Behavior-aware Service Access Control Mechanism using Security Policy Monitoring for SOA Systems

by   Yunfei Meng, et al.

Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.


Security Wrappers for Information-Flow Control in Active Object Languages with Futures

This paper introduces a run-time mechanism for preventing leakage of sec...

A certified reference validation mechanism for the permission model of Android

Android embodies security mechanisms at both OS and application level. I...

Data and Incentives

Many firms, such as banks and insurers, condition their level of service...

Rethinking Quality of Experience for Metaverse Services: A Consumer-based Economics Perspective

The Metaverse is considered to be one prototype of the next-generation I...

Topological Run-time Monitoring for Complex Systems

In this paper we introduce a new data-driven run-time monitoring system ...

Verifying Policy Enforcers

Policy enforcers are sophisticated runtime components that can prevent f...

Towards Comprehensively Understanding the Run-time Security of Programmable Logic Controllers: A 3-year Empirical Study

Programmable Logic Controllers (PLCs) are the core control devices in In...

Please sign up or login with your details

Forgot password? Click here to reset