Towards intent-based XML intrusion detection systems (abstract)

Modern software applications increasingly rely upon service-oriented architectures (SOAs), especially ones implemented using Web Services. XML Web Services are built using a wide variety of specifications and protocols that provide application integration and aggregation. This brings a concern regarding the content of the messages that are being transferred and implemented using Web Services. Trying to ensure security goals in a service-oriented environment is a challenge as there is a shift on the focus from security at the network layer to the application layer, with a larger number of possibilities for abuse.

This paper introduces the concept of an intent-based representation of an attack as the basis for both understanding network attacks, focusing in particular on network attacks targeting XML applications. This approach is discussed both as the foundation for intrusion detection system and as the basis for a system of testing the effectiveness of XML attacks. The proposed approach is based on the previously developed threat model and establishes a foundation for further work.

To be published