Security Domain Facts

This document provides facts related to Security Domains for usage in the written part of my diploma thesis.

Content

General

Communication

Article foundFact
Sicherheit [Eckert] Problembereich Kommunikationswege

Angriffe u.a.:

  • Abhören
  • Verändern
  • Maskieren
Abwehr:

  • Verschlüsseln
  • Hashwerte
  • Digitale Signatur
  • Protokolle (SSL, IPSec, SSH ...)

Client

Article foundFact
Sicherheit [Eckert] Problembereich Endgeräte

Angriffe u.a.:

  • Viren, Würmer, Trojaner...
  • JavaScript, VBScript
  • Buffer Overflow Exploits, ...
  • Datenspuren: Cookies, ....
Abwehr:

  • Zugangskontrolle: Chipkarte, Biometrie, ...
  • Zugriffskontrolle: Zugriffsbeschränkungen
  • Überwachung: Viren-Scanner, Firewalls, ...

Service Provider

Article foundFact
Sicherheit [Eckert] Problembereich Dienste-Anbieter

Angriffe u.a.:

  • Unautorisierte Zugriffe
  • CGI, Cross-Side Scripting
  • Denial of Service
Abwehr:

  • Ports schließen
  • Programmiersicherheit
  • Monitoring, Intrusion Detection

Service Composition

Article foundFact
Security for Parlay-X - challenges and solutions [Eckardt]
  • a single SOAP message can traverse many intermediaries
  • -> who can you trust with what?
Web Service Security [On02] The WebSite sends the SOAP request on behalf of the user

Document centric workflows

Article foundFact
Security for Parlay-X - challenges and solutions [Eckardt]
  • different parts of a SOAP message are:
    • created/inserted by various parties
    • read/processed by different SOAP processors
    • need different levels of security