Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

ZHENG Lan,CHEN Qi

DOI: https://doi.org/10.3969/j.issn.1000-7024.2005.07.058

2005-01-01

Abstract:With the rapid growth of internet and enterprises on a global scale, the use of directories as accessible repositories providesa flexible and various solution for gathering, storage and accessing information. The design and implementation of an unified accesscontrol system supporting single-sign-on areintrodueed, whichis based on LDAPdirectory and combines access controls ofall applicationsystems to realize security access system of unified users management. The system used middleware technology to efficiently resolvethe bottleneck problem when a lot of users accesed LDAP database.

Zhenxing Luo,Nuermaimaiti Heilili,Dawei XU,Chen Zhao,Zuoquan Lin

DOI: https://doi.org/10.1007/11780991_9

2006-01-01

Abstract:We present the design and implementation of the WebDaemon Security Gateway (WDSG) with the techniques of event-driving, non-blocking IO multiplexing, secure cookies, SSL and caches based on PKI framework and role-based access control (RBAC) policy. It not only supports massive concurrency and avoids the pitfalls of traditional block I/O based design, but also is able to secure all the resources of an enterprise and reduce the cost and complexity of administration.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

WU Jing,PENG Qi-rui,LI Qing,LIU Yong-qing

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.08.002

2010-01-01

Abstract:To overcome the universal challenge of distributed application integration for Chinese enterprise groups and solve the problem of shared management and cross-domain access control of the service resources under SOA, a whole web service management method is presented. By designing an infrastructure based on Service-Access-Agent and a global authentication and authorization mechanism, the security of the integrated system is ensured with low cost. Meanwhile, by using a registration service based on global unique ID and dynamic invocation mechanism, the agility and loose coupling of SOA are improved. The good adaptability and practical value of the method has been shown by engineering application in a typical group enterprise.

Fan Zhang,Ji Gao,Hang Guo,Peiyou Zhu,Beishui Liao

DOI: https://doi.org/10.1109/WCICA.2006.1714432

2006-01-01

Abstract:Web Services, as a wonderful distributed computing technology, are used in many business system, such as ERP and CRM. However, dynamical nature of web services and changeful business requirements result in increasing complexities of management of web services, especially in large-scale business system. In this paper, we present architecture of autonomic management for web services base on federated multi-agent system. It uses task agent as a container of web services to manage web services and has an autonomic cooperation mechanism to share information and cooperate among task agents, manager agents and middle agents in agent federation to finish some computing tasks.

BS Liao,J Gao,J Hu,JJ Chen

DOI: https://doi.org/10.1109/icmlc.2004.1380585

2004-01-01

Abstract:Presently, resource sharing and integration within or cross enterprises (organizations) based on Web services, semantic Web and agents, are developing rapidly. However, different level of requirements of enterprise applications, and dynamic nature of Web services and application requirements, result in increasing complexities of management of Web services and related agents. This paper proposes a federated multi-agent system for autonomic Web services control. The main point of this paper is to propose an approach based on hierarchical architecture-oriented agent federations to control the internal cooperation and external coordination and transaction of Web services. In addition, an agent infrastructure to realize this system was developed and a simulated test was conducted successfully.

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

Zhu Donglai,Han Weili

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.05.061

2006-01-01

Abstract:Usually there are many application systems in an enterprise.These applications mostly need an access control module to control access to sensitive information in the enterprise.But it is complicated and fallible for the security administrator(or system security officer) to manage all security policies in different applications.This paper introduces an access control service for multi enterprise applications which is based on J2EE(Java 2 platform,Enterprise Edition).The paper discusses three methods to invoke reference monitor of the access control service,embedded invoking,asynchronized embedded invoking using JMS and asynchronized distributed invoking using JMS.These methods can meet the different requirements of enterprise applications.finally,the paper discusses some guidelines and technologies which optimize the efficiency of reference monitor.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

XU Xiangrong,GU Xinjian,YE Zuoliang

DOI: https://doi.org/10.3969/j.issn.1005-2402.2006.09.013

2006-01-01

Abstract:The sharing and inner operating between different applications have become increasingly insistent demands in the process of implementing enterprise informationization. Firstly, the current situation of the existed information systems in the enterprise was analyzed. Secondly, the limitations of the traditional integration techniques were discussed. Thirdly, the advantage of Web services was described and an enterprise application integration framework based on Web services was presented. Finally, an integration example was provided about system integration between product configuration and parts library.

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/APCC.1999.820481

1999-01-01

Abstract:Security management is one of the five management functions defined by ISO/OSI, which covers two aspects: security of management and management of security. As to management of network security, we give security management requirements for large computer networks, combined with our management experience of managing CERNET. From our experience, the widely used firewalls in the Internet are lacking in the capability to be remotely managed on a large scale, especially multi-vendor network environment. Addressing these problems, the concept of high level security policy management is proposed for large networks. To support high level policy management and collaborative management of multi-vendor firewalls, a definition for a common firewall MIB (CFWMIB) and a common format for the TRAP events record are proposed. For the aspect of security of network management, we present a security architecture which is implemented in our web-based network management system. Flexible authentication and role-based access control mechanisms of the architecture are described. Our ongoing and future research is also outlined.

Hao Zeng,Dianfu Ma,Yongwang Zhao,Zhuqing Li

DOI: https://doi.org/10.1007/s11761-013-0143-5

2013-01-01

Abstract:Due to the dynamic, heterogeneous and interorganizational nature, different web services and different ports or operations in the same service, even the same services at different times may have their different security requirements because of their different security domains and different business backgrounds. How to design a flexible, fine-grained and comprehensive architecture for web services security processing has become a matter of great urgency. However, no ideal solutions have been worked out for these problems. As a result of our study, we have presented in this paper a policy-based architecture termed policy-based architecture for web services security processing (PBA4WSSP) to meet the dynamic, complete and fine-grained security requirements. In PBA4WSSP, the processing of all security problems is based on security policy in service stage to support flexibly security configuration. Moreover, we have designed a service policy model to describe the fine-grained security requirements. And the conversion method between security policy model and security policy expression has also been described. In addition, a staged complete security processing architecture is provided to reduce the dependency among protocol implementations. Furthermore, with PBA4WSSP, a web service security module has been designed and implemented as well. Eventually, the performance evaluation results amply demonstrate that our system is flexible and usable.

HU He,ZHANG Qin,CHEN Guo-qing,YANG Yang

DOI: https://doi.org/10.3724/SP.J.1087.2011.00577

2011-01-01

Journal of Computer Applications

Abstract:In order to achieve the goal of unified scheduling and unified management in application system,unified authentication and authorization has become more and more important and sophisticated.The background and the goal of unified authentication and unified authorization system were analyzed firstly,then the unified authentication,authorization and Web services were analyzed and compared,and a unified method of authentication and authorization in enterprise combining the Web services was proposed;therefore,it was more convenient to administer the concrete application system for administrator,which truly reconstructed completely unified authentication and authorization,and the design and implementation of the concrete service specification(or interface) by the practical project were given.

WU Zhen,CUI Jian,ZHOU Chang-ling,ZHANG Bei

DOI: https://doi.org/10.3969/j.issn.1001-7445.2011.z1.030

2011-01-01

Abstract:By means of researching and analyzing the reports of multiple security organizations,consortiums and corporations,we discover that web application security is becoming more vital in campus network.Based on the OWASP and the WASC,we designed a multidimension web application security architecture,and used the firewall,web application firewall,intrusion detection system,intrusion prevention system,vulnerability scan system,bastion host and auditing system to implement the architecture.We chose 50 representative web applications from Peking University campus network to study and analyze the logs from these web applications and security devices,and the results prove the validity of the multidimension web application security architecture.

Zhong Chen

2008-01-01

Abstract:Based on the Semantic Web technology extends the scope of policy management, In Web access control security through the reasoning of the policy to achieve the dynamic process of adjustment, presents a Web services security visit to the multi-level policy approach, for the next generation of Web services application in a useful exploration.

Ganesh Vaidyanathan,Steven Mautone

DOI: https://doi.org/10.1145/1610252.1610284

IF: 22.7

2009-12-01

Communications of the ACM

Abstract:Introduction The processes behind corporate efforts to create, manage, publish, and archive Web information has also evolved using Web Content Management Systems (WCMS). WCMS allow teams to maintain Web content in a dynamic fashion through a user friendly interface and a modular application approach. This dynamic "on-the-fly" content creation provides Web site authors several advantages including access to information stored in databases, ability to personalize Web pages according to individual user preferences, and the opportunity to deliver a much more interactive user experience than static Web pages alone. 11 However, there are distinct disadvantages as well. Dynamically generating Web content can significantly impact Web server performance, reduce the scalability of the Web site and create security vulnerabilities or denial of service. 11 Organizations are adopting information technology without understanding such security concerns. 1 Moreover, as Mostefaoui 7 points out, even though many attempts have been made to understand the security architecture, a generic security framework is needed. Recent research amplifies the concerns and benefits of security in open source systems. 2 However, there is a need for organizations to understand how to evaluate these open source systems and this paper highlights how an evaluation technique in terms of security may be used in an organization to assess a short list of possible WMCS systems. This article focuses on security issues in WCMS and the objective is to understand the security issues as well as to provide a generic security framework. The contributions of this paper are to: 1. Integrate the goals of security with eight dimensions of WCMS, 2. Specify how to secure the eight dimensions of WCMS, 3. Formulate a framework of security using this integrated view of security goals and security dimensions, and 4. Address the security of the Web architecture at WCMS software application level using the framework and evaluate security features in popular WCMS used in the industry.

computer science, theory & methods, software engineering, hardware & architecture