| 一种基于SOA的SOAP消息安全传输机制 |
| |
| 引用本文: | 华悦,徐涛.一种基于SOA的SOAP消息安全传输机制[J].计算机科学,2012,39(6):77-80. |
| |
| 作者姓名: | 华悦 徐涛 |
| |
| 作者单位: | 1. 南京航空天航大学计算机科学与技术学院 南京 210016
2. 南京航空天航大学计算机科学与技术学院 南京 210016;中国民航大学计算机科学与技术学院 天津 300300 |
| |
| 基金项目: | 国家自然科学基金,天津市应用基础与前沿技术研究计划项目,中国民航大学科研启动基金项目 |
| |
| 摘 要: | 随着SOA技术的发展与普及应用,基于SOA的Web服务安全问题日益突出,而SOAP消息传输的安全性是决定Web服务安全的重要因素。目前SOAP消息的传输主要依赖于WS安全标准,但由于WS安全标准存在种种缺陷,因此SOAP消息在传输过程中会受到XML注入攻击等Web攻击。提出了一种新的SOAP消息安全传输机制,即在现有的基于WS安全标准的安全传输机制基础上添加SOAP Validation节点。最后通过实验验证,该安全传输机制能检测出XML注入攻击,提高SOAP消息传输的安全性。
|
| 关 键 词: | SOA SOAP 安全传输机制 XML注入攻击 |
SOAP Message Security Transport Mechanism Based on SOA |
| |
| HUA Yue
,
XU Tao.SOAP Message Security Transport Mechanism Based on SOA[J].Computer Science,2012,39(6):77-80. |
| |
| Authors: | HUA Yue XU Tao |
| |
| Affiliation: | 1,2(College of Computer Science and Technology,Nanjing University of Aeronautics and Astronautics,Nanjing 210016,China)1(College of Computer Science and Technology,Civil Aviation University of China,Tianjin 300300,China)2 |
| |
| Abstract: | With the technology development and popularization of SOA applications, the security issues of Web services based on SOA have become increasingly prominent. The security of SOAP message is of great importance to Web service security. Currently SOAP message transport mainly depends on the WS Security standards. However, the WS-Security standards have some drawbacks. hhe SOAP messages in transport will be attacked by XML injection attacks and other Web attacks. Therefore, this paper designed a new SOAP message security transport mechanism which added the SOAP Validation node into the existing Web services security transport framework based on the WS standards. At last the experiments demonstrate that this security transport mechanism can truly detect some of XML attacks and improve the security of SOAP message. |
| |
| Keywords: | SOA SOAP Security transport mechanism XML inj ection attacks |
| 本文献已被 CNKI 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
