共查询到20条相似文献,搜索用时 468 毫秒
1.
A key challenge in Web services security is the design of effective access control schemes that can adequately meet the unique security challenges posed by the Web services paradigm. Despite the recent advances in Web based access control approaches applicable to Web services, there remain issues that impede the development of effective access control models for Web services environment. Amongst them are the lack of context-aware models for access control, and reliance on identity or capability-based access control schemes. Additionally, the unique service access control features required in Web services technology are not captured in existing schemes. In this paper, we motivate the design of an access control scheme that addresses these issues, and propose an extended, trust-enhanced version of our XML-based Role Based Access Control (X-RBAC) framework that incorporates trust and context into access control. We outline the configuration mechanism needed to apply our model to the Web services environment, and provide a service access control specification. The paper presents an example service access policy composed using our framework, and also describes the implementation architecture for the system.This is an extended version of the paper that has been presented at the 3rd International Conference on Web Services (ICWS), San Diego, 6–9 July 2004.Recommended by: Athman Bouguettaya and Boualem Benatallah 相似文献
2.
随着Web服务技术的应用与发展,组合Web服务的安全问题日益突出。已有的Web服务安全规范只是指定实现单独的自治Web服务安全需求应该遵循的协议,尚没有一个被广泛接受的组合Web服务安全体系架构。指出了现有的Web服务组合安全框架研究的不足,分析了组合Web服务的安全模型的要求。针对Web服务应用模式,提出了一种基于Web服务协议栈的组合Web服务分层安全模型(HSM-WSC),并对每个层的安全功能进行了论述。HSM-WSC模型具有灵活性和可扩展性,能够满足Web服务组合的安全需求。最后还给出了HSM-WSC模型的实施机制。 相似文献
3.
4.
5.
一种基于多本体体系的语义Web服务访问控制方法 总被引:1,自引:0,他引:1
提出一种基于多本体体系的语义W cb服务访问控制方法。首先,基于分布式描述逻辑DDI,刻画了一种基
于桥接本体的跨域多本体体系,它为语义Web服务的访问控制提供了知识库;其次,在基于语义的访问控制方法基础
上,给出了适用于语义Wcb服务的访问控制模型;最后,设计了基于多本体体系的语义W cb服务访问控制方法及其
体系结构,并给出了该方法的案例应用。在语义Web服务的访问控制方法中,基于桥接本体的跨域多本体体系既为
各安全域的语义模型提供了语义关联,又保证了各安全域中语义表示的隐私性。 相似文献
6.
面向Web服务的基于属性的访问控制研究 总被引:4,自引:1,他引:4
Web服务是一种新的面向服务的计算模式,由于其异构性、多域性和高度动态性,它提出了独特的安全挑战。一个关键的安全挑战就是要设计有效的访问控制机制。但目前存在的访问控制机制大多是基于身份的,存在严重的管理规模和控制粒度问题。本文提出利用基于属性的访问控制(Attribute-Based Access Control,ABAC)机制来处理Web服务的访问控制问题。ABAC采用相关实体的属性进行授权决策,能解决管理规模问题,并提供细粒度的控制。另外,文中对ABAC进行了建模,讨论了其应用,最后还给出了一种实施框架。 相似文献
7.
8.
在Web服务组合中,外部子服务通常会定义访问控制策略以保护资源被安全的使用,同时组合脚本中也存在着复杂的逻辑控制结构,这两点因素使安全管理员在描述组合服务的访问控制策略变得非常复杂。提出一种基于条件的访问控制策略模型以及基于该模型的策略合成代数,将WS-BPEL语言中常见控制结构映射成策略合成表达式,通过合成外部子服务的访问控制策略,生成组合服务的访问控制策略。最后,设计了原型系统描述策略合成的流程。 相似文献
9.
根据邮局服务的特征及其安全控制机制,提出了Web服务与安全的统一集成模型。设计了Web服务流安全环控制机制,用于保障Web服务动态合成过程中,群体Web服务安全的协同统一、Web服务实体多项安全技术的集成管理以及Web事务的无缝连接。 相似文献
10.
11.
基于SOA的企业信息平台开发关键技术为研究对象,针对相关问题进行了讨论。首先简要概述了SOA的相关概念和特点,阐述了Web服务的相关内容,然后分析了SOA与Web服务,最后阐述了SOA安全控制的相关技术。旨在为基于SOA的企业信息平台开发提供安全性和可靠性方面的技术保证,同时对于相关领域的理论研究也能起到借鉴和参考的作用。 相似文献
12.
提出了一种用于Web服务的访问控制模型,这种模型和Web服务相结合,能够实现Web服务下安全访问控制权限的动态改变,改善目前静态访问控制问题。新的模型提供的视图策略语言VPL用于描述Web服务的访问控制策略。给出了新的安全模型和Web服务集成的结构,用于执行Web服务访问控制策略。 相似文献
13.
14.
The communication process is very easy today due to the rapid growth of information technology. In addition, the development of cloud computing technology makes it easier than earlier days by facilitating the large volume of data exchange anytime and from anywhere in the world. E-businesses are successfully running today due to the development of cloud computing technology. Specifically in cloud computing, cloud services are providing enormous support to share the resources and data in an efficient way with less cost expenses for businessmen. However, security is an essential issue for cloud users and services. For this purpose, many security policies have been introduced by various researchers for enhancing the security in e-commerce applications. However, the available security policies are also failing to provide the secured services in the society and e-commerce applications. To overcome this disadvantage, we propose a new policy-oriented secured service model for providing the security of the services in the cloud. The proposed model is the combination of a trust aware policy scheduling algorithm and an effective and intelligent re-encryption scheme. Here, the dynamic trust aware policy-oriented service for allocating the cloud user’s request by the cloud service provider and an effective and re-encryption scheme is used that uses intelligent agent for storing the data in the cloud database securely. The proposed model assures the scalability, reliability, and security for the stored e-commerce data and service access. 相似文献
15.
Web Service采用松散的方式将计算服务整合在一起,在电子商务、企业应用系统集成等分布式计算环境中发挥着重要的作用,随着Web Service应用的普及,安全问题也受到了重视。针对利用SSL和防火墙技术实现Web Service安全的不足,本文从Web Service的体系结构入手,将Web Service的安全分为企业处理层安全、Web Service目录及注册层安全、通信层安全 3个层次,并阐明了Web Service不同层次的安全策略和实现方法。 相似文献
16.
Web服务已成为新一代电子商务的框架,其安全问题是不可忽视的问题,需要一种灵活高效的访问控制来保护.通过分析可扩展访问控制标记语言(XACML)和授权管理基础设施(PMI),给出了一种适合于Web服务安全的访问控制系统模型.该系统模型基于属性证书和策略集,用XACML作为描述访问控制决策的语言,适用于Web服务的动态性、异构性等特点. 相似文献
17.
18.
Virtual organizations (VO) temporarily aggregate resources of different domains to achieve a common goal. Web services are being positioned as the technological framework for achieving this aggregation in the context of cross-organizational business applications. Numerous architectures have been proposed for securing VOs, mostly for scientific research, such that they do not address all the requirements of business-oriented applications. This paper describes these additional requirements and proposes a novel architecture and approach to managing VO access control policies. Business users can focus on designing business processes, exposing web services and managing their VO partnerships, while the architecture supports and secures the web service interactions involved. 相似文献
19.
Hany F. EL Yamany Miriam A.M. Capretz David S. Allison 《Information and Software Technology》2010,52(2):220-236
One of the most significant difficulties with developing Service-Oriented Architecture (SOA) involves meeting its security challenges, since the responsibilities of SOA security are based on both the service providers and the consumers. In recent years, many solutions to these challenges have been implemented, such as the Web Services Security Standards, including WS-Security and WS-Policy. However, those standards are insufficient for the new generation of Web technologies, including Web 2.0 applications. In this research, we propose an intelligent SOA security framework by introducing its two most promising services: the Authentication and Security Service (NSS), and the Authorization Service (AS). The suggested autonomic and reusable services are constructed as an extension of WS-1 security standards, with the addition of intelligent mining techniques, in order to improve performance and effectiveness. In this research, we apply three different mining techniques: the Association Rules, which helps to predict attacks, the Online Analytical Processing (OLAP) Cube, for authorization, and clustering mining algorithms, which facilitate access control rights representation and automation. Furthermore, a case study is explored to depict the behavior of the proposed services inside an SOA business environment. We believe that this work is a significant step towards achieving dynamic SOA security that automatically controls the access to new versions of Web applications, including analyzing and dropping suspicious SOAP messages and automatically managing authorization roles. 相似文献
20.
End-users need a simple and interactive tool for service composition development. A PadSpace proposes an extension of a typical Linda-like coordination model (tuplespace) to provide mechanisms for the interoperation among Web applications, Web services and end-users’ local functional resources. First, a PadSpace provides an end-user supporting tool for composing Web applications, Web services, and local visual resources based on the meme media architecture without writing any program codes. It enables end-users to directly manipulate visual components, and to create new composite components for the creation of services that use Web applications, Web services, and local functional resources. Second, a PadSpace provides a spreadsheet-based service-coordination tool for end-users to orchestrate multiple Web applications, Web services, and local functional resources. Finally, we show some new applications of service composition and service orchestration. 相似文献