Dissertation > Industrial Technology > Automation technology,computer technology > Computing technology,computer technology > Computer applications > Computer network > General issues > Computer Network Security

Research on Web Services Secure Communication Model

Author LiChengCheng
Tutor ZhangYongSheng
School Shandong Normal University
Course Applied Computer Technology
Keywords Web Services WS-Security XML digital signature XML Encryption Access control
CLC TP393.08
Type Master's thesis
Year 2010
Downloads 89
Quotes 2
Download Dissertation

Web services as a new Web application model, with its platform-independent, loosely coupled, openness and other fine features in many fields in recent years has been widely applied. At the same time, Web services are applications exposed many vulnerabilities, Web services face many technical challenges, security is one of them. In order to ensure the normal use of Web services, Web services security is a top priority, the Web services security requirements, including data confidentiality, integrity, non-repudiation and many other aspects, in addition to its own dynamic joint distribution characteristics of traditional security technologies such as firewalls, SSL / TLS, etc. can not meet the security needs of the overall Web services, Web services security issues more and more attention. This paper focuses on Web services communication security issues, the main work is as follows: 1. Analysis of the concept of Web services and features, as well as the key technology of Web services, including XML technology and WSDL, UDDI and SOAP. Analysis of the security challenges faced by the Web services communication and security needs, the currently existing Web services security communication technology study. Insufficient to protect the security of Web services communication, Web services dynamic joint, distribution and other characteristics as well as existing security technologies discussed in detail the WS-Security specification and XML Digital Signature and XML Encryption technology, communications security technology, and Web services access control security norms SAML and XACML research. To the original SOAP-based Web services security communication mechanism based on the communication model of the Web services security model includes two sub-models of message processing model and access control model to solve the problem in the Web services security communication. (3) in the message handling sub-model, combined with the WS-Security specification and XML Digital Signature and XML Encryption specification design XML signature components and XML encryption component; proposed to prevent re-add security serial number and timestamp in the SOAP message header pass attack in order to meet the non-repudiation. XML signature components for Web services communications to provide data integrity and authentication, XML encryption components meet the confidentiality of the SOAP message. The message processing model to solve the security issues of the Web service information during transmission. Analysis of existing access control models, including traditional access control model of discretionary access control model, mandatory access control model and role-based access control model, as well as several new access control model, based on role-based access control model and attribute-based access control model based on hierarchical access control attribute-based role model, and gave details of the model elements of the definition of policy rules, provide access control for Web services. Classification attribute-based role access control model to deal with the role as an attribute of the entity, and the role is divided into service-level and resource-level two access control module to solve the authentication problem after the message arrives. Apache Axis2 analysis, detailed information on its working methods and workflow and design of components by Handlers Integration Axis. The innovation of this paper is to propose to add a time stamp and serial number, to prevent replay attack, to ensure non-repudiation in the SOAP message. Attribute-based access control model and role-based access control model was designed based on a classification attribute-based role access control model, the model inherited access control model based on the attribute-based access control model has the advantage, and the role of this behavior to enable richer semantic role using a hierarchical manner, making access more granular.

Related Dissertations
More Dissertations