Sushama Karumanchi

In the wild: a large scale study of web services vulnerabilities

The pervasiveness of Web Services, compounded with seamless interoperability characteristics, introduces security concerns that are to be carefully considered with the envisioned internet architecture. In this paper, we propose a comprehensive study on Web Service vulnerabilities. We consider not only well known Web-based vulnerabilities such as SQL injection, session replay etc, but we also analyze Web-Service specific vulnerabilities and their potential of attacks due to poor service construction and service maintenance. In our analysis, we classify each of the studied vulnerability according to a new taxonomy, discuss remedies and impact, and propose methods of detection based on real-time analysis. Our analysis is supported by the results of a large scale study involving over 2,000 real-world Web Services. We note that many of the least studied vulnerabilities are present in the wild.

Policy-Compliant Search Query Routing for Web Service Discovery in Peer to Peer Networks

Web services are increasingly hosted on peer to peer networks, to facilitate resource sharing and cooperation. In these settings, each peer hosts a set of services which can be invoked by other peers of the network through a service query. In a pure peer to peer network, it might not be possible to maintain directory for publishing the services, rather, the peers need to search for the required service through query forwarding in the network. For such non-directory based peer to peer networks, in this paper, we introduce an efficient and fully decentralized policy-compliant search query routing method for service discovery. Our main goal is to protect the search query from traversing unwanted peers in the network, while achieving service discovery. To this end, we design and develop a policy-driven approach that allows distributed searches through service queries taking into account any security, routing or other functional criteria a peer may have with respect to routing a query. We have developed a prototype of the query protection and search protocol, and tested it on large networks. Our tests demonstrate accuracy and efficient execution times.

Selective and confidential message exchange in vehicular ad hoc networks

Vehicular Ad-hoc Networks are a promising and increasingly important paradigm. Their applications range from safety enhancement to mobile entertainment services. However, their deployment requires several security issues to be resolved, particularly, since they rely on insecure wireless communication. In this paper, we propose a cryptographic-based access control framework for vehicles to securely exchange messages in a controlled fashion by integrating moving object modeling techniques with cryptographic policies.

Privacy-aware access control for message exchange in vehicular ad hoc networks

Vehicular ad hoc networks are a promising and increasingly important paradigm. Their applications range from safety enhancement to mobile entertainment services. However, their deployment requires several security issues to be resolved, particularly, since they rely on insecure wireless communication. In this paper, we propose a cryptographic-based access control framework for vehicles to securely exchange messages in a controlled fashion by integrating moving object modeling techniques with cryptographic policies. To our knowledge, this is the first time a comprehensive framework for access control in VANETs is proposed.

Securing Resource Discovery in Content Hosting Networks

Secure search query routing is a long-standing problem in distributed networks, which has often been addressed using “all-or-nothing” approaches, that require either full anonymity and encrypted routing or full trust on the routing nodes. An important problem with secure routing is how to guarantee the search query is transmitted in an expected way. In this paper, we tackle the problem of secure routing by considering a generic policy-driven routing approach, and focus on the steps required to verify in a fully distributed manner that a search query is routed in accordance to a requester’s preferences and detect cheating nodes. We present an efficient and effective verification method for query routes, that is agnostic to the specific routing algorithm being used and achieves strong security guarantees. We cast our approach in the context of content dissemination networks (CDN) and show through experimental evaluations the performance of our approach.

Efficient Network Path Verification for Policy-routedQueries

Resource discovery in unstructured peer-to-peer networks causes a search query to be flooded throughout the network via random nodes, leading to security and privacy issues. The owner of the search query does not have control over the transmission of its query through the network. Although algorithms have been proposed for policy-compliant query or data routing in a network, these algorithms mainly deal with authentic route computation and do not provide mechanisms to actually verify the network paths taken by the query. In this work, we propose an approach to deal with the problem of verifying network paths taken by a search query during resource discovery, and detection of malicious forwarding of search query. Our approach aims at being secure and yet very scalable, even in the presence of huge number of nodes in the network.

WS-Rec: Web services recommendations using heterogeneous criteria

Web service selection involves finding services from a possibly large database of similar services. The challenges involved in finding a suitable service include large time consumption, and difficulty of finding a perfect match according to the user specified search keywords. For instance, users may have privacy and security concerns, as the information involved with service selection and provisioning may be sensitive for both providers and users. In this paper, we define an approach to provide customized recommendation of composite services according to a variety of user-specified criteria, including classic quality of service as well as complex privacy and security dimensions. We conduct an extensive experimental evaluation, using datasets of actual WSDL documents and comparing our algorithms with state-of-the-art solutions. Our experimental evaluation demonstrates that our algorithms are both effective and efficient.