• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Adding Security to Web Services - An Automatic, Verifiable, and Centralized Mechanism for Web Services Input Validation

Brekken, Lars Arne; Åsprang, Rune Frøysa
Master thesis
Thumbnail
View/Open
1420_FULLTEXT.pdf (2.825Mb)
1420_ATTACHMENT.zip (254.7Kb)
1420_COVER.pdf (47.62Kb)
URI
http://hdl.handle.net/11250/2571132
Date
2006
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1606]
Abstract
Accepting unvalidated input is considered today's greatest web security threat. This master's thesis addresses that threat by proposing an automatic and centralized mechanism for validating web services input. By building on existing web services standards, the proposed solution intercepts incoming web service requests and validates them against a security policy.

A major design goal for this work was to realize web services input validation without modifying existing functionality. That is, the input validation security mechanism should be added out of code. This is achieved by keeping the web services and the validation mechanism separate. Input validation configuration is accomplished by modifying a configuration file.

Even when the validation mechanism logic is correct, it may not function as intended. Such anomalies are in most cases caused by human-introduced errors in the configuration file, resulting in the need for a configuration file verification tool. This thesis proposes a verification tool that quantifies the level of security by analyzing the configuration file.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit