Journals Proceedings

Abstract

Vulnerabilities in Web based applications will always be present. Several measures were taken to extenuate the effects of this reality but with limited success. In fact, we are bombarded by new technologies to harden systems and monitor and respond to threats, like firewalls, IDS (intrusion detection system) and IPS (Intrusion Prevention System). However, the flow of attacks and threats is so important to the point that the configuration and reconfiguration of these tools becomes difficult to insure in time. In this paper we introduce “a framework for dynamic security Policy for Web services” called SmartWSSec. The main goal of our architecture is to guarantee better security for web services based on adaptive security models. It aims to identify the appropriate actions that must be taken when a zero day attack occurred resulting on a smart protection for web service in a self-adaptive manner. The proposed architecture uses a knowledge based mechanism to learn and adjust the system when new notknown before attack appears. The proposed architecture also includes an isolation faculty to protect the system when selfadaptation fails, which will notify and involve a system administrator. We have included on this paper also the design, the components, models and concepts of adaptive security architecture, and finally gives insights on a possible implementation by providing a POC applied to different use cases.