S-REST: A design of Secured Protocol for Implementation of RESTful Webservices
Keywords:
Webservices, RESTful, Security issuesAbstract
Representational State Transfer (REST) is an architectural style for developing web services and its key constraints are Use of Uniform Interface (UI), client-server based, stateless operations, and Resource caching. It is popular due to its simplicity and builds on the existing systems. Hence, many cloud providers such as Amazon, Google are moving their APIs from Simple Object Access Protocol (SOAP) to REST. Unlike SOAP, RESTful service doesn’t provide standard for security while accessing web services. Hence, we considered the security issues in execution of RESTful web services and proposed a design of a secured model (S-Rest) over RESTful web services with 3-level security services at communication, Application and Management. The proposed architecture enhances the performance of RESTful web application
References
[1] Meiko Jensen, Nils Gruschka, Ralph Herkenhöner, “A survey of attacks on web services”, Computer Science Research and Development, Springer, November 2009.
[2] Hirsch, Frederick; Kemp, John; Ilkka, Jani. “Mobile Web Services: Architecture and Implementation”, John Wiley & Sons, 2007.
[3] Richardson, Leonard; Amundsen, Mike, “ RESTful Web APIs”, O'Reilly Media, retrieved 15 September 2015.
[4] "Web Services Architecture". World Wide Web Consortium. 11 February 2004. 3.1.3 Relationship to the World Wide Web and REST Architectures. Retrieved 29 September 2016.
[5] Fielding, “Architectural Styles and the Design of Network-based Software Architectures”, Doctoral dissertation. Technical report, University of California, Irvine, 2000.
[6] Pautasso, O. Zimmermann, and F. Leymann, “RESTful Web Services vs. “Big” Web Services: Making the Right Architectural Decision”, In WWW ’08: Proceeding of the 17th international conference on World Wide Web, pages 805–814, New York, NY, USA, 2008. ACM [7] Richardson and S. Ruby, “RESTful Web Services”, O’Reilly, Oct. 2007
[8] Dharmendra S. Raghuwanshi, M.R.Rajagopalan, “ MS2: Practical data privacy and security framework for data at rest in cloud”, Computer Applications and Information Systems (WCCAIS), 2014 World Congress on 17-19 Jan. 2014.
[9] Dunglu Peng, Chen Li, Huan Huo, “An extended UsernameTokenbased approach for REST-style Web Service Security Authentication”, Computer Science and Information Technology, 2009. ICCSIT 2009. 2nd IEEE International Conference on 8-11 Aug. 2009.
[10] Hoai Viet Nguyen, Luigi Lo lacono, “REST-ful CoAP Message Authentication, Secure Internet of Things (SIoT)”, 2015 International Workshop on 21-25 Sept. 2015.
[11] Gabriel Serme, Anderson Santana de Oliveira, Julien Massiera, Yves Roudier, “Enabling Message Security for RESTful Services”, Web Services (ICWS), 2012 IEEE 19th International Conference on 24-29 June 2012
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors contributing to this journal agree to publish their articles under the Creative Commons Attribution 4.0 International License, allowing third parties to share their work (copy, distribute, transmit) and to adapt it, under the condition that the authors are given credit and that in the event of reuse or distribution, the terms of this license are made clear.
