Beruflich Dokumente
Kultur Dokumente
Introduction
RESTful Authorization
Hecate Architecture
Cause
Attack
Unvalidated input
No validation
mechanism to
check input data
SQL Injection to
access database
content
Outdated protocols
Man-in-the-Middle
No secure
communication
channel
Entire client/server
communication is
controlled by attacker
Replay attack
No secure
communication
channel
Malicious repitition of
valid data transmission
to steal user identities
Spoofing
Source of data
has not to be
authorized
Person or program
masquerades as
another to falsify data
Infect clients
browser through
web application
Steal authentication
tokes or spoof content
of a client
Cross-Site Scripting
The following security mechanism includes as less nonRESTful elements and possible and also considers
lightweight requirements for mobile clients. It consists of
the following elements:
1)
2)
3)
4)
5)
6)
7)
References
Backere, F. D. et al., 2014. Design of a Security Mechanism for RESTful
Web Service Communication through Mobile Clients, Ghent: IEEE.
Graf, S., Zholudev, V., Lewandowski, L. & Waldvogel, M., 2011. Hecate,
Managing Authorization with RESTful XML, s.l.: ACM.
Serme, G., Oliveira, A. S. d., Massiera, J. & Roudier, Y., 2012. Enabling
Message Security for RESTful Services. s.l., IEEE 19th International
Conference on Web Services.