TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

XIONG Guang-cai,MU De-jun,ZHANG Xin-jia,JI Guo-jun

2012-01-01

Abstract:With the extensive application of web services and the rapid development of network technology,a web service security framework,which is compatible to various clients,is in need.We use the file configuration,encryption algorithm and program control module,implement a web service security framework which satisfies WS-Security specification based on Axis2.The service communicates with various clients under SOAP protocol.The experimental results indicate that the framework implements digital signature,message encryption,roles based access control and could communicate with various web services clients that are based on SOAP network communication protocol,has a good security and compatibility.The security framework is an efficient solution for web service of enterprise.

Wenbin Jiang,Hao Dong,Hai Jin,Hui Xu,Xiaofei Liao

DOI: https://doi.org/10.1007/978-3-642-37015-1_23

2013-01-01

Abstract:Web service technologies have been widely used in diverse applications. However, there are still many security challenges in reliability, confidentiality and data nonrepudiation, which are prominent especially in some Web service systems that have massive resources in diverse forms. An enhanced mechanism for secure accesses of Web resources is presented and implemented based on the combination of modules of identity authentication, authorized access, and secure transmission to improve the security level of these systems. In the identity authentication, the highly safe and recognized authentication method U-Key is used. For the aspect of authorized access, the integration of an improved Spring Security framework and J2EE architecture is applied to ensure authorized access to Web resources, while the security interceptor of Spring Security is extended and a series of security filters are added to keep web attacks away. Moreover, some improvements of the XML encryption and XML decryption algorithm are made to enhance the security and speed of data transmission, by means of mixing RSA and DES algorithm. The above security mechanism has been applied to an online virtual experiment platform based on Web services named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems degreased dramatically.

Bao Liu,Minhua Shi,Deren Chen

2001-01-01

Abstract:Web Services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the Web. Yet the problem emerges as different Web Services interoperate each other. In this paper we recommend the Simple Object Access Protocol (SOAP)[1] as the communication standard in the Web Services Architecture to solve the problem.First, we describe what is Web Services and present the architecture of it. Then, according to the challenge that Web Services faces, we address the key enabling technologies of which SOAP be composed. SOAP has many advantages that other binary protocols, such as Java RMI, do not have. Finally, by introducing an E-business model based on the integration of SOAP, UDDI [2], MQ [3] etc., we show the manner and flow of SOAP to implement Web Services architecture.

王凡,李勇,朗宝平,李程旭

2004-01-01

Journal of Computer Applications

Abstract:This paper first introduces WS-Security specification and Web service security architecture. Then it details how to secure SOAP message exchange with WS-Security in a simplified e-commerce scenario. This paper also discusses some possible security problems with WS-Security,including replaying attacks,and gives a simple challenge-response model. Finally,it introduces the implementations and development kits of WS-Security.

张艳,周明天,佘堃

DOI: https://doi.org/10.3969/j.issn.1001-3695.2008.07.074

2008-01-01

Abstract:Web services provide interface access to the software.And the interface realizes the calls of services on the Internet.Web services are based on XML.They make use of XML-based protocols to describe operations to be performed and data to exchange with one another regardless of location and operating systems.SOAP is a transfer protocol of Web services whose messages have universally adopted XML as the mechanism for encoding data.XML is located at message layer in the whole Web services application.XML engine deals with XML data in the Web services,therefore it is named the message layer gateway.On the XML Engine platform,with the help of DSO mechanism,it can dynamically load the encryption,decryption,digital signature,validation,and filtrtion modules into the Apache server.XML Engine can filter the XML data to make sure the safety of Web services.Meanwhile,it is not only applied to SOAP package,but also to any situation relating to XML filtration.

Cheng Zhan,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.007

2008-01-01

Abstract:Web Service security problem is one of the highlighted topics in information security area recently.This article presents two security mechanisms for Web Services,transport-level security and message-level security.Then the security technology used to implement message-level security is introduces in detail.Finally,it gives a conclusion to Web Service security and proposes a new Web Service layered security model.

Zeng Xiu,Peng Hong,Zuo Guo-wei

DOI: https://doi.org/10.3969/j.issn.1009-8526.2008.02.013

2008-01-01

Abstract:This article puts forward a secure model of Web Service based on the expansibility of SOAP with secure specification of Web Services.The model extends authorized information in addition to generally extending the security of SOAP.It has four features: safety of end to end,safety of saving information,independence of application,independence of Deliver.

Xie Jialong,Qiu Weidong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.05.042

2006-01-01

Abstract:The current Web services architecture have standard limits and must supply to the multi-type client ends. How to protect the Web security services become very difficult. With the reference to core-components and protocols of the Web services, this thesis explains how to use the existing security technology to solve the hazard of the Web services security and it indicates the WS-security mechanisms that how to act in the Web services environment. Based on this, it analyses how to meet enterprise's require under the direction of the current secured framework.

Zhang Mi,Cheng Zunping,Ma Ziji,Zang Binyu

DOI: https://doi.org/10.1109/CIT.2005.47

2005-01-01

Abstract:With the emerging applications based on Web Service, end-to-end security becomes more and more important. SSL and current XML security schemas cannot reach the demand of it. This paper proposes a novel security model -- ESM, which integrates some popular XML security schemas and constructs a layered model based on SOAP message transport mechanism. It's aiming at the end-to-end security issues in Web Service environment. Compared with other security models known to us, this model is more comprehensive and flexible.

WANG Tian-jiang,JIANG Hua

DOI: https://doi.org/10.3969/j.issn.1007-130x.2007.04.004

2007-01-01

Abstract:Based on analyzing the requirements of Web services security,the paper proposes an extensible secure semantic Web services architecture(SSWSA),and introduces the process of dynamic service discovery, service engagement, service enactment and management,security hierarchy,and the corresponding security strategy of the model.The security of semantic Web services is improved effectively by extending the security of protocol stacks and appending a role of security certification.

CUI Jian-Ming,FAN Li-Lin,WANG Xiao-Dong

DOI: https://doi.org/10.3969/j.issn.1672-6871.2006.03.012

2007-01-01

Abstract:Security and reliability of Web Services-based distributed system is introduced.Main technologies of current Web Services data transfer are analyzed and their weak points discussed.On this base,a detailed solution,which is a combination of encryption and digital signature to communicate with customer-end with canonical XML,is put forward.The transfer security of share data and the reliable trust relation between Web Services Server and customer is enhanced by this solution.

周元哲,王荣喜

DOI: https://doi.org/10.3969/j.issn.1008-5564.2010.02.017

2010-01-01

Abstract:As one of the best methods to implement the Service Oriented Architecture,the Web Service gives the distributed computing and distributed platforms a good solution to solve the problems of interoperability and tight coupling,and it gives a new concept for dealing with the distributed problems.This paper introduces the frame of Web Service and the theories of WSDL,SOAP,Axis2 and JUDDI.A simple sample to introduced to explain the whole process of creating,deploying,finding and invoking the Web Service.

Lei Feng

2009-01-01

Abstract:The security problem of Web services must be taken into count in E-Commerce.SOAP protocol is core of Web services.But SOAP messages transmit in channel with XML documents and can be modified or revealed easily because they may stay or be transformed in middle nodes.In order to enhance Web security,according to SOAP security extension model,XML digital signature and encryption techniques are adopted to extend security of Web services.It can ensure confidentiality and integrality of SOAP messages in end-to-end transmission,and can authenticate user identity.

RUAN Tong,JIN Zhi-chao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.011

2013-01-01

Abstract:Web service security tools nowadays provide security configuration functionality at single Web services level,neglecting security requirement from business process layer.A Web service security framework towards multi-party collaboration application is proposed in this paper,which incorporates the enterprise business process management with security processes including security modeling,deployment and monitoring.Corresponding modeling tools,converting tools and monitoring tools based on Secure-WSCDL are constructed,synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture.It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.

Chen Guilin,Zhao Shenghui,Chen Haibao,Ji Chengchao

DOI: https://doi.org/10.3969/j.issn.1000-386X.2009.02.025

2009-01-01

Abstract:Current Web services security technologies are relatively independent.However,it needs an overall security design for the whole application integrating solution.An integrated Web services security model is proposed,where the formal definition of the model and the key implementation techniques are given.The model achieves following security targets:uniform identity authentication based on certification,role-based access control and secure SOAP message transmission,which makes the model have characteristics of openness and dynamic adaptation.A prototype system is developed based on this model,the running results show that it can achieve above three secure targets,and makes the whole system more secure than single security technology.

Wenbin Jiang,Hui Xu,Hao Dong,Hai Jin,Xiaofei Liao

DOI: https://doi.org/10.3906/elk-1303-12

2016-01-01

TURKISH JOURNAL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCES

Abstract:Web service-based application has become one of the dominative ones of the Internet. This trend brings more and more security challenges in reliability, confidentiality, and data nonrepudiation, especially in some systems that have massive diversified resources. An improved framework for secure accesses of Web resources is presented and implemented by extending and enhancing the Spring Security framework. It improves the security level of systems for identity authentication, authorized access, and secure transmission. The highly safe authentication is based on the integration of an improved authentication module of Spring Security with a U-key method and a RSA algorithm. For authorized access, the Spring Security's ACL (access control list) mechanism is improved by optimizing the domain object-level access control. For secure transmission, a compromising method is presented to take both the security level and the speed of data transmission into account by means of mixing the RSA and DES algorithms. In addition, the security interceptor of Spring Security is extended and a series of security filters are added to keep Web attacks away. The above improved security framework has been applied to an online virtual experiment platform named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems decreased dramatically. Moreover, VeePalms has been used in practice for about 2 years, which has proved the effectiveness of the security framework.

Jingfan Tang,Zhijun He

DOI: https://doi.org/10.1109/cscwd.2006.253075

2006-01-01

Abstract:This paper presents a novel model to support security in dynamic cooperation of cross-enterprise services. With the extended WSDL description and through the replication technique, the service replica can be dynamically deployed and executed on the optimum cross-enterprise server, which is selected from the registered servers in the enhanced UDDI center according to the server evaluation function. In order to ensure the safety and dynamically sharing of the cross-enterprise resources among the Web services, a security mechanism of trusted right delegation is introduced

张红伟,夏阳

DOI: https://doi.org/10.3969/j.issn.1009-3044.2009.13.022

2009-01-01

Abstract:Web service is a new application model for decentralized computing,and it is also an effective mechanism for the data and service integration on the web.With the development of Web Service in different areas,security issues are being focus on.Through analyzing the drawbacks of using SSL to secure the Web Services,this paper improves the SSL to meet the need of end-to-end security.So that the ESSL can satisfy the end-to-end security need of Web Services.