Date of Publication :25th January 2017
Abstract: In recent years, in the context of securing of web application layer from attacks by unauthorized users, web security has been viewed. Security of Web services has shown a significant gesture as several specifications have been developed and implemented to meet web services' security challenges. However, the performance of security mechanisms is full of concerns due to additional security content in SOAP messages, the higher number of trust-building message exchanges, as well as additional CPU time to process these additions, we consider and compare the performance of various security measures applied to a simple web service evaluated with different initial message sizes in this paper. The test results shows that security mechanisms for transport layers are considerably faster than security mechanisms for message level. In addition, the effect of adding SAML-tokens is negligible and the performance of SAML-based web services is largely dependent on the underlying security mechanisms. Eventually, compared to Non-STS Mechanisms, the performance penalty for implementing STS security mechanisms is significantly high.
Reference :
-
- I. Melzer and I. Melzer, “Web Services Description Language,” in Service-orientierte Architekturen mit Web Services, 2010.
- R. G. Côté, “Simple Object Access Protocol,” in Encyclopedia of Systems Biology, 2013.
- M. Lalmas, “XML information retrieval,” in Understanding Information Retrieval Systems: Management, Types, and Standards, 2011.
- R. Vinaja, “Web Information Systems and Technologies,” J. Glob. Inf. Technol. Manag., 2012, doi: 10.1080/1097198x.2012.10845614.
- H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: A review,” in Proceedings - 2012 International Conference on Computer Science and Electronics Engineering, ICCSEE 2012, 2012, doi: 10.1109/ICCSEE.2012.373.
- F. Sun, J. System, and A. Server, “The Java EE 5 Tutorial,” System, 2010.
- T. Aggregation and F. C. Encryption, “Journal of Networks,” Simulation, 2010.
- J. Somorovsky and A. Mayer, “On Breaking SAML: Be Whoever You Want to Be.,” USENIX Secur. …, 2012.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, "Investigations on Evolution of Strategies to Preserve Privacy of Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
- W. J. Buchanan, Cryptography. 2017.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Certain Investigations on Securing Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
- J. Arkko, V. Torvinen, G. Camarillo, A. Niemi, and T. Haukka, “Security Mechanism Agreement for the Session Initiation Protocol (SIP),” Req. Comments 3329, 2003.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Survey on Approaches Developed for Preserving Privacy of Data Objects" International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 2, October 2014
- Vishal Jain, Gagandeep Singh Narula, "Improving Statistical Multimedia Information Retrieval (MIR) Model by using Ontology and Various Information Retrieval (IR) Approaches", International Journal of Computer Applications 94(2):27-30, May 2014 having ISSN No. 0975-8887.
- Vishal Jain, Gagandeep Singh, Dr. Mayank Singh, “Implementation of Multi Agent Systems with Ontology in Data Mining”, International Journal of Research in Computer Application and Management (IJRCM) May, 2013 page no. 108-114 having ISSN No. 2231 – 1009.1, Issue 3, November 2014
-
- I. Melzer and I. Melzer, “Web Services Description Language,” in Service-orientierte Architekturen mit Web Services, 2010.
- R. G. Côté, “Simple Object Access Protocol,” in Encyclopedia of Systems Biology, 2013.
- M. Lalmas, “XML information retrieval,” in Understanding Information Retrieval Systems: Management, Types, and Standards, 2011.
- R. Vinaja, “Web Information Systems and Technologies,” J. Glob. Inf. Technol. Manag., 2012, doi: 10.1080/1097198x.2012.10845614.
- H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: A review,” in Proceedings - 2012 International Conference on Computer Science and Electronics Engineering, ICCSEE 2012, 2012, doi: 10.1109/ICCSEE.2012.373.
- F. Sun, J. System, and A. Server, “The Java EE 5 Tutorial,” System, 2010.
- T. Aggregation and F. C. Encryption, “Journal of Networks,” Simulation, 2010
- J. Somorovsky and A. Mayer, “On Breaking SAML: Be Whoever You Want to Be.,” USENIX Secur. …, 2012.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, "Investigations on Evolution of Strategies to Preserve Privacy of Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014.
- W. J. Buchanan, Cryptography. 2017.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Certain Investigations on Securing Moving Data Objects" International Journal of Innovative Research in Computer and Communication Engineering, 2(2): 3033-3040, 2014
- J. Arkko, V. Torvinen, G. Camarillo, A. Niemi, and T. Haukka, “Security Mechanism Agreement for the Session Initiation Protocol (SIP),” Req. Comments 3329, 2003.
- P.Andrew, J.Anish Kumar, R.Santhya, Prof.S.Balamurugan, S.Charanyaa, " Survey on Approaches Developed for Preserving Privacy of Data Objects" International Advanced Research Journal in Science, Engineering and Technology Vol 1, Issue 2, October 2014
- Vishal Jain, Gagandeep Singh Narula, "Improving Statistical Multimedia Information Retrieval (MIR) Model by using Ontology and Various Information Retrieval (IR) Approaches", International Journal of Computer Applications 94(2):27-30, May 2014 having ISSN No. 0975-8887.
- Vishal Jain, Gagandeep Singh, Dr. Mayank Singh, “Implementation of Multi Agent Systems with Ontology in Data Mining”, International Journal of Research in Computer Application and Management (IJRCM) May, 2013 page no. 108-114 having ISSN No. 2231 – 1009.1, Issue 3, November 2014