Behavior-aware Service Access Control Mechanism using Security Policy Monitoring for SOA Systems

TL;DR

This paper introduces a behavior-aware access control mechanism for SOA systems that monitors user actions in real-time, preventing misuse and malicious activities through a trustful behavior model and dynamic response strategies.

Contribution

It presents a novel runtime behavior monitoring approach for SOA security, enhancing protection against insider threats and malicious behaviors beyond traditional access control methods.

Findings

Effective runtime behavior supervision demonstrated

Mechanism successfully blocks malicious users

System maintains performance with increasing rules in TBM

Abstract

Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.