S-WALL: State-Based XML Firewall for Service-Oriented Systems


PI: Haiping Xu
Concurrent Software Engineering Laboratory (CSEL)
Computer and Information Science Department
University of Massachusetts Dartmouth

July 1, 2007


Project Overview



Web services security has been a challenging issue in recent years because current security mechanisms, such as conventional firewalls, are not sufficient for protecting service-oriented systems from XML-based attacks. In order to provide effective security mechanisms for service-oriented systems, XML firewalls were recently introduced as an extension to conventional firewalls for web services security. In this project, we introduce a state-based XML firewall architecture that supports role-based access control and detection of XML-based attacks. We develop a detailed design of the state-based XML firewall by defining state-based information, user information, and various access control policies and detection rules. The detection rules are modularized into separate units, which support real-time detection and verification of various types of XML-based attacks using state-based information and user information. To illustrate the effectiveness of our approach, we develop a prototype state-based XML firewall, and demonstrate how XML-based attacks can be efficiently detected.



Graduate Students


Current Students

  • Daniel F. Fitch: Model checking service reliability in cloud computing
  • Harmeet K. Chawla: Ontology-based service reliability model

Former Students

  • Daniel F. Fitch (2010): Defending against multi-phased XML-based attacks
  • Jerry Kuzhuppallil (2010): Simulation of XML-based Mitnick attacks
  • Harmeet K. Chawla (2009): Ontology-based service registration and discovery
  • Amit R. Ahirrao (2009): Ontology-based dynamic web services composition
  • Abhinay K. Reddyreddy (2008): Development of state-based XML firewall
  • Abhinay K. Reddyreddy (2007): Simulation of XML-based attacks
  • Sravan K. Patti (2007): Ontology-based dynamic service discovery
  • Mihir M. Ayachit (2006): Petri net based XML firewall security model
  • Pratik K. Kadakia (2006): Static & dynamic web services composition
  • Chandana Kancherla (2005): Service-oriented peer-to-peer system
  • Minal G Pimparkar (2004): Serive-oriented online purchasing system


Publications


 
  1. Haiping Xu, Abhinay Reddyreddy, and Daniel F. Fitch, "Defending Against XML-Based Attacks Using State-Based XML Firewall," To appear in Journal of Computers (JCP), Vol. 6, No. 9, September 2011.
  2. Abhinay Reddyreddy and Haiping Xu, "Securing Service-Oriented Systems Using State-Based XML Firewall," In Proceedings of the 20th International Conference on Software Engineering and Knowledge Engineering (SEKE'2008), July 1-3, 2008, Redwood City, San Francisco Bay, California, USA, pp. 512-518.
  3. Haiping Xu, Mihir Ayachit, and Abhinay Reddyreddy, "Formal Modeling and Analysis of XML Firewall for Service-Oriented Systems," International Journal of Security and Networks (IJSN), Vol. 3, No. 3, 2008, pp. 147-160.
  4. Mihir M. Ayachit and Haiping Xu, "A Petri Net Based XML Firewall Security Model for Web Services Invocation," In Proceedings of the International Conference on Communication, Network, and Information Security (CNIS 2006), October 9-11, 2006, MIT Faculty Club, Cambridge, Massachusetts, USA, pp. 61-67.

Poster for Open House 2008, College of Engineering, UMass Dartmouth



Papers in Preparation


 
  1. Haiping Xu, Abhinay Reddyreddy, and Daniel F. Fitch, "Defending Against XML-Based Attacks Using State-Based XML Firewall," Computer and Information Science Department, UMass Dartmouth, 2010.



Related Professional Activities


 
  1. Poster Presentation: State-Based XML Firewall for Service-Oriented Systems, Open House 2008, College of Engineering, UMass Dartmouth, Saturday, October 25, 2008 (Poster).
  2. Talk:Securing Service-Oriented Systems Using State-Based XML Firewall, 20th International Conference on Software Engineering and Knowledge Engineering (SEKE'2008), Redwood City, San Francisco Bay, California, USA, July 2, 2008 (Slides).
  3. Session Chair: International Conference on Communication, Network, and Information Security (CNIS 2006), MIT Faculty Club, Cambridge, Massachusetts, USA, October 9-11, 2006.
  4. Talk: A Petri Net Based XML Firewall Security Model for Web Services Invocation, International Conference on Communication, Network, and Information Security (CNIS 2006), MIT Faculty Club, Cambridge, Massachusetts, USA, October 9, 2006.



Copyright 2008, CIS Department, University of Massachusetts Dartmouth

Send Email To: hxu@umassd.edu