The hybrid model for web services security Access control and information flow control

The openness and accessibility of the web Services on the Internet makes them vulnerable to various attacks. Therefore, security solutions are necessary to restrict access to web services and objects they manipulate. In this paper, we propose a hybrid model that incorporates a mechanism for access control (AC) and a mechanism for information flow control (IFC). The AC mechanism controls user access to web services methods and uses the concept of role to represent a functionality of web services methods and attributes for trust management between service providers and requesters. The IFC mechanism associates labels to the objects of the system to control access to them and verify information flows between these objects to ensure the information confidentiality and integrity.