An adaptive and smart security architecture for Web Service - SmartWSSec Architecture

EL HOUSSAIN, BEN MESSAOUD and OUAFAA, DIOURI (2016) An adaptive and smart security architecture for Web Service - SmartWSSec Architecture. In: Fifth International Conference on Advances in Computing, Control and Networking - ACCN 2016, 25-26 September 2016, Bangkok, Thailand.

[img]
Preview
Text
20161006_120328.pdf - Published Version

Download (685kB) | Preview
Official URL: https://www.seekdl.org/conferences/paper/details/8...

Abstract

Vulnerabilities in Web based applications will always be present. Several measures were taken to extenuate the effects of this reality but with limited success. In fact, we are bombarded by new technologies to harden systems and monitor and respond to threats, like firewalls, IDS (intrusion detection system) and IPS (Intrusion Prevention System). However, the flow of attacks and threats is so important to the point that the configuration and reconfiguration of these tools becomes difficult to insure in time. In this paper we introduce “a framework for dynamic security Policy for Web services” called SmartWSSec. The main goal of our architecture is to guarantee better security for web services based on adaptive security models. It aims to identify the appropriate actions that must be taken when a zero day attack occurred resulting on a smart protection for web service in a self-adaptive manner. The proposed architecture uses a knowledge based mechanism to learn and adjust the system when new not-known before attack appears. The proposed architecture also includes an isolation faculty to protect the system when self-adaptation fails, which will notify and involve a system administrator. We have included on this paper also the design, the components, models and concepts of adaptive security architecture, and finally gives insights on a possible implementation by providing a POC applied to different use cases.

Item Type: Conference or Workshop Item (Paper)
Uncontrolled Keywords: Adaptive and dynamic security, Knowledge database, prevention, reaction, Security policy, Smart engine, Web service, WS-SecurityPolicy
Depositing User: Mr. John Steve
Date Deposited: 22 Mar 2019 06:57
Last Modified: 22 Mar 2019 06:57
URI: http://publications.theired.org/id/eprint/736

Actions (login required)

View Item View Item