Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Zhuoren Jiang,Yan Chen,Ming Yang

DOI: https://doi.org/10.1109/ICIME.2010.5477923

2010-01-01

Abstract:Recently, SOA plays a more and more important role in software research and software development. On the basis of the research findings on SOA, this paper presents an innovative model for applying SOA: Multi-layer Structure For Dynamic Service Integration (MSFDSI). The paper expatiates on the organization of MSFDSI, on the basis of typical organization of SOA, MSFDSI adds a authorized institution and a service integration & analysis adapter to achieve the service authorization, service analysis and dynamic service integration. The paper also presents the hierarchy of MSFDSI, analyzes its service, proposes innovative concepts of coordination service and procedural service which traditional SOA models never contain, gives the Meta-model for service contracts and describes the main process of MSFDSI. Moreover, this paper gives a real case study of applying this model in a project of "Maritime and shipping integrated system of Yunnan Province". The case study shows that MSFDSI separates the business logic and the specific implementation technology, achieves the dynamic service integration successfully, improves the performance of system and provides a new and effective solution for applying SOA.

RUAN Tong,JIN Zhi-chao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.011

2013-01-01

Abstract:Web service security tools nowadays provide security configuration functionality at single Web services level,neglecting security requirement from business process layer.A Web service security framework towards multi-party collaboration application is proposed in this paper,which incorporates the enterprise business process management with security processes including security modeling,deployment and monitoring.Corresponding modeling tools,converting tools and monitoring tools based on Secure-WSCDL are constructed,synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture.It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.

Junyi Deng,Zhiyi Fang,Yongbo Ma,Peng Xu,Xingchao An

DOI: https://doi.org/10.1109/wicom.2009.5302399

2009-01-01

Abstract:As an open architecture, SOA (Service-Oriented Architecture) provides developers with more freedom. However, its security problem goes from bad to worse. By taken a bank transfer with proxy as an example, this paper analyzed the security issue of SDO (Service Data Object) data model and proposed an mechanism to make sure that the integrity, confidentiality and non-repudiation of SDO data model are preserved by applying encryption/decryption, digest, digital signature and so on. Finally, by applying WIN and WPS tools, this mechanism was developed and its performance was evaluated.

Chen Guilin,Zhao Shenghui,Chen Haibao,Ji Chengchao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.025

2009-01-01

Abstract:Current Web services security technologies are relatively independent.However,it needs an overall security design for the whole application integrating solution.An integrated Web services security model is proposed,where the formal definition of the model and the key implementation techniques are given.The model achieves following security targets:uniform identity authentication based on certification,role-based access control and secure SOAP message transmission,which makes the model have characteristics of openness and dynamic adaptation.A prototype system is developed based on this model,the running results show that it can achieve above three secure targets,and makes the whole system more secure than single security technology.

Oldooz Karimi

DOI: https://doi.org/10.48550/arXiv.1108.1314

2011-08-05

Abstract:In this article, we examine how security applies to Service Oriented Architecture (SOA). Before we discuss security for SOA, lets take a step back and examine what SOA is. SOA is an architectural approach which involves applications being exposed as "services". Originally, services in SOA were associated with a stack of technologies which included SOAP, WSDL, and UDDI. This article addresses the defects of traditional enterprise application integration by combining service oriented-architecture and web service technology. Application integration is then simplified to development and integration of services to tackle connectivity of isomerous enterprise application integration, security, loose coupling between systems and process refactoring and optimization.

Software Engineering

Y Rao,Bq Feng,Jc Han

DOI: https://doi.org/10.1007/978-3-540-30208-7_49

2004-01-01

Abstract:A security architecture model for web services, Security extended-Resources, Services, Roles, Protocols and Methods (SX-RSRPM) model, was proposed based on the conceptions about security of web services and Degree of Safety for Web Services (DoS4WS), which is a qualitative analysis index of Web Services security, in the paper. This model could effectively increase the value of DoS4WS by the extended emerging XML-based security of protocol stacks and a new affiliated role as security CA center. In addition, an integrated security solution has been developed and the results in practice show that this solution can build a confidence security environment for all roles and provide a flexible and extensible security manage mechanism.

Zhang Mi,Cheng Zunping,Ma Ziji,Zang Binyu

DOI: https://doi.org/10.1109/CIT.2005.47

2005-01-01

Abstract:With the emerging applications based on Web Service, end-to-end security becomes more and more important. SSL and current XML security schemas cannot reach the demand of it. This paper proposes a novel security model -- ESM, which integrates some popular XML security schemas and constructs a layered model based on SOAP message transport mechanism. It's aiming at the end-to-end security issues in Web Service environment. Compared with other security models known to us, this model is more comprehensive and flexible.

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.

Jian Yin,Chunqiang Tang,Xiaolan Zhang,Michael McIntosh

2006-01-01

Abstract:With the rapid adoption of the Service Oriented Architecture (SOA), sophisticated software systems are increasingly built by composing coarse-grained service components offered by different organizations through standard web ser- vice interfaces. The ability to quantify end-to-end security risks of composite software services is extremely valuable to businesses that increasingly rely on web applications to interact with their customers and partners. In this position paper, we propose a framework that predicts the probability of end-to-end secu- rity breaches of a software service by using a combination of three models: (1) a software security model that describes the probability distribution of security bugs in individual components, (2) a service composition model that describes the interactions of components and the contribution of security bugs in individ- ual components to the overall security of the service, and (3) a hacking exposure model that estimates hackers' knowledge of individual components and hence the probability that a security hole, if exists, may be exploited.

Yunfei Meng,Zhiqiu Huang,Senzhang Wang,Yu Zhou,Guohua Shen,Changbo Ke

DOI: https://doi.org/10.48550/arXiv.1908.10201

2019-08-23

Cryptography and Security

Abstract:Service-oriented architecture (SOA) system has been widely utilized at many present business areas. However, SOA system is loosely coupled with multiple services and lacks the relevant security protection mechanisms, thus it can easily be attacked by unauthorized access and information theft. The existed access control mechanism can only prevent unauthorized users from accessing the system, but they can not prevent those authorized users (insiders) from attacking the system. To address this problem, we propose a behavior-aware service access control mechanism using security policy monitoring for SOA system. In our mechanism, a monitor program can supervise consumer's behaviors in run time. By means of trustful behavior model (TBM), if finding the consumer's behavior is of misusing, the monitor will deny its request. If finding the consumer's behavior is of malicious, the monitor will early terminate the consumer's access authorizations in this session or add the consumer into the Blacklist, whereby the consumer will not access the system from then on. In order to evaluate the feasibility of proposed mechanism, we implement a prototype system. The final results illustrate that our mechanism can effectively monitor consumer's behaviors and make effective responses when malicious behaviors really occur in run time. Moreover, as increasing the rule's number in TBM continuously, our mechanism can still work well.

Cheng Zhan,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.007

2008-01-01

Abstract:Web Service security problem is one of the highlighted topics in information security area recently.This article presents two security mechanisms for Web Services,transport-level security and message-level security.Then the security technology used to implement message-level security is introduces in detail.Finally,it gives a conclusion to Web Service security and proposes a new Web Service layered security model.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

Wenbin Jiang,Hao Dong,Hai Jin,Hui Xu,Xiaofei Liao

DOI: https://doi.org/10.1007/978-3-642-37015-1_23

2013-01-01

Abstract:Web service technologies have been widely used in diverse applications. However, there are still many security challenges in reliability, confidentiality and data nonrepudiation, which are prominent especially in some Web service systems that have massive resources in diverse forms. An enhanced mechanism for secure accesses of Web resources is presented and implemented based on the combination of modules of identity authentication, authorized access, and secure transmission to improve the security level of these systems. In the identity authentication, the highly safe and recognized authentication method U-Key is used. For the aspect of authorized access, the integration of an improved Spring Security framework and J2EE architecture is applied to ensure authorized access to Web resources, while the security interceptor of Spring Security is extended and a series of security filters are added to keep web attacks away. Moreover, some improvements of the XML encryption and XML decryption algorithm are made to enhance the security and speed of data transmission, by means of mixing RSA and DES algorithm. The above security mechanism has been applied to an online virtual experiment platform based on Web services named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems degreased dramatically.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

WU Zhen,CUI Jian,ZHOU Chang-ling,ZHANG Bei

DOI: https://doi.org/10.3969/j.issn.1001-7445.2011.z1.030

2011-01-01

Abstract:By means of researching and analyzing the reports of multiple security organizations,consortiums and corporations,we discover that web application security is becoming more vital in campus network.Based on the OWASP and the WASC,we designed a multidimension web application security architecture,and used the firewall,web application firewall,intrusion detection system,intrusion prevention system,vulnerability scan system,bastion host and auditing system to implement the architecture.We chose 50 representative web applications from Peking University campus network to study and analyze the logs from these web applications and security devices,and the results prove the validity of the multidimension web application security architecture.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

Yang Li,Ya-li Peng,Guo-hua Zhan,Liang Zhang

DOI: https://doi.org/10.1109/icnsc.2008.4525424

2008-01-01

Abstract:With the large growth in number of asynchronous call of Web service, current SOA architecture infrastructure becomes insecurity and inefficiency. This paper proposes a semantic model and an AMHKA (asynchronous message host key authentication) algorithm of asynchronous call for Web service security. With the definition of OSIABSD (optimize security invoking algorithm based on service domain), it gives a security optimize algorithm based on this method. The performance of AMHKA and OSIABSD are discussed by experiment datum.

Zeng Xiu,Peng Hong,Zuo Guo-wei

DOI: https://doi.org/10.3969/j.issn.1009-8526.2008.02.013

2008-01-01

Abstract:This article puts forward a secure model of Web Service based on the expansibility of SOAP with secure specification of Web Services.The model extends authorized information in addition to generally extending the security of SOAP.It has four features: safety of end to end,safety of saving information,independence of application,independence of Deliver.

LIU Xiang,LIU Jia-hong,WU Quan-yuan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2007.18.062

2007-01-01

Abstract:Currently, public security domain has information systems developed and deployed with proprietary technologies and skill sets, which in turn results in an accidental architecture. SOA-based application integration enables building distributed computing systems with agile business processes, thus promotes rapid response against changes of business requirements. An SOA-based application in- tegration solution for public security domain is presented, an SOA-based integration platform which enables seamless integration of ap- plications is studied and implemented, business dates and business processes in public security applications and achieves a fast solution for collaborative case and official business handling.