Information Flow Analysis of Web Service Net

A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface information flow; critical information is checked to see whether it is disclosed through the interface information flow. Vulnerability proliferation of a service net is found through analyzing process of interface calling between two web services in which the critical information is transmitted and disclosed. A security report describing test results of a test scene is provided to verify the correctness of security analysis process.