An information security framework for web services in enterprise networks


Tezin Türü: Yüksek Lisans

Tezin Yürütüldüğü Kurum: Orta Doğu Teknik Üniversitesi, Enformatik Enstitüsü, Bilişim Sistemleri Anabilim Dalı, Türkiye

Tezin Onay Tarihi: 2015

Öğrenci: BAHADIR GÖKHAN SARIKOZ

Danışman: BANU GÜNEL KILIÇ

Özet:

Web Service, an open standard based on existing Internet protocols, provides a flexible solution to web application integration. It provides faster, more practical and more effective way of solutions for the organizational structures. Online shopping, billing, reservation and other way of standards provided to people mostly depend on web services. On the other hand, it provides corporate identity and functionality of an organization. Since the importance and the necessity of the web services increase day by day, the level of criticality also increases in the same level. In the meanwhile, the necessary measurements are to be taken into account in order to provide 7/24 productivity. Such measurements includes several subjects from the load testing to effective coding for best service. However, cyber security attacks, one of the most important issues nowadays are the root cause in order to take vital measurements. Preventing web services from these cyber security attacks requires several aspects from different perspectives including network-based security, protocol-based security, signature-based security and other types of control mechanisms. In this study, an information security framework has been proposed in order to define the complete security aspects of a web service of an enterprise network. Within this framework, a sample information security modeling for a web service has been presented with respect to the several types of attacks. The mentioned modeling has been tested and measured for pre-defined and specified scenarios.