期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

Web服务安全问题研究 被引量:15

Research on Security Problems of Web Service
下载PDF
导出
摘要 Web服务具有平台无关性、动态性、开放性和松散耦合等特征,这给基于异构平台的应用集成带来极大便利,同时也使其自身面临许多独特的安全问题。Web服务的安全性对其发展前景产生重要的影响,也是目前Web服务并没有进入大规模应用阶段的主要原因之一。总结了Web服务存在的主要安全问题;概述了已有的Web服务安全标准;然后从消息层安全、Web服务安全策略、Web服务组合安全、身份与信任管理、Web服务访问控制、Web服务攻击与防御、安全Web服务开发等方面详细分析了目前有代表性的Web服务关键安全技术解决方案;结合已有的研究成果,讨论了Web服务安全未来的研究动向及面临的挑战。 Web service is characterized by its platform-independence,dynamic,openness,and loose coupling. These characteristics greatly facilitate the application-to-application integration based on heterogeneous platform,but they also lead to many security problems. The security of Web service deeply influences its development and is also one of the main reasons why Web service has not been adopted widely. In this paper,we firstly summarized the main security problems of Web service and outlined the existing security specifications for Web service, and then we analyzed the representative solutions to Web service security in detail, including message security, security policy, security in Web service composition, identity and trust management, access control, attacks and defenses, as well as development of secure Web services. On the basis of current research achievemented, this paper also presented a discussion on the future research directions and the challenges of Web service security.
作者 贺正求 吴礼发 洪征 王睿 李华波
机构地区 解放军理工大学指挥自动化学院
出处 《计算机科学》 CSCD 北大核心 2010年第8期32-39,87,共9页 Computer Science
基金 国防预研基金(51406020105JB8103)资助
关键词 WEB服务 安全 策略 服务组合 信任 访问控制 攻击 Web service,Security,Policy,Service composition,Trust,Access control,Attacks
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献67

  • 1Anoop S,Theodore W,Karen S.Guide to Secure Web Service[S].National Institute of Standards and Technology Special Publication 800-95.2007.
  • 2Yu W D,Aravind D,Supthaweesuk P.Software Vulnerability Analysis for Web Services Software Systems[C] ∥Proceedings of the ISCC'06.2006.
  • 3OASIS.Security Assertion Markup Language (SAML) Version 2.0[EB/OL].http://docs.oasis-open.org/security/saml/v2.0,2005.
  • 4OASIS.eXtensible Access Control Markup Language(XACML) Version 2.0[EB/OL].http://docs.oasis-open.org/ xacml/2.0,2005.
  • 5W3C.XML Key Management Specification (XKMS)[EB/OL].http://www.w3.org/TR/xkms.
  • 6XML Encryption Syntax and Processing[EB/OL].http://www.w3.org/TR/2002/ REC-xmlenc-core-20021210/.
  • 7XML Signature Syntax and Processing[EB/OL].http://www.w3.org/TR/ xmldsig-core/.
  • 8OASIS.Web Services Security (WS-Security v1.1)[EB/OL].http://www.oasis-open.org/ specs/ index.php#wssv1.1,2006.
  • 9OASIS.Web Services Secure Conversation Language[EB/OL].http://docs.oasis-open.org/ws-sx/ws-secureconversation/20052/ws-secureconversation-1.3-os.pdf,2005.
  • 10W3C.WS-Policy (1.5) Framework[EB/OL].http://www.w3.org/TR/2007/ REC-ws-policy-20070904,2007.

二级参考文献59

  • 1周傲英 凌波.Peer-to-Peer系统及其应用.计算机科学,2002,29(8):200-203.
  • 2Web Services Transaction Specification. http://www-106.ibm.com/developerworks/library/ws-transpec/
  • 3Cabrera F, Copeland G, Cox B, Freund T, Klein J, Storey T, Thatte S. Web services transaction. http://www.infosys.tuwien.ac.at/Teaching/Courses/IntAppl/Papers/ws-transpec.pdf
  • 4Mikalsen T, Rouvellou I, Tai S. Reliability of composed Web services from object transactions to Web transactions. In: Proc. of the OOPSLA 2001 Workshop on Object-Oriented Web Services. 2001.
  • 5Benatallah B, Dumas M, Sheng QZ, Ngu AHH. Declarative composition and peer-to-peer provisioning of dynamic services. In:Proc. of the 18th Int'l Conf. on Data Engineering. San Jose: IEEE Computer Society, 2002. 297~308.
  • 6Mennie D, Pagurek B. A runtime composition service creation and deployment and its applications in internet security,E-commerce and software provisioning. In: Proc. of the 25th Annual Int'l Computer Software and Applications Conf. (COMPSAC 2001). Chicago:
  • 7Tosic V, Mennie D, Pagurek B. On dynamic service composition and its applicability to business software systems. In: Workshop on Object-Oriented Business Solutions (WOOBS2001). 2001.
  • 8Steen MV, Tanenbaum A, Kuz I, Sips H. A scalable middle-ware solution for advanced wide-aera Web services. Distributed Systems Engineering, 1999,6( 1 ): 34-42.
  • 9Burstein MH, Hobbs JR, Lassila O, Martin D, McDermott DV, McIlraith SA, Narayanan S, Paolucci M, Payne T, Sycara K.DAML-S: Web service description for the semantic Web. In: Horrocks, ed. Proc. of the Int'l Semantic Web Conf. Sardinia:Springer-Verlag, 2002
  • 10Narayanan S, McIlraith SA. Simulation, verification and automated composition of Web services. In: Proc. of the 11th Int'l World Wide Web Conf. WWW2002. Honolulu: ACM, 2002.77-88.

共引文献551

同被引文献84

引证文献15

二级引证文献46

计算机科学
2010年 第8期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部