User:Wsu-aw-gz

Web Services: Attacks, Faults, Security and Privacy
While web services play an important role in online business, they are threatened by attacks, faults and privacy disclosure. Various schemes have been proposed to address those issues. Along with the popularity of web services, new challenging problems concerning attacks, faults and privacy are emerging, and traditional solutions may not be effective. To present the new trend of solutions, this literature review selects four papers published at IEEE International Conference on Web Services 2007, introducing their approaches to counter DDoS attacks, to secure composite web services, to evaluate impact of faults, and to protect privacy in service matchmaking. We discuss detailed approaches proposed in [1] to counter DDoS attacks, [2] to secure execution orders for composite web services, [3] to evaluate web services performance and recovery in the presence of faults, and [4] to protect privacy in service matchmaking.

We discussed the new solutions addressing attacks, faults and privacy issues through four papers [1, 2, 3, 4] published in 2007, introducing their approaches to counter DDoS attacks, to secure composite web services, to evaluate impact of faults, and to protect privacy in service matchmaking. [1] proposes a system against DDoS built on top of web services. The web service relies on a ServiceHub and another authenticator to reject a large number of requests from DDoS attackers. The target web server has a hiding location, while ServiceHub with a know address serves as its interface with client requests. The authenticator as another service provider provides authentication function for the SeviceHub. The empirical results show great advantage of such scheme against DDoS. [2] presents a decentralized framework to secure composite web services. The proposed scheme satisfies the following requirements: availability, confidentiality, authentication and execution integrity. [3] presents a test system WSRecove for evaluating the performance and availability, focusing on the impact of faults. WSRecove consists of a set of faults used for injection and measures that characterizes the performance and availability. Compared with studies and benchmarks focusing on the peak performance, WSRecove provides a more practical approach incorporating the impact of faults. [4] presents situation-aware access control based privacy-preserving service matchmaking approach to ensure proper disclosure and use of private information during the service matchmaking process. It models, specifies, reasons and enforces SA-AC policies.

References

[1] Xinfeng Ye, Singh, S. A SOA Approach to Counter DDoS Attacks, IEEE International Conference on Web Services, 2007.

[2] Joachim Biskup, Barbara Carminati, Elena Ferrari, Frank Muller, Sandra Wortmann, Towards Secure Execution Orders for CompositeWeb Services, IEEE International Conference on Web Services, 2007.

[3] Marco Vieira, Nuno Laranjeiro, Comparing Web Services Performance and Recovery in the Presence of Faults, IEEE International Conference on Web Services, 2007.

[4] Stephen S. Yau, Junwei Liu, A Situation-aware Access Control based Privacy-Preserving Service Matchmaking Approach for Service-Oriented Architecture, IEEE International Conference on Web Services, 2007.

网页服务：攻击, 故障, 安全和隐私
虽然网页服务在网络业务中发挥了重要作用，它受到了多种威胁,例如攻击、 故障和私隐泄露. 研究者也提出了很多相应的解决方案. 随着网页服务的普及，也涌现出了许多关于攻击、故障和隐私的新的挑战性问题. 对此，传统解决方案未必有效. 针对解决方案的新趋势，这篇综述选择了几篇发表在2007年美国电子工程协会举办的网页服务国际会议的论文. 这几篇论文讨论了对付分布式拒绝服务攻击的途径，评估故障对性能评估的影响，保护私隐，以及复合网页服务的安全性. [1]提出对付分布式拒绝服务攻击的途径， [2]提出安全执行符合网页服务的方案， [3]评估了故障测试对性能评价的影响， [4]探讨了在服务匹配复合服务中保护私隐的方法.

我们讨论了新的抗攻击、 评估故障影响和保护私隐问题的的解决方案. 主要介绍了2007网页服务国际会议上发表的四篇论文 [1、 2、 3、 4]，分别讨论了关于评估故障的影响，针对复合网页服务的分布式拒绝服务攻击及在服务匹配中如何保护私隐. [1] 提出了一个基于网页服务的抗分布式拒绝攻击系统. 其中网页服务依赖于一个服务中枢和另一个身份验证服务. 实际的网页服务器隐藏了自己的地址，而是以一个公开地址的服务中枢作为客户端请求的接口. 另一个服务提供商为网页服务提供身份验证功能. 实验调查结果显示该方法抗分布式拒绝服务的优势. [2] 提供了一个提高复合网页服务安全性的分布式架构. 该方案满足以下要求：可获得性，保密、 身份验证和执行的完整性. [3]提出了一种在故障的存在下测试网页服务系统的性能和恢复性的方案. 该方案由一组将被注入的故障和对性能和可用性的测量准则组成. 与偏重最高性能的基准及研究相比，该方案提供了一个评估故障影响的实用方法. [4]提出了在服务匹配过程中保护隐私方案. 该方案确保服务匹配过程中适当披露过程中的私人信息. 它模拟、 指定、争辩和实施了基于当前形势的策略.

引用

[1] 叶新风， 辛格， 一种服务趋向架构的抗分布式拒绝服务攻击的方法， 2007网页服务国际会议. [2] 若阿基姆•比斯卡不，芭芭拉•擦入迷那提， 饿了那•法拉利，夫兰克•马勒，桑德•瓦塔曼，针对安全执行符合网页服务，2007网页服务国际会议. [3] 马村人•比埃拉，努脑•蜡染金额若， 比较在故障存在下网页服务性能和恢复时间，2007网页服务国际会议.

[4] 斯蒂芬•亚，刘俊威，基于形势的访问控制和隐私保护的服务匹配方法， 2007网页服务国际会议.