2114
E-Services Privacy
Version). Retrieved February 18, 2005, from http://
www.parl.gc.ca/36/2/parlbus/chambus/house/bills/
government/C-6/C-6_4/C-6_cover-E.html
Holborn, F. (2003). Theft happens: Data security
for intellectual property managers. Retrieved Feb-
ruary 15, 2005, from />ip-security.pdf
IBM. (n.d.). P3P policy editor. Retrieved February
11, 2005, from />tech/p3peditor
I D T h e f t , S c h e m e s , S c a m s , F r a u d s . I d e n t i t y t h e f t E x -
amples using social engineering and phone phishing
techniques. (n.d.). Retrieved February 11, 2005, from
/>marketing/Inbound/MajorIn/id_theft.htm
Information and Privacy Commissioner for Brit-
ish Columbia. (2004). Privacy and the USA Pa-
triot Act. Implications for British Columbia public
sector Outsourcing. USA Paptriot Act threatens
Canadians’ privacy. Retrieved February 10, 2005,
from />WULRWBDFWSGIVUHSRUWSULYDF\¿QDOSGI
Kent, S., & Millett, L. (Eds.). (2003). Privacy chal-
l e n g e s i n a u t h e n t i c a t i o n s y s t e m s i n w h o g o e s t h e r e ?:
Authentication through the lens of privacy. USA:
The National Academic Press.
McDonald, L. (n.d.). Why 12% of your e-mails are
not reaching their intended recipients. Retrieved
February 18, 2005, from illabs.
com/articles/email_articles/article_unknown-
bounces.html
Microsoft. (n.d.). Microsoft Passport. Retrieved
February 20, 2005, from http://www-microsoft.

com/myservices/passport
2 I ¿ F H RI W K H 3 U LYDF\&RP P L V V LRQH U RI&DQ D G D  Q  G  
Privacy Legislation. Retrieved from http://www.
privcom.gc.ca/legislation/index_e.asp
Roberts, L. (2003). Personal privacy and the Internet.
Info Tech Talk, 8(3), 2-3. Retrieved February 7, 2005,
from />ters/newletters_pdf/itt0603.pdf
The European Commission. (2002). Directive
2002/58/EC of the European Parliament and of the
Council of 12 July 2002 concerning the processing
of personal data and the protection of privacy in the
electronic communications sector (Directive on
privacy and electronic communications). Retrieved
February 6, 2005, from />internal_market/privacy/law_en.htm
Tumer, A., Dogac, A., & Toroslu, H.(2003). A Se-
mantic based privacy framework for Web services.
Retrieved February 22, 2005, from c.
metu.edu.tr/webpage/publications/2003/TumerDo-
gacToroslu.pdf
UK. (1998). Data Protection Act. Retrieved May
14, 2005, from />acts1998/19980029.htm
U.S. Department of Commerce. (2000). Safe Har-
bour Agreement. Retrieved May 14, 2005, from
/>U.S. Government. (1998). The Digital Millennium
&RS\ULJKW$FWRI ²86&RS\ULJKW2I¿FH
Summary. Retrieved February 13, 2005, from http://
www.copyright.gov/legislation/dmca.pdf
VanderLeest, S. H., (Ed.). (2001). %HLQJÀXHQWDQG
faithful in a digital world. Calvin College. Retrieved
February 18, 2005, from />demic/rit/webBook

W3C. (2004). Platform for Privacy Preferences
Project (P3P). Retrieved February 19, 2005, from
/>Yahoo. (n.d.). Yahoo! Privacy Center. Retrieved May
14, 2005, from />pixels/details.html
This work was previously published in Privacy Protection for E-Services , edited by G. Yee, pp. 94-114, copyright 2006 by IGI
Publishing (an imprint of IGI Global).
2115
Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
Chapter 7.10
Web Services Security in
E-Business:
Attacks and Countermeasures
Wei-Chuen Yau
Multimedia University, Malaysia
G. S. V. Radha Krishna Rao
Multimedia University, Malaysia
ABSTRACT
Web services enable the communication of ap-
plication-to-application in a heterogeneous net-
work and computing environment. The powerful
IXQFWLRQDOLW\RI:HEVHUYLFHVKDVJLYHQEHQH¿WV
t o e n t e r p r i s e c o m p a n i e s , s u c h a s r a p id i n t e g r a t i n g
between heterogeneous e-business systems, easy
implementation of e-business systems, and reus-
ability of e-business services. While providing
WKHÀH[LELOLW\IRUHEXVLQHVV:HEVHUYLFHVWHQG
to be vulnerable to a number of attacks. Core
components of Web services such as simple object
access protocol (SOAP), Web services description
language (WSDL), and universal description, dis-

FRYHU\DQGLQWHJUDWLRQ8'',FDQEHH[SORLWHG
by malicious attacks due to lack of proper security
protections. These attacks will increase the risk
of e-business that employs Web services. This
chapter aims to provide a state-of-the-art view of
Web services attacks and countermeasures. We
H[DPLQHYDULRXVYXOQHUDELOLWLHVLQ:HEVHUYLFHV
and then followed by the analysis of respective
attacking methods. We also discuss preventive
countermeasures against such attacks to protect
Web services deployments in e-business. Finally,
we address future trends in this research area.
INTRODUCTION
As the use of the Internet and the World Wide
:HE ::: LV H[SDQGLQJ UDSLGO\ PRUH DQG
more companies are implementing e-business
using Web technologies to replace the traditional
business model. Conventional Web application is
human-centric, which relies on lots of time-con-
suming human intervention. The development
2116
Web Services Security in E-Business
of Web services technology has changed this
computing paradigm to application-centric.
A Web service is any piece of software that
supports interoperable program-to-program in-
teraction over a network (Booth, Haas, McCabe,
Newcomer, Champion, Ferris, et al., 2004). This
WHFKQRORJ\LVQRWWLHGWRDQ\VSHFL¿FRSHUDWLQJ
systems and programming languages. Thus, it en-

ables the communication of application-to-appli-
cation in a heterogeneous network and computing
environment. This allows enterprise companies to
implement and integrate their e-business systems
rapidly. Also, reusability of e-business services
EHFRPHVHDV\$OORIWKHVHEHQH¿WVDUHDJUHDW
attraction for enterprise companies to adopt Web
services in their e-business environment.
:KLOH:HEVHUYLFHVSURYLGHWKHÀH[LELOLW\IRU
e-business, they introduce security issues that are
less known in the e-business communities. The
objective of this chapter is to address security
FKDOOHQJHVSUHVHQWHGLQ:HEVHUYLFHVDQGH[SODLQ
which types of solutions are plausible for counter-
ing Web services attacks. In the following sec-
tions, we review current Web services technology,
present different attacks against Web services,
discuss some of the security countermeasures,
suggest directions for future research, and present
a conclusion of this chapter.
WEB SERVICES ARCHITECTURE
A Web services architecture (Booth et al., 2004)
is a set of systems and protocols that facilitate
application-to-application communication over
a network. There are many technologies that are
related to the Web services architecture. The main
b u i l d i n g b l o c k s ( Fi g u r e 1) t h a t w e d e s c r i b e h e r e a r e
H[WHQVLEOHPDUNXSODQJXDJH;0/%UD\3DROL
Sperberg-McQueen, Maler, & Yergeau, 2004),
simple object access protocol (SOAP) (Gudgin,

Hadley, Mendelsohn, Moreau, & Nielsen, 2003a,
2003b; Mitra, 2003), Web services description
language (WSDL) (Booth, & Liu, 2005; Chinnici,
Haas, Lewis, Moreau, Orchard, & Weerawarana,
2005; Chinnici, Moreau, Ryman, & Weerawarana,
2005), and universal description, discovery, and
integration (UDDI) (Clement, Hately, Riegen, &
Rogers, 2004).
XML
;0/GH¿QHVGRFXPHQWVLQDVWUXFWXUHGIRUPDW
(Bray et al., 2004). This format can represent the
GDWDWREHH[FKDQJHGDVZHOODVWKHPHWDGDWDRI
WKHGDWDFRQWHQWV$Q;0/¿OHFRQWDLQVODEHOV
of different parts of the document. These labels
DUHVSHFL¿HGLQDWDJIRUPDW)RUH[DPSOH/LVW-
LQJVKRZVDQ;0/GRFXPHQWWKDWFRQWDLQVWKH
address of Multimedia University. The document
has a root element <address>. Each piece of data
is described by a pair of tags, such as <> and </>,
that identify the start and end of the data. The
QDWXUHRI;0/GRFXPHQWVHQDEOHH[FKDQJHRI
information between application to application
becomes easy. It is the foundation for Web services
building blocks. Other Web services components
DUHHQFRGHGLQWKH;0/IRUPDW
SOAP
62$ 3 G H V F U L E H V K RZ;0 / P H V V DJHVH[F K D Q J HL Q 
a decentralized, distributed environment (Mitra,
2003). SOAP provides a stateless and one-way
PHVVDJHH[FKDQJHIUDPHZRUNWKDWFDQEHH[WHQGHG

to request/response, request/multiple responses,
DQGRWKHUPRUHFRPSOH[PHVVDJHH[FKDQJHZD\V
SOAP messages can be carried by various net-
ZRUNSURWRFROVVXFKDV+773K\SHUWH[WWUDQVIHU
protocol), SMTP (simple mail transfer protocol),
and raw TCP/IP (transmission control protocol/
Internet protocol). SOAP messaging framework
is independent of any particular programming
language or platform. The basic structure of a
SOAP message contains the following four parts
(Figure 2):
2117
Web Services Security in E-Business
• Envelope: The SOAP envelope is the root
element of the soap message. It contains an
optional header element and a mandatory
body element.
• Header: The SOAP header is an optional
element that contains additional application
requirements for processing the message in
the message path, such as security creden-
tials, routing instructions, and transaction
management.
• Body: This element contains the actual
application data or an optional fault mes-
sage.
• Fault: A fault message is generated by an
intermediary or an ultimate receiver of the
SOAP message to describe any occurrence
RIH[FHSWLRQDOVLWXDWLRQ

Listing 2 shows a simple SOAP request mes-
sage for a Web service that performs addition for
two numbers. The request asks the service to add
the numbers 2 and 3. Listing 3 shows the response
message with the result of the addition (i.e., 5).
WSDL
:6'/LVDQ;0/IRUPDWWKDWGHVFULEHV:HE
services (Booth, & Liu, 2005). A WSDL docu-
ment tells us what a service does, how a service is
accessed, and where a service is located. A Web
VHUYLFHLVGH¿QHGXVLQJVHYHQPDMRUHOHPHQWV
• Description: This is the root element of a
WSDL document.
<?[Pl version=”1.0” encoding=”UTF-8” ?>
<address>
<name>Multimedia University</name>
<street>Jalan Multimedia</street>
<city>Cyberjaya</city>
<state>Selangor Darul Ehsan</state>
<postcode>63100</postcode>
</address>


Listing 1. A simple XML document
Figure 1. Main building blocks of Web services (Source: W3C)
Discovery
UDDI
Description
WSDL
Messaging

SOAP
Base T echnology
XML
2118
Web Services Security in E-Business
• Ty pes: This element describes data types
WKDWDUHXVHGIRUWKHH[FKDQJHGPHVVDJHV
• Interface:7KLVHOHPHQWGH¿QHVWKHDEVWUDFW
interface of the Web service.
• Operation: This element describes opera-
tions supported by the Web services and
DOVRVSHFL¿HVWKHW\SHVRIPHVVDJHVWKDWWKH
service can send or receive.
• Binding:7KHELQGLQJHOHPHQWVSHFL¿HV
concrete protocol and encoding style for
the operations and messages.
• Service7KLVHOHPHQWGH¿QHVWKHQDPHRI
the service.
• Endpoint: 7KLVHOHPHQWGH¿QHVDQHQGSRLQW
IRUWKHVHUYLFHDQGVSHFL¿HVWKHDGGUHVVWR
D F F H V V W K H V H U Y LFHXVL QJSUHY LRXVO \ V S H FL ¿HG
binding.
/LVWLQJVKRZVDQH[DPSOHRID:6'/GRFX-
ment. The document describes a Web service
that can check the availability of a room for hotel
GreatH (Booth & Liu, 2005).
UDDI
UDDI provides a mechanism for publishing and
¿QGLQJ:HEVHUYLFHV&OHPHQWHWDO$
UDDI registry is like an electronic phone book

WKDWSURYLGHVWKHFODVVL¿FDWLRQDQGFDWDORJRI:HE
services. Web services providers can register
their business or Web services to a UDDI server.
$XVHURIWKH:HEVHUYLFHFDQVHDUFKDVSHFL¿F
Web service using the UDDI registry. The fol-
lowing core data structures of UDDI are used
for describing an organization, the available Web
services, and technical requirements for access
to those services:
• businessEntity: Describes a business or
organization that provides Web services.
• businessService: Describes a single or
group of related Web services offered by
an organization.
• bindingTemplate: Describes the techni-
cal information to access a particular Web
service.
Envelope ( Mandatory)
Header ( Optional)
Body ( Mandatory)
Fault (Optional)
Figure 2. Basic structure of a SOAP message (Source: W3C)
2119
Web Services Security in E-Business
• tModel: Describes a technical model that
enable the user to identify the technical
VSHFL¿FDWLRQVRI:HEVHUYLFHV
Basic Roles and Operations
A simple Web service system consists of
three participants: a service requester, a service

provider, and a service registry. Figure 3 shows
their basic roles and operations in a Web service
architecture. The service provider provides the
interface and implementation of a Web service.
7KH:HEVHUYLFHGHVFULSWLRQLVVSHFL¿HGLQ:6'/
The provider can publish the Web service in the
registry. The service requester or the consumer
FDQ¿QGWKH:HEVHUYLFHDQGLWVGHVFULSWLRQLQ
the registry. The requester can then communicate
with the provider using SOAP messages based on
the service description in the WSDL.
ATTACKS IN WEB SERVICES
Web services are vulnerable to a wide range of
attacks. Various studies (Lindstrom, 2004; Negm,
2004; Wilson, 2003) have shown conceptual at-
tacks that are most likely to be used for compro-
mising Web services architectures. This section
discusses in detail how malicious attackers launch
a number of these attacks against Web services.
Information Gathering
This is the preparation stage for attackers before
launching any attacks. Attackers try to gather
<?[Pl version="1.0" encoding="utf-8"?>

<env:Envelope [Plns:env="
<env:Body>

<m:Add[mlns:m="http://H[ample.org/addition">

<m:FirstNum>2</m:FirstNum>

<m:SecondNum>3</m:SecondNum>

</m:Add>

</env:Body>
</env:
En
velope
>

<?[Pl version="1.0" encoding="utf-8"?>

<env:Envelope [Plns:env="
<env:Body>

<m:AddResponse[mlns:m="http://H[ample.org/addition">

<m:AddResult>5</m:AddResult>

</m:AddResponse>

</en
v:
Body
>
</env:Envelope>

Listing 2. Simple SOAP request message
Listing 3. Simple SOAP response message
2120

Web Services Security in E-Business
<?[Pl version="1.0" encoding="utf-8" ?>
<description
[mlns="
targetNamespace= "http://greath.H[ample.com/2004/wsdl/resSvc"
[Plns:tns= "http://greath.H[ample.com/2004/wsdl/resSvc"
[Plns:ghns = "http://greath.H[ample.com/2004/schemas/resSvc"
[Plns:wsoap= "
[Plns:soap="
[Plns:wsdO[ "

<types>
[s:schema[mlns[s="
targetNamespace=http://greath.H[ample.com/2004/schemas/resSvc
[Plns="http://greath.H[ample.com/2004/schemas/resSvc">
[s:element name="checkAvailability" type="tCheckAvailability"/>
<[V:complH[Type name="tCheckAvailability">
[s:sequence>
<[VHlement name="checkInDate" type [V:date"/>
<[VHlement name="checkOutDate" type=[VGDte"/>
<[VHlement name="roomType" type [V:string"/>
[V:sequence>
<[s:comple[7ype>
<[V:element name="checkAvailabilityResponse" type [V:double"/>
<[V:element name="invalidDataError" type=[VVWULng"/>
[V:schema>
</types>

<interface
name = "reservationInterface" >

<fault name = "invalidDataFault" element = "ghns:invalidDataError"/>

<operation
name="opCheckAvailability" pattern="
style=" wsdO[Vafe = "true">
<input messageLabel="In" element="ghns:checkAvailability" />
<output messageLabel="Out" element="ghns:checkAvailabilityResponse" />
<outfault ref="tns:invalidDataFault" messageLabel="Out"/>
</operation>

</interface>

<binding
name="reservationSOAPBinding" interface="tns:reservationInterface"
type="
wsoap:protocol="
<fault ref="tns:invalidDataFault" wsoap:code="soap:Sender"/>
<operation ref="tns:opCheckAvailability"
wsoap:mep="
</binding>

<service
name="reservationService" interface="tns:reservationInterface">
<endpoint
name="reservationEndpoint" binding="tns:reservationSOAPBinding"
address ="http://greath.H[ample.com/2004/reservation"/>
</service>

</description>


Listing 4. Sample WSDL document (Source: W3C)
information that is related to a targeted-service
provider. This information includes organization
or business description, available Web services,
technical access requirement, and so on. Such in-
formation can be found from a UDDI registry.
WSDL Scanning
6LQFHD:6'/¿OHSURYLGHVDFOHDUYLHZRIKRZ
WRLQWHUDFWZLWKDVSHFL¿F:HEVHUYLFHWKHLQLWLDO
step for launching an attack is to obtain a copy of
WKH:6'/¿OH$QDWWDFNHUFDQVFDQWKURXJKWKH
WSDL document to get information such as the
2121
Web Services Security in E-Business
DYDLODEOHRSHUDWLRQVDQGWKHH[SHFWHGSDUDPHWHUV
or types of the messages. After this, the attacker
may proceed by sending various manipulated
SOAP messages in order to discover weaknesses
RI WKH :HEV HU Y LF H )RUH[DP SO H W KHDW W DFNHU PD\ 
guess what operations are supported but unpub-
OLVKHGLQWKH:6'/¿OH7KLVFDQEHDFKLHYHGE\
sending different message request patterns with
various operation string combinations. The reason
for such an attack to be successful is because of
poor programming practices.
Parameter Tampering
$IWHUVFDQQLQJWKURXJKD:6'/¿OHIRUDVSHFL¿F
Web service, an attacker can further test if the
Web service application is performing any type
of input validation. If the application does not

sanitize invalid client inputs, then it is suscep-
tible to parameter tampering attack. An attacker
can submit different parameter patterns in order
to crash the application or gain further access
WRXQDXWKRUL]HGLQIRUPDWLRQ)RUH[DPSOHLID
:HE VHUYLFH DSSOLFDWLRQ H[SHFWV DQLQSXWZLWK
an integer type parameter, then an attacker may
WU\WRVXEPLWDQLQSXWZLWKW\SHRIVWULQJRUÀRDW
This may cause a denial-of-service attack if the
application does not know how to process the
XQH[SHFWHGFRQWHQW
SQL (Structure Query Language)
Injection
SQL injection is an attack that uses parameter
WDPSHULQJ7KLVDWWDFNH[SORLWV:HEVHUYLFHDS-
plication that does not perform proper validation
check of client-supplied input in SQL queries. An
attacker can submit some special characters (e.g.,
a single quotation or a semicolon) to the input
string. If the application accepts and passes the
d a t a t o a n S Q L s t a t e m e n t , t h e a t t a c k e r m a y b y p a s s
the authentication procedure (e.g., a form-based
login) to retrieve unauthorized information in
the database. The attacker may attack further
by modifying the record in the database or per-
IRUPUHPRWHFRPPDQGH[HFXWLRQ)DXVW
has demonstrated this attack against a test Web
service that simulates a simple product inventory
system.
Coercive Parsing

$Q;0/SDUVHUUHDGVWKURXJKRUSDUVHVDQ;0/
GRFXPHQWLQWRLWVFRPSRQHQWSDUWV1RWDOO;0/
SDUVHUVKDQGOHFRQVLVWHQWO\ZLWKSHFXOLDU;0/
documents that have a format that differs from
ZKDWLVH[SHFWHG$FRHUFLYHSDUVLQJDWWDFNH[-
ploits this weakness to overwhelm the processing
F DSDE LOLW L H VRI W KHV\ V WHP( [ D PSOHVRI W K L V DW W D FN
include recursive payloads, oversized payloads,
DQG62$3PHVVDJHVÀRRGLQJ
Recursive Payloads
;0/DOORZVQHVWHGHOHPHQWVZLWKLQDGRFXPHQW
WRGHVFULEHFRPSOH[UHODWLRQVKLSVDPRQJHOHPHQWV
An attacker can create a deeply nested document
WRWHVWWKHFDSDELOLW\RI;0/SDUVHU)RUH[DPSOH
WKHDWWDFNHUFDQFUHDWHDQ;0/GRFXPHQWWKDW
has 100,000 levels of nested elements (Figure 4).
This may overload the processor when it parses
the document.
Oversized Payloads
3HUIRUPDQFHRIDQ;0/SDUVHULVDIIHFWHGZKHQ
SDUVLQJDODUJHVL]HRI;0/GRFXPHQWV$QDW-
W D F N H UFD Q VHQGD Q H [ W U H P H O\ODUJH S D \OR D G L Q R U G H U 
WRGHJUDGHWKHSHUIRUPDQFHRIDQ;0/SDUVHU
This may result a denial-of-service attack if the
parser cannot handle the oversized payload.
SOAP Messages Flooding
T h e g o a l o f t h i s a t t a c k i s t o o v e r l o a d a We b s e r v i c e
by sending SOAP message requests repeatedly
(Figure 5). The SOAP message itself is valid but
WKH;0/SURFHVVRUPD\QRWEHDEOHWRSURFHVV

2122
Web Services Security in E-Business
H[FHVVLYH62$3PHVVDJHVLQDVKRUWSHULRGRI
time. Thus, this may deter the Web service ap-
plication from receiving other nonmalicious SOAP
message requests.
Schema Poisoning
;0/VFKHPD%\URQ0DOKRWUD7KRPS-
son, Beech, Maloney, & Mendelsohn, 2004)
GHVFULEHVWKHVWUXFWXUHRIDQ;0/GRFXPHQW$
YDOLG;0/GRFXPHQWPXVWFRQIRUPWRLWVVFKHPD
$SDUVHUUHDGVDQ;0/GRFXPHQWDQGFRPSDUHV
it to its schema to check the validity of the docu-
ment. Attackers can perform a schema poison-
LQJE\¿UVWFRPSURPLVLQJDQRGHWKDWVWRUHVWKH
schema. Then, they replace the original schema
Z L W K D PRG L ¿H GRQH $ V V X FK D Q\LQFRPL QJ6 2$ 3 
messages will be determined as invalid by the
SDUVHUVLQFHWKH\GRQRWFRQIRUPWRWKHPRGL¿HG
schema. Consequently, a denial-of-service attack
is achieved.
External Entity Attacks
([WHUQDOHQWLWLHVHQDEOH;0/WREXLOGDGRFX-
PHQW G\QDPLFDOO\ E\ UHIHUULQJ WR DQ H[WHUQDO
content. They get this content by referencing it
YLDDVSHFL¿HG85/XQLYHUVDOUHVRXUFHORFDWRU
An attacker may replace the third-party content
ZLWKDPDOLFLRXVFRQWHQW3DUVLQJDQ;0/GRFX-
ment from this malicious source may result the
:HEVHUYLFHDSSOLFDWLRQWRRSHQDUELWUDU\¿OHVRU

network connections.
Routing Detours
A SOAP message may route through some
intermediary nodes when it travels from the
initial sender to the ultimate receiver (Figure 6).
If one of these intermediaries is compromised
and controlled by an attacker, then either one of
the following bogus routing instructions may be
inserted:
• Route the message to a malicious location
(Figure 7): This may result the critical infor-
mation stolen by the attacker. However, the
attacker may still forward the SOAP message
to the original destination after stripping out
the additional malicious instructions.
• 5RXWHWKHPHVVDJHWRDQRQH[LVWHQWGHVWLQD-
tion (Figure 8): This may cause a denial-of-
service attack since the message will never
be routed to the intended destination.
Service
Registry
Find
Web
services
UDDI
Publish
Web
services
WSDL
Communications

SOAP m essages
Service
Requester
Service
Provider
Figure 3. Basic roles and operations in a Web service architecture
2123
Web Services Security in E-Business
Malicious Contents
This attack is related to binary attachments of
SOAP messages. Attackers may modify binary
DWWDFKPHQWVVXFKDVH[HFXWDEOH¿OHVLQRUGHUWR
FDXVHH[FHSWLRQZLWKLQWKH:HEVHUYLFHDSSOL-
cations. Attached malicious programs such as
viruses, worms, or Trojan horse programs may
be transmitted via SOAP messages across the
Web service architecture.
COUNTERMEASURES AGAINST
WEB SERVICES ATTACKS
There are many challenges for implementing
secure Web services. As valuable business trans-
action data and sensitive customer information
are transmitted or stored within the Web services
architecture, compromising of any nodes in the
architecture may result in a leakage of sensitive
i nfo r mat ion to an u nau thorize d thi rd p ar t y. In a d-
dition, disruption of any Web services may cost a
g r e a t a m o u n t o f l o s s t o a n o r g a n i z a t i o n . I t i s c r u c i a l
to protect the Web services from various attacks,
as mentioned in the previous section. Therefore,

we need robust security schemes that take into
consideration the susceptible nature of the Web
services architecture. In this section, we discuss
VRPHVHFXULW\FRXQWHUPHDVXUHVDQGVSHFL¿FDWLRQV
that have been proposed to safeguard the security
of the Web services architecture (Beznosov, Flinn,
Kawamoto, & Hartman, 2005; Geuer-Pollmann &
Claessens, 2005; Gutiérrez, Fernández-Medina,
& Piattini, 2004; Naedele, 2003).
&RQ¿GHQWLDOLW\DQG,QWHJULW\
&RQ¿GHQWLDOLW\GHDOVZLWKWKHVHFXULW\UHTXLUH-
m e n t o n k e e p i n g s e c r e c y o f i n f o r m a t i o n . A s e - b u s i -
QHVVDSSOLFDWLRQVH[FKDQJH62$3PHVVDJHVWKDW
contain sensitive information such as customer
data and business transaction, it is important to
protect the data from the threat of interception.
Ensuring the completeness and accuracy
of data is the security goal of integrity. Soap
messages sending from a source may travel
through some intermediaries before reaching to
an ultimate destination. It is required to provide
a mechanism for the message recipient to verify
WKDWWKHPHVVDJHKDVQRWEHHQDOWHUHGRUPRGL¿HG
during transmission.
World Wide Web Consortium (W3C) has
GHYHORSHG WZR VSHFL¿FDWLRQV QDPHO\ ;0/
HQFU\SWLRQ(DVWODNH5HDJOHDQG;0/
signature (Eastlake, Reagle, & Solo, 2002), to ad-
<Element1>
<Element2>

<Element3>
<Element1>
<Element2>
<Element3>
massive
nested
elements
Figure 4. An XML document with massive nested elements