Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Peng Qi-rui,Wang Cheng,Wu Jing,Li Jun

DOI: https://doi.org/10.1109/icsess.2010.5552305

2010-01-01

Abstract:To integrate distributed information systems in group companies, people favor the Service-Oriented-Architecture (SOA) for its features such as loose-coupling and standardization. But SOA brings security problems. Consequently, an authentication and authorization solution is proposed in this paper. By designing security architecture based on Service-Access-Agent, this solution can simplify the security program, and bring good to the system flexibility and loose coupling, thereby meet the integrated system's requirements for dynamics and agility. This solution has been applied to a project of “national 863 plan”, and shown its validity in engineering practices.

Bin Xu,Xiaohu Yang,Yuanhong Shen,Shanping Li,Albert Ma

DOI: https://doi.org/10.1109/cts.2008.4543958

2008-01-01

Abstract:Software architecture is the backbone of a software- intensive system, many architecture models and styles are struggling to make the artifacts more understandable and reusable. Service-oriented programming is proposed to support reusing and enhancing distributed system development and a service-oriented architecture is essentially a collection of services which communicate with each other. However, the practitioners face the trouble in defining the services and identifying the communication request between all the services. Here in this paper, we adopted a role based architecture model named E-CARGO to facilitate the service definition and communication request identifying. An experience was conducted in prototyping a community support system and E-CARGO model was extended with data and authority access in the case study. The case study indicated that the suggested model could facilitate communication request identifying and service definition and could be helpful in identifying the authority control request during role shifting.

Bao Liu,Minhua Shi,Deren Chen

2001-01-01

Abstract:Web Services are self-contained, modular applications that can be described, published, located, and invoked over a network, generally, the Web. Yet the problem emerges as different Web Services interoperate each other. In this paper we recommend the Simple Object Access Protocol (SOAP)[1] as the communication standard in the Web Services Architecture to solve the problem.First, we describe what is Web Services and present the architecture of it. Then, according to the challenge that Web Services faces, we address the key enabling technologies of which SOAP be composed. SOAP has many advantages that other binary protocols, such as Java RMI, do not have. Finally, by introducing an E-business model based on the integration of SOAP, UDDI [2], MQ [3] etc., we show the manner and flow of SOAP to implement Web Services architecture.

Fengyu Zhao,Xin Peng,Wenyun Zhao

DOI: https://doi.org/10.1109/icis.2009.80

2009-01-01

Abstract:In service oriented architecture (SOA) environment, the communication and infrastructure security is crucial. The most important specification addressing Web services security is WS-Security, which collaborates with the SOAP message specifications, providing integrity, confidentiality and authentication for Web services. However, WS-Security focuses SOAP message security between trusted partners. In SOA applications, there are other vulnerabilities which can be exploited to attack by anonymous customer or even trusted partners, and these vulnerabilities do not gain enough attention as WS-Security. Among them, denial-of-service (DoS) is one attack cluster, which exhausts computer and network resources and reduces the availability of Web services. Another one is sensitive data leakage in a specific application domain. In this paper, the security of SOA applications is viewed as the security domain and a three-tier domain was divided based on security domain analysis. For each security sub-domain, security requirement scenario and requirements are presented. The security domain models were given which can be used to build up security services for sub-domain. Based on security model and security service assets, which can evolve along with understanding on security domain, the developers can establish the security implementation for SOA application integration.

Y Rao,Bq Feng,Jc Han

DOI: https://doi.org/10.1007/978-3-540-30208-7_49

2004-01-01

Abstract:A security architecture model for web services, Security extended-Resources, Services, Roles, Protocols and Methods (SX-RSRPM) model, was proposed based on the conceptions about security of web services and Degree of Safety for Web Services (DoS4WS), which is a qualitative analysis index of Web Services security, in the paper. This model could effectively increase the value of DoS4WS by the extended emerging XML-based security of protocol stacks and a new affiliated role as security CA center. In addition, an integrated security solution has been developed and the results in practice show that this solution can build a confidence security environment for all roles and provide a flexible and extensible security manage mechanism.

Oldooz Karimi

DOI: https://doi.org/10.48550/arXiv.1108.1314

2011-08-05

Abstract:In this article, we examine how security applies to Service Oriented Architecture (SOA). Before we discuss security for SOA, lets take a step back and examine what SOA is. SOA is an architectural approach which involves applications being exposed as "services". Originally, services in SOA were associated with a stack of technologies which included SOAP, WSDL, and UDDI. This article addresses the defects of traditional enterprise application integration by combining service oriented-architecture and web service technology. Application integration is then simplified to development and integration of services to tackle connectivity of isomerous enterprise application integration, security, loose coupling between systems and process refactoring and optimization.

Software Engineering

Yang Li,Ya-li Peng,Guo-hua Zhan,Liang Zhang

DOI: https://doi.org/10.1109/icnsc.2008.4525424

2008-01-01

Abstract:With the large growth in number of asynchronous call of Web service, current SOA architecture infrastructure becomes insecurity and inefficiency. This paper proposes a semantic model and an AMHKA (asynchronous message host key authentication) algorithm of asynchronous call for Web service security. With the definition of OSIABSD (optimize security invoking algorithm based on service domain), it gives a security optimize algorithm based on this method. The performance of AMHKA and OSIABSD are discussed by experiment datum.

W. T. Tsai,Xiao Wei,Yinong Chen,Ray Paul,Jen-Yao Chung,Dawei Zhang

DOI: https://doi.org/10.1007/s11761-007-0018-8

2007-01-01

Service Oriented Computing and Applications

Abstract:Due to the dynamic nature, such as services composition and evaluation, it is critical for a Service-Oriented Architecture (SOA) system to consider its data provenance, which concerns security, reliability, and integrity of data as they are being routed in the system. In a traditional software system, one focuses on the software itself to determine the security, reliability, and integrity of the software. In an SOA system, however, one also needs to consider origins and routes of data and their impact, i.e., data provenance. This paper first analyzes the unique nature and characteristics of data provenance in an SOA system, particularly related to data security, reliability, and integrity. Then it proposes a new framework for data provenance analysis in an SOA system. Finally, this paper uses an example which illustrates these techniques.

Fang Miao,Wenjie Fan,Wenhui Yang,Yan Xie

DOI: https://doi.org/10.1145/3309074.3309093

2019-01-01

Abstract:DOSA (Data-Oriented Security Architecture, or Data Ownership-based Security Architecture) is an architecture for data protection and application in an open Internet environment. DOSA combines data with ownership by using digital certification authentication (CA) and public key infrastructure (PKI). The DOSA is simply described as one body with two wings. The one body is that the data must be combined with ownership. The one wing is that the data should be innately registered. Another wing is that the data should be innately encrypted with the data owner's public key. To share data and make data applicable, DOSA also establishes the authorization of data ownership for data sharing, the recording of data operation for data history tracing, the data behaviour analysis for the discovery of illegal use of data, and the data usage statistics for the assessment of data value, etc. Therefore, data can be securely shared and used in an open environment with ownership authorization. At the same time, data ownership is clarified; the interests of the data owner can be guaranteed.

Dongxi Zheng,Shaohua Tang,Shaofa Li

DOI: https://doi.org/10.1142/S0218126605002714

2011-01-01

Journal of Circuits Systems and Computers

Abstract:Web Services technology is suitable for cross-platform and cross-application integration. To secure systems based on Web Services, a single sign-on protocol for Web Services supporting several login modes are presented. The architecture and the formalized flow of the protocol are described. The protocol is also analyzed and proven using an extended SVO logic.

ZHU Lei,ZHOU Ming-Hui,LIU Tian-Cheng,MEI Hong

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.04.027

2005-01-01

Chinese Journal of Computers

Abstract:Service Oriented Architecture (SOA) is a method to design and construct loose coupling software systems. It turns the distributed applications developed on middleware into software services on Internet. Traditional permission management system on middleware has good flexibility and basically, meets the security requirements of closed system, but under SOA, it cannot meet the authorization requirements of requesting services and sharing resources between different nodes and systems. This paper proposes a service oriented permission management model, supporting delegation and reasoning to provide application developers with improved permission management mechanism and to expand capabilities of middleware to share resources and services across organizations. The above model is implemented and validated in a J2EE application server. The experiments show that the model has high flexibility and scalability, and it is reasonable that when over 50 clients request at the same time, response time increases a lot because of signature verifications and file IO operations.

Beibei Shao

2009-01-01

Abstract:The service-oriented architecture (SOA),which is utilized for application system integration for group enterprises, can adapt to the heterogeneous and distributed features of the systems, but has problems that challenge the system security. A cross-domain access control scheme is presented for enterprise applications to resolve the SOA security problems. The core idea is to build a uniform agent-based authentication and authorization system based on the conventional SOA implement model, which achieves shared management and access control of the service resources on the enterprise service bus (ESB) to ensure safe, reliable access across the security domains. This scheme enhances the syetem security, scalability and alterability in the informatization construction of large group enterprises.

CUI Jian-Ming,FAN Li-Lin,WANG Xiao-Dong

DOI: https://doi.org/10.3969/j.issn.1672-6871.2006.03.012

2007-01-01

Abstract:Security and reliability of Web Services-based distributed system is introduced.Main technologies of current Web Services data transfer are analyzed and their weak points discussed.On this base,a detailed solution,which is a combination of encryption and digital signature to communicate with customer-end with canonical XML,is put forward.The transfer security of share data and the reliable trust relation between Web Services Server and customer is enhanced by this solution.

Kun Ma,Chengping Fang,Bo Yang,Zhenxiang Chen

DOI: https://doi.org/10.1109/carpi.2012.6356412

2012-01-01

Abstract:Web Service is a popular technology for the development of distributed system, and its security becomes more and more important. The security of Web Service depends on the security of Simple Object Access Protocol (SOAP) message crucially. In this paper, not only the security extension of SOAP protocol is proposed, but also the architecture, syntax rule, work theory and the implementation method of the protocol based on the Open-Source Services Framework-Apache (CXF) are described in detail. Finally, an example of this application based on the protocol proves that our approach is feasible in practice. The properties added to the SOAP header are more comprehensive, you can choose one or two properties to use in different occasions. And the paper will be helpful to the developers who need to add security extension based on SOAP.

XU Feng,LAI Hai-Guang,HUANG Hao,XIE Li

DOI: https://doi.org/10.3321/j.issn:0254-4164.2005.04.028

2005-01-01

Chinese Journal of Computers

Abstract:Service oriented architecture (SOA) is an evolution of client/server architecture. A SOA based system can transparently incorporate services running on different software platforms. It could drive the costs down by achieving automated code generation, reuse, and interoperability. But it will cause the complexity of security management due to its loose couple and dynamic characteristics. The paper first reviews the development of access control technology, and then presents a workflow based and services oriented role based access control (WSRBAC) model. In the model, the authors introduce two notions of services and authorization transfer to describe dynamic service oriented architecture. In WSRBAC model, access control system can make its access control decisions by capturing practical relevant environmental context. It can realize access control with dynamic grant and adapt permissions based on the state of workflows and services. This model can enhance system security and provide flexibility in access control system.

RUAN Tong,JIN Zhi-chao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.02.011

2013-01-01

Abstract:Web service security tools nowadays provide security configuration functionality at single Web services level,neglecting security requirement from business process layer.A Web service security framework towards multi-party collaboration application is proposed in this paper,which incorporates the enterprise business process management with security processes including security modeling,deployment and monitoring.Corresponding modeling tools,converting tools and monitoring tools based on Secure-WSCDL are constructed,synchronizing business model and security model throughout the entire software engineering lifecycle in SOA architecture.It verifies the effectiveness of the model and the tools by the simplified international trade import and export process instance.

Ashish Kr. Luhach,Sanjay K. Dwivedi,C. K. Jha

DOI: https://doi.org/10.48550/arXiv.1407.2423

2014-07-09

Cryptography and Security

Abstract:Rapid increases in information technology also changed the existing markets and transformed them into e- markets (e-commerce) from physical markets. Equally with the e-commerce evolution, enterprises have to recover a safer approach for implementing E-commerce and maintaining its logical security. SOA is one of the best techniques to fulfill these requirements. SOA holds the vantage of being easy to use, flexible, and recyclable. With the advantages, SOA is also endowed with ease for message tampering and unauthorized access. This causes the security technology implementation of E-commerce very difficult at other engineering sciences. This paper discusses the importance of using SOA in E-commerce and identifies the flaws in the existing security analysis of E-commerce platforms. On the foundation of identifying defects, this editorial also suggested an implementation design of the logical security framework for SOA supported E-commerce system.

Zeng Xiu,Peng Hong,Zuo Guo-wei

DOI: https://doi.org/10.3969/j.issn.1009-8526.2008.02.013

2008-01-01

Abstract:This article puts forward a secure model of Web Service based on the expansibility of SOAP with secure specification of Web Services.The model extends authorized information in addition to generally extending the security of SOAP.It has four features: safety of end to end,safety of saving information,independence of application,independence of Deliver.

Songzhu Mei,Haihe Ba,Jiangchun Ren,Zhiying Wang,Geming Xia,Huaizhe Zhou

DOI: https://doi.org/10.2991/3ca-13.2013.8

2013-01-01

Abstract:Service-oriented architecture is a design paradigm for the larger-scaled heterogeneous enterprise information systems, and it is the enabling technology for remote and cross-organization e-business transaction. Trust and reputation among the cooperating parties are becoming increasingly vital in this scene, where services from different administration domains are deployed and cooperated. This paper presents a remote attestation platform for SOA. It gives out a complete solution for trust establishing in the SOA enabled IT systems with the supporting of the trusted platform module. The platform provides technique means for the trust management and remote attestation for service composition in the SOA environment.