<5%) in comparison with the total processing time of the integrated Taverna. Our experimental results also show that the major processing overhead is caused by the Taverna enactor operations which consume no less than 50% of the total processing time

Published in:

Object and Component-Oriented Real-Time Distributed Computing, 2006. ISORC 2006. Ninth IEEE International Symposium on

Date of Conference:

24-26 April 2006