2114 E-Services Privacy Version). Retrieved February 18, 2005, from http:// www.parl.gc.ca/36/2/parlbus/chambus/house/bills/ government/C-6/C-6_4/C-6_cover-E.html Holborn, F. (2003). Theft happens: Data security for intellectual property managers. Retrieved Feb- ruary 15, 2005, from http://ipsociety.net/psiframe- ip-security.pdf IBM. (n.d.). P3P policy editor. Retrieved February 11, 2005, from http://www.alphaworks.ibm.com/ tech/p3peditor I D T h e f t , S c h e m e s , S c a m s , F r a u d s . I d e n t i t y t h e f t E x - amples using social engineering and phone phishing techniques. (n.d.). Retrieved February 11, 2005, from http://www.crimes-of-persuasion.com/Crimes/Tele- marketing/Inbound/MajorIn/id_theft.htm Information and Privacy Commissioner for Brit- ish Columbia. (2004). Privacy and the USA Pa- triot Act. Implications for British Columbia public sector Outsourcing. USA Paptriot Act threatens Canadians’ privacy. Retrieved February 10, 2005, from http://www.oipcbc.org/sector_public/usa_pa- WULRWBDFWSGIVUHSRUWSULYDF\¿QDOSGI Kent, S., & Millett, L. (Eds.). (2003). Privacy chal- l e n g e s i n a u t h e n t i c a t i o n s y s t e m s i n w h o g o e s t h e r e ?: Authentication through the lens of privacy. USA: The National Academic Press. McDonald, L. (n.d.). Why 12% of your e-mails are not reaching their intended recipients. Retrieved February 18, 2005, from http://www.emaillabs. com/articles/email_articles/article_unknown- bounces.html Microsoft. (n.d.). Microsoft Passport. Retrieved February 20, 2005, from http://www-microsoft. com/myservices/passport 2 I ¿ F H RI W K H 3 U LYDF\&RP P L V V LRQH U RI&DQ D G D  Q  G   Privacy Legislation. Retrieved from http://www. privcom.gc.ca/legislation/index_e.asp Roberts, L. (2003). Personal privacy and the Internet. Info Tech Talk, 8(3), 2-3. Retrieved February 7, 2005, from http://www.ndu.edu/irmc/elearning/newlet- ters/newletters_pdf/itt0603.pdf The European Commission. (2002). Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Retrieved February 6, 2005, from http://europa.eu.int/comm/ internal_market/privacy/law_en.htm Tumer, A., Dogac, A., & Toroslu, H.(2003). A Se- mantic based privacy framework for Web services. Retrieved February 22, 2005, from http://www.srdc. metu.edu.tr/webpage/publications/2003/TumerDo- gacToroslu.pdf UK. (1998). Data Protection Act. Retrieved May 14, 2005, from http://www.hmso.gov.uk/acts/ acts1998/19980029.htm U.S. Department of Commerce. (2000). Safe Har- bour Agreement. Retrieved May 14, 2005, from http://www.export.gov/safeharbor/ U.S. Government. (1998). The Digital Millennium &RS\ULJKW$FWRI ²86&RS\ULJKW2I¿FH Summary. Retrieved February 13, 2005, from http:// www.copyright.gov/legislation/dmca.pdf VanderLeest, S. H., (Ed.). (2001). %HLQJÀXHQWDQG faithful in a digital world. Calvin College. Retrieved February 18, 2005, from http://www.calvin.edu/aca- demic/rit/webBook W3C. (2004). Platform for Privacy Preferences Project (P3P). Retrieved February 19, 2005, from http://www.w3.org/P3P/ Yahoo. (n.d.). Yahoo! Privacy Center. Retrieved May 14, 2005, from http://privacy.yahoo.com/privacy/us/ pixels/details.html This work was previously published in Privacy Protection for E-Services , edited by G. Yee, pp. 94-114, copyright 2006 by IGI Publishing (an imprint of IGI Global). 2115 Copyright © 2009, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 7.10 Web Services Security in E-Business: Attacks and Countermeasures Wei-Chuen Yau Multimedia University, Malaysia G. S. V. Radha Krishna Rao Multimedia University, Malaysia ABSTRACT Web services enable the communication of ap- plication-to-application in a heterogeneous net- work and computing environment. The powerful IXQFWLRQDOLW\RI:HEVHUYLFHVKDVJLYHQEHQH¿WV t o e n t e r p r i s e c o m p a n i e s , s u c h a s r a p id i n t e g r a t i n g between heterogeneous e-business systems, easy implementation of e-business systems, and reus- ability of e-business services. While providing WKHÀH[LELOLW\IRUHEXVLQHVV:HEVHUYLFHVWHQG to be vulnerable to a number of attacks. Core components of Web services such as simple object access protocol (SOAP), Web services description language (WSDL), and universal description, dis- FRYHU\DQGLQWHJUDWLRQ8'',FDQEHH[SORLWHG by malicious attacks due to lack of proper security protections. These attacks will increase the risk of e-business that employs Web services. This chapter aims to provide a state-of-the-art view of Web services attacks and countermeasures. We H[DPLQHYDULRXVYXOQHUDELOLWLHVLQ:HEVHUYLFHV and then followed by the analysis of respective attacking methods. We also discuss preventive countermeasures against such attacks to protect Web services deployments in e-business. Finally, we address future trends in this research area. INTRODUCTION As the use of the Internet and the World Wide :HE ::: LV H[SDQGLQJ UDSLGO\ PRUH DQG more companies are implementing e-business using Web technologies to replace the traditional business model. Conventional Web application is human-centric, which relies on lots of time-con- suming human intervention. The development 2116 Web Services Security in E-Business of Web services technology has changed this computing paradigm to application-centric. A Web service is any piece of software that supports interoperable program-to-program in- teraction over a network (Booth, Haas, McCabe, Newcomer, Champion, Ferris, et al., 2004). This WHFKQRORJ\LVQRWWLHGWRDQ\VSHFL¿FRSHUDWLQJ systems and programming languages. Thus, it en- ables the communication of application-to-appli- cation in a heterogeneous network and computing environment. This allows enterprise companies to implement and integrate their e-business systems rapidly. Also, reusability of e-business services EHFRPHVHDV\$OORIWKHVHEHQH¿WVDUHDJUHDW attraction for enterprise companies to adopt Web services in their e-business environment. :KLOH:HEVHUYLFHVSURYLGHWKHÀH[LELOLW\IRU e-business, they introduce security issues that are less known in the e-business communities. The objective of this chapter is to address security FKDOOHQJHVSUHVHQWHGLQ:HEVHUYLFHVDQGH[SODLQ which types of solutions are plausible for counter- ing Web services attacks. In the following sec- tions, we review current Web services technology, present different attacks against Web services, discuss some of the security countermeasures, suggest directions for future research, and present a conclusion of this chapter. WEB SERVICES ARCHITECTURE A Web services architecture (Booth et al., 2004) is a set of systems and protocols that facilitate application-to-application communication over a network. There are many technologies that are related to the Web services architecture. The main b u i l d i n g b l o c k s ( Fi g u r e 1) t h a t w e d e s c r i b e h e r e a r e H[WHQVLEOHPDUNXSODQJXDJH;0/%UD\3DROL Sperberg-McQueen, Maler, & Yergeau, 2004), simple object access protocol (SOAP) (Gudgin, Hadley, Mendelsohn, Moreau, & Nielsen, 2003a, 2003b; Mitra, 2003), Web services description language (WSDL) (Booth, & Liu, 2005; Chinnici, Haas, Lewis, Moreau, Orchard, & Weerawarana, 2005; Chinnici, Moreau, Ryman, & Weerawarana, 2005), and universal description, discovery, and integration (UDDI) (Clement, Hately, Riegen, & Rogers, 2004). XML ;0/GH¿QHVGRFXPHQWVLQDVWUXFWXUHGIRUPDW (Bray et al., 2004). This format can represent the GDWDWREHH[FKDQJHGDVZHOODVWKHPHWDGDWDRI WKHGDWDFRQWHQWV$Q;0/¿OHFRQWDLQVODEHOV of different parts of the document. These labels DUHVSHFL¿HGLQDWDJIRUPDW)RUH[DPSOH/LVW- LQJVKRZVDQ;0/GRFXPHQWWKDWFRQWDLQVWKH address of Multimedia University. The document has a root element <address>. Each piece of data is described by a pair of tags, such as <> and </>, that identify the start and end of the data. The QDWXUHRI;0/GRFXPHQWVHQDEOHH[FKDQJHRI information between application to application becomes easy. It is the foundation for Web services building blocks. Other Web services components DUHHQFRGHGLQWKH;0/IRUPDW SOAP 62$ 3 G H V F U L E H V K RZ;0 / P H V V DJHVH[F K D Q J HL Q  a decentralized, distributed environment (Mitra, 2003). SOAP provides a stateless and one-way PHVVDJHH[FKDQJHIUDPHZRUNWKDWFDQEHH[WHQGHG to request/response, request/multiple responses, DQGRWKHUPRUHFRPSOH[PHVVDJHH[FKDQJHZD\V SOAP messages can be carried by various net- ZRUNSURWRFROVVXFKDV+773K\SHUWH[WWUDQVIHU protocol), SMTP (simple mail transfer protocol), and raw TCP/IP (transmission control protocol/ Internet protocol). SOAP messaging framework is independent of any particular programming language or platform. The basic structure of a SOAP message contains the following four parts (Figure 2): 2117 Web Services Security in E-Business • Envelope: The SOAP envelope is the root element of the soap message. It contains an optional header element and a mandatory body element. • Header: The SOAP header is an optional element that contains additional application requirements for processing the message in the message path, such as security creden- tials, routing instructions, and transaction management. • Body: This element contains the actual application data or an optional fault mes- sage. • Fault: A fault message is generated by an intermediary or an ultimate receiver of the SOAP message to describe any occurrence RIH[FHSWLRQDOVLWXDWLRQ Listing 2 shows a simple SOAP request mes- sage for a Web service that performs addition for two numbers. The request asks the service to add the numbers 2 and 3. Listing 3 shows the response message with the result of the addition (i.e., 5). WSDL :6'/LVDQ;0/IRUPDWWKDWGHVFULEHV:HE services (Booth, & Liu, 2005). A WSDL docu- ment tells us what a service does, how a service is accessed, and where a service is located. A Web VHUYLFHLVGH¿QHGXVLQJVHYHQPDMRUHOHPHQWV • Description: This is the root element of a WSDL document. <?[Pl version=”1.0” encoding=”UTF-8” ?> <address> <name>Multimedia University</name> <street>Jalan Multimedia</street> <city>Cyberjaya</city> <state>Selangor Darul Ehsan</state> <postcode>63100</postcode> </address> Listing 1. A simple XML document Figure 1. Main building blocks of Web services (Source: W3C) Discovery UDDI Description WSDL Messaging SOAP Base T echnology XML 2118 Web Services Security in E-Business • Ty pes: This element describes data types WKDWDUHXVHGIRUWKHH[FKDQJHGPHVVDJHV • Interface:7KLVHOHPHQWGH¿QHVWKHDEVWUDFW interface of the Web service. • Operation: This element describes opera- tions supported by the Web services and DOVRVSHFL¿HVWKHW\SHVRIPHVVDJHVWKDWWKH service can send or receive. • Binding:7KHELQGLQJHOHPHQWVSHFL¿HV concrete protocol and encoding style for the operations and messages. • Service7KLVHOHPHQWGH¿QHVWKHQDPHRI the service. • Endpoint: 7KLVHOHPHQWGH¿QHVDQHQGSRLQW IRUWKHVHUYLFHDQGVSHFL¿HVWKHDGGUHVVWR D F F H V V W K H V H U Y LFHXVL QJSUHY LRXVO \ V S H FL ¿HG binding. /LVWLQJVKRZVDQH[DPSOHRID:6'/GRFX- ment. The document describes a Web service that can check the availability of a room for hotel GreatH (Booth & Liu, 2005). UDDI UDDI provides a mechanism for publishing and ¿QGLQJ:HEVHUYLFHV&OHPHQWHWDO$ UDDI registry is like an electronic phone book WKDWSURYLGHVWKHFODVVL¿FDWLRQDQGFDWDORJRI:HE services. Web services providers can register their business or Web services to a UDDI server. $XVHURIWKH:HEVHUYLFHFDQVHDUFKDVSHFL¿F Web service using the UDDI registry. The fol- lowing core data structures of UDDI are used for describing an organization, the available Web services, and technical requirements for access to those services: • businessEntity: Describes a business or organization that provides Web services. • businessService: Describes a single or group of related Web services offered by an organization. • bindingTemplate: Describes the techni- cal information to access a particular Web service. Envelope ( Mandatory) Header ( Optional) Body ( Mandatory) Fault (Optional) Figure 2. Basic structure of a SOAP message (Source: W3C) 2119 Web Services Security in E-Business • tModel: Describes a technical model that enable the user to identify the technical VSHFL¿FDWLRQVRI:HEVHUYLFHV Basic Roles and Operations A simple Web service system consists of three participants: a service requester, a service provider, and a service registry. Figure 3 shows their basic roles and operations in a Web service architecture. The service provider provides the interface and implementation of a Web service. 7KH:HEVHUYLFHGHVFULSWLRQLVVSHFL¿HGLQ:6'/ The provider can publish the Web service in the registry. The service requester or the consumer FDQ¿QGWKH:HEVHUYLFHDQGLWVGHVFULSWLRQLQ the registry. The requester can then communicate with the provider using SOAP messages based on the service description in the WSDL. ATTACKS IN WEB SERVICES Web services are vulnerable to a wide range of attacks. Various studies (Lindstrom, 2004; Negm, 2004; Wilson, 2003) have shown conceptual at- tacks that are most likely to be used for compro- mising Web services architectures. This section discusses in detail how malicious attackers launch a number of these attacks against Web services. Information Gathering This is the preparation stage for attackers before launching any attacks. Attackers try to gather <?[Pl version="1.0" encoding="utf-8"?> <env:Envelope [Plns:env="http://www.w3.org/2003/05/soap-envelope"> <env:Body> <m:Add[mlns:m="http://H[ample.org/addition"> <m:FirstNum>2</m:FirstNum> <m:SecondNum>3</m:SecondNum> </m:Add> </env:Body> </env: En velope > <?[Pl version="1.0" encoding="utf-8"?> <env:Envelope [Plns:env="http://www.w3.org/2003/05/soap-envelope"> <env:Body> <m:AddResponse[mlns:m="http://H[ample.org/addition"> <m:AddResult>5</m:AddResult> </m:AddResponse> </en v: Body > </env:Envelope> Listing 2. Simple SOAP request message Listing 3. Simple SOAP response message 2120 Web Services Security in E-Business <?[Pl version="1.0" encoding="utf-8" ?> <description [mlns="http://www.w3.org/2005/08/wsdl" targetNamespace= "http://greath.H[ample.com/2004/wsdl/resSvc" [Plns:tns= "http://greath.H[ample.com/2004/wsdl/resSvc" [Plns:ghns = "http://greath.H[ample.com/2004/schemas/resSvc" [Plns:wsoap= "http://www.w3.org/2005/08/wsdl/soap" [Plns:soap="http://www.w3.org/2003/05/soap-envelope" [Plns:wsdO[ "http://www.w3.org/2005/08/wsdl-H[tensions"> <types> [s:schema[mlns[s="http://www.w3.org/200;0LSchema" targetNamespace=http://greath.H[ample.com/2004/schemas/resSvc [Plns="http://greath.H[ample.com/2004/schemas/resSvc"> [s:element name="checkAvailability" type="tCheckAvailability"/> <[V:complH[Type name="tCheckAvailability"> [s:sequence> <[VHlement name="checkInDate" type [V:date"/> <[VHlement name="checkOutDate" type=[VGDte"/> <[VHlement name="roomType" type [V:string"/> [V:sequence> <[s:comple[7ype> <[V:element name="checkAvailabilityResponse" type [V:double"/> <[V:element name="invalidDataError" type=[VVWULng"/> [V:schema> </types> <interface name = "reservationInterface" > <fault name = "invalidDataFault" element = "ghns:invalidDataError"/> <operation name="opCheckAvailability" pattern="http://www.w3.org/2005/08/wsdl/in-out" style="http://www.w3.org/2005/08/wsdl/style/iri" wsdO[Vafe = "true"> <input messageLabel="In" element="ghns:checkAvailability" /> <output messageLabel="Out" element="ghns:checkAvailabilityResponse" /> <outfault ref="tns:invalidDataFault" messageLabel="Out"/> </operation> </interface> <binding name="reservationSOAPBinding" interface="tns:reservationInterface" type="http://www.w3.org/2005/08/wsdl/soap" wsoap:protocol="http://www.w3.org/2003/05/soap/bindings/HTTP"> <fault ref="tns:invalidDataFault" wsoap:code="soap:Sender"/> <operation ref="tns:opCheckAvailability" wsoap:mep="http://www.w3.org/2003/05/soap/mep/soap-response"/> </binding> <service name="reservationService" interface="tns:reservationInterface"> <endpoint name="reservationEndpoint" binding="tns:reservationSOAPBinding" address ="http://greath.H[ample.com/2004/reservation"/> </service> </description> Listing 4. Sample WSDL document (Source: W3C) information that is related to a targeted-service provider. This information includes organization or business description, available Web services, technical access requirement, and so on. Such in- formation can be found from a UDDI registry. WSDL Scanning 6LQFHD:6'/¿OHSURYLGHVDFOHDUYLHZRIKRZ WRLQWHUDFWZLWKDVSHFL¿F:HEVHUYLFHWKHLQLWLDO step for launching an attack is to obtain a copy of WKH:6'/¿OH$QDWWDFNHUFDQVFDQWKURXJKWKH WSDL document to get information such as the 2121 Web Services Security in E-Business DYDLODEOHRSHUDWLRQVDQGWKHH[SHFWHGSDUDPHWHUV or types of the messages. After this, the attacker may proceed by sending various manipulated SOAP messages in order to discover weaknesses RI WKH :HEV HU Y LF H )RUH[DP SO H W KHDW W DFNHU PD\  guess what operations are supported but unpub- OLVKHGLQWKH:6'/¿OH7KLVFDQEHDFKLHYHGE\ sending different message request patterns with various operation string combinations. The reason for such an attack to be successful is because of poor programming practices. Parameter Tampering $IWHUVFDQQLQJWKURXJKD:6'/¿OHIRUDVSHFL¿F Web service, an attacker can further test if the Web service application is performing any type of input validation. If the application does not sanitize invalid client inputs, then it is suscep- tible to parameter tampering attack. An attacker can submit different parameter patterns in order to crash the application or gain further access WRXQDXWKRUL]HGLQIRUPDWLRQ)RUH[DPSOHLID :HE VHUYLFH DSSOLFDWLRQ H[SHFWV DQLQSXWZLWK an integer type parameter, then an attacker may WU\WRVXEPLWDQLQSXWZLWKW\SHRIVWULQJRUÀRDW This may cause a denial-of-service attack if the application does not know how to process the XQH[SHFWHGFRQWHQW SQL (Structure Query Language) Injection SQL injection is an attack that uses parameter WDPSHULQJ7KLVDWWDFNH[SORLWV:HEVHUYLFHDS- plication that does not perform proper validation check of client-supplied input in SQL queries. An attacker can submit some special characters (e.g., a single quotation or a semicolon) to the input string. If the application accepts and passes the d a t a t o a n S Q L s t a t e m e n t , t h e a t t a c k e r m a y b y p a s s the authentication procedure (e.g., a form-based login) to retrieve unauthorized information in the database. The attacker may attack further by modifying the record in the database or per- IRUPUHPRWHFRPPDQGH[HFXWLRQ)DXVW has demonstrated this attack against a test Web service that simulates a simple product inventory system. Coercive Parsing $Q;0/SDUVHUUHDGVWKURXJKRUSDUVHVDQ;0/ GRFXPHQWLQWRLWVFRPSRQHQWSDUWV1RWDOO;0/ SDUVHUVKDQGOHFRQVLVWHQWO\ZLWKSHFXOLDU;0/ documents that have a format that differs from ZKDWLVH[SHFWHG$FRHUFLYHSDUVLQJDWWDFNH[- ploits this weakness to overwhelm the processing F DSDE LOLW L H VRI W KHV\ V WHP( [ D PSOHVRI W K L V DW W D FN include recursive payloads, oversized payloads, DQG62$3PHVVDJHVÀRRGLQJ Recursive Payloads ;0/DOORZVQHVWHGHOHPHQWVZLWKLQDGRFXPHQW WRGHVFULEHFRPSOH[UHODWLRQVKLSVDPRQJHOHPHQWV An attacker can create a deeply nested document WRWHVWWKHFDSDELOLW\RI;0/SDUVHU)RUH[DPSOH WKHDWWDFNHUFDQFUHDWHDQ;0/GRFXPHQWWKDW has 100,000 levels of nested elements (Figure 4). This may overload the processor when it parses the document. Oversized Payloads 3HUIRUPDQFHRIDQ;0/SDUVHULVDIIHFWHGZKHQ SDUVLQJDODUJHVL]HRI;0/GRFXPHQWV$QDW- W D F N H UFD Q VHQGD Q H [ W U H P H O\ODUJH S D \OR D G L Q R U G H U  WRGHJUDGHWKHSHUIRUPDQFHRIDQ;0/SDUVHU This may result a denial-of-service attack if the parser cannot handle the oversized payload. SOAP Messages Flooding T h e g o a l o f t h i s a t t a c k i s t o o v e r l o a d a We b s e r v i c e by sending SOAP message requests repeatedly (Figure 5). The SOAP message itself is valid but WKH;0/SURFHVVRUPD\QRWEHDEOHWRSURFHVV 2122 Web Services Security in E-Business H[FHVVLYH62$3PHVVDJHVLQDVKRUWSHULRGRI time. Thus, this may deter the Web service ap- plication from receiving other nonmalicious SOAP message requests. Schema Poisoning ;0/VFKHPD%\URQ0DOKRWUD7KRPS- son, Beech, Maloney, & Mendelsohn, 2004) GHVFULEHVWKHVWUXFWXUHRIDQ;0/GRFXPHQW$ YDOLG;0/GRFXPHQWPXVWFRQIRUPWRLWVVFKHPD $SDUVHUUHDGVDQ;0/GRFXPHQWDQGFRPSDUHV it to its schema to check the validity of the docu- ment. Attackers can perform a schema poison- LQJE\¿UVWFRPSURPLVLQJDQRGHWKDWVWRUHVWKH schema. Then, they replace the original schema Z L W K D PRG L ¿H GRQH $ V V X FK D Q\LQFRPL QJ6 2$ 3  messages will be determined as invalid by the SDUVHUVLQFHWKH\GRQRWFRQIRUPWRWKHPRGL¿HG schema. Consequently, a denial-of-service attack is achieved. External Entity Attacks ([WHUQDOHQWLWLHVHQDEOH;0/WREXLOGDGRFX- PHQW G\QDPLFDOO\ E\ UHIHUULQJ WR DQ H[WHUQDO content. They get this content by referencing it YLDDVSHFL¿HG85/XQLYHUVDOUHVRXUFHORFDWRU An attacker may replace the third-party content ZLWKDPDOLFLRXVFRQWHQW3DUVLQJDQ;0/GRFX- ment from this malicious source may result the :HEVHUYLFHDSSOLFDWLRQWRRSHQDUELWUDU\¿OHVRU network connections. Routing Detours A SOAP message may route through some intermediary nodes when it travels from the initial sender to the ultimate receiver (Figure 6). If one of these intermediaries is compromised and controlled by an attacker, then either one of the following bogus routing instructions may be inserted: • Route the message to a malicious location (Figure 7): This may result the critical infor- mation stolen by the attacker. However, the attacker may still forward the SOAP message to the original destination after stripping out the additional malicious instructions. • 5RXWHWKHPHVVDJHWRDQRQH[LVWHQWGHVWLQD- tion (Figure 8): This may cause a denial-of- service attack since the message will never be routed to the intended destination. Service Registry Find Web services UDDI Publish Web services WSDL Communications SOAP m essages Service Requester Service Provider Figure 3. Basic roles and operations in a Web service architecture 2123 Web Services Security in E-Business Malicious Contents This attack is related to binary attachments of SOAP messages. Attackers may modify binary DWWDFKPHQWVVXFKDVH[HFXWDEOH¿OHVLQRUGHUWR FDXVHH[FHSWLRQZLWKLQWKH:HEVHUYLFHDSSOL- cations. Attached malicious programs such as viruses, worms, or Trojan horse programs may be transmitted via SOAP messages across the Web service architecture. COUNTERMEASURES AGAINST WEB SERVICES ATTACKS There are many challenges for implementing secure Web services. As valuable business trans- action data and sensitive customer information are transmitted or stored within the Web services architecture, compromising of any nodes in the architecture may result in a leakage of sensitive i nfo r mat ion to an u nau thorize d thi rd p ar t y. In a d- dition, disruption of any Web services may cost a g r e a t a m o u n t o f l o s s t o a n o r g a n i z a t i o n . I t i s c r u c i a l to protect the Web services from various attacks, as mentioned in the previous section. Therefore, we need robust security schemes that take into consideration the susceptible nature of the Web services architecture. In this section, we discuss VRPHVHFXULW\FRXQWHUPHDVXUHVDQGVSHFL¿FDWLRQV that have been proposed to safeguard the security of the Web services architecture (Beznosov, Flinn, Kawamoto, & Hartman, 2005; Geuer-Pollmann & Claessens, 2005; Gutiérrez, Fernández-Medina, & Piattini, 2004; Naedele, 2003). &RQ¿GHQWLDOLW\DQG,QWHJULW\ &RQ¿GHQWLDOLW\GHDOVZLWKWKHVHFXULW\UHTXLUH- m e n t o n k e e p i n g s e c r e c y o f i n f o r m a t i o n . A s e - b u s i - QHVVDSSOLFDWLRQVH[FKDQJH62$3PHVVDJHVWKDW contain sensitive information such as customer data and business transaction, it is important to protect the data from the threat of interception. Ensuring the completeness and accuracy of data is the security goal of integrity. Soap messages sending from a source may travel through some intermediaries before reaching to an ultimate destination. It is required to provide a mechanism for the message recipient to verify WKDWWKHPHVVDJHKDVQRWEHHQDOWHUHGRUPRGL¿HG during transmission. World Wide Web Consortium (W3C) has GHYHORSHG WZR VSHFL¿FDWLRQV QDPHO\ ;0/ HQFU\SWLRQ(DVWODNH5HDJOHDQG;0/ signature (Eastlake, Reagle, & Solo, 2002), to ad- <Element1> <Element2> <Element3> <Element1> <Element2> <Element3> massive nested elements Figure 4. An XML document with massive nested elements . Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic. Global, distributing in print or electronic forms without written permission of IGI Global is prohibited. Chapter 7.10 Web Services Security in E -Business: Attacks and Countermeasures Wei-Chuen. services and DOVRVSHFL¿HVWKHWSHVRIPHVVDJHVWKDWWKH service can send or receive. • Binding:7KHELQGLQJHOHPHQWVSHFL¿HV concrete protocol and encoding style for the operations and messages. •