IDEAS home Printed from https://ideas.repec.org/a/igg/jitwe0/v11y2016i1p44-76.html
   My bibliography  Save this article

Access Control and Information Flow Control for Web Services Security

Author

Listed:
  • Saadia Kedjar

    (Department of Computer Science, Faculty of Exact Sciences, University of Bejaia, Bejaia, Algeria)

  • Abdelkamel Tari

    (Faculty of Exact Sciences, University of Bejaia, Bejaia, Algeria)

  • Peter Bertok

    (School of Computer Science and IT, RMIT University, Melbourne, Australia)

Abstract

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

Suggested Citation

  • Saadia Kedjar & Abdelkamel Tari & Peter Bertok, 2016. "Access Control and Information Flow Control for Web Services Security," International Journal of Information Technology and Web Engineering (IJITWE), IGI Global, vol. 11(1), pages 44-76, January.
    • Handle: RePEc:igg:jitwe0:v:11:y:2016:i:1:p:44-76
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/IJITWE.2016010103
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jitwe0:v:11:y:2016:i:1:p:44-76. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.