基于XML重写的SOAP安全被引量：1

SOAP Security Based on XML Rewrite

下载PDF

导出

摘要基于传统Web安全方法实施防护的Web服务常常受到XML重写攻击的威胁,而SOAP作为Web服务的关键技术,其安全也成为了Web服务安全的重要组成部分。文章首先分析了各种XML重写攻击技术,阐述了各种XML重写攻击技术的手段和特点;针对不同XML重写攻击手段提出了预防XML重写攻击的技术和方法,并重点分析了基于SOAP消息本身的方法和基于安全策略内容的方法;最后,总结归纳了预防XML重写攻击的两种方式,并提出了下一步的工作。 Web Services based on traditional Web security technology may face great threat as an attacker may intercept, SOAP is one of the critical technologies of web service, so its security is an important part of web service security. This paper analyzes several XML rewriting attack methods, describes their advantages and disadvantages, proposes the methods to avoid XML rewriting attacks, and describes in detail two methods based on SOAP messages and security policies. Finally, the paper summarizes the general approach to avoiding XML rewriting attack and proposes the future work.

作者朱云徐枫宴轲

机构地区 [ 军事经济学院汉口学院

出处《信息工程大学学报》 2013年第5期634-640,共7页 Journal of Information Engineering University

关键词 WEB服务安全简单对象访问协议 XML重写攻击 Web service security SOAP SML rewriting attack

分类号 TP393 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献12

1AI-Shammary D, Khalil I. Redundancy-aware SOAP messages compression and aggregation for enhanced performanc [ J]. Journal of Network and Computer Applications, 2011, 1 : 365-381.
2Benameur, Abdul Kadir F, Fenet S. XML Rewriting Attacks: Existing Solutions and their Limitations[ EB/OL]. [ 2008-08- 11 ]. http ://arxiv. org/abs/0812. 4181.
3Mohammad Ashiqur Rahaman, Maarten Rits, Andreas Sehaad. An Inline Approach for Secure SOAP Requests and Early Vali- dation[C]//OWASP Europe Conference. 2006 : 1-15.
4Mohammad Ashiqur Rahaman, Maarten Rits, Andreas Schaad. Towards Secure SOAP Message Exchange in a SOA [ C ]// Proceedings of the Secure Web Services Workshop. 2006:77-$4.
5Murata M, Lee D, Mani M, et al. Taxonomy of xml schema languages using formal language theory[J]. ACM Trans. Interet Teehnol, 2005,4:660-704.
6Michael McIntosh, Paula Austel. XML Signature Element Wrapping Attacks and Countermeasures [ C ]//Proceedings of the Secure Web Services Workshop. 2005:20-27.
7Smriti Kumar Sinha, Azzedine Benameur. A Formal Solution to Rewriting Attacks on SOAP Messages [ C ]//SWS, Fairfax, Virginia. 2008:53-59.
8Bhargavan K, Fournet C, Gordon A,et al. TulaFale: A Security Tool for Web Services[ C ]//Proceedings of the 2nd Interna- tional Symposium on Formal Methods for Components and Objects. 2004:197-222.
9Bhargavan K, Fournet C, Gordon A. An Advisor for Web Services Security Policies[ C ]//Proceeding of the Secure Web Serv- ices Workshop. 2005 : 1-9.
10Bhargavan K, Fournet C, Gordon A. Verifying Policy-Based Security for Web Services [ C ]//Proceeding of the 11 th ACM Conference on Computer and Communications Security. 2004:268-277.

同被引文献13

1McIntosh tacks and M, Austel P. XML signature element wrapping at- ACM workshop on secure Press ,2005:20-27. [ C ]//Proceedings of the 2005 web services. Fairfax, USA: ACM.
2Web Services Policy 1.2 - Framework ( WS - Policy ) [ EB/ OL]. 2006-05- 25. http ://www. w3. org/Submission/2006/ SUBM-WS-Policy - 20060425/.
3Della-Libera G, Hondo M ,Janczuk T, et al. Web Services Se- curity Policy language ( WS - Security Policy ) [ EB/OL ]. 2002. http://msdn, microsoft, corn/library/default, asp? url =/library/en-us/dnglobspec/htmL/wssecuritypolicy. asp.
4Bhargavan K, Fournet C, Gordon A, et al. TulaFale : a security tool for web services[ C ]//Proceedings of the 2nd internation- al symposium on formal methods for components and objects. [s. 1. ] :Is. n. ] ,2004:197-222.
5Bhargavan K, Fournet C, Gordon A. An advisor for web serv- ices security policies [ C ]//Proceeding of the secure web services workshop. [ s. 1. ]: [ s. n. ] ,2005 : 1-9.
6Rahaman M A, Marten R, Schaad A. An inline approach for secure soap requests and early validation[ C]//Proceeding of the Open Web Application Security Project Europe conference ( OWASP). Leuven,Belgium: [ s. n. ] ,2006:1-15.
7Rahaman M A, Sehaad A. Soap-based secure conversation and collaboration [ C ]//Proceedings of IEEE international conference on web services. Salt Lake City, Utah: IEEE, 2007:471-480.
8Rahaman M A, Schaad A, Rits M. Towards secure soap mes- sage exchange in a SOA[ C ]//Proceedings of the 3rd ACM workshop on secure web services. Virginia,USA:ACM ,2006 : 77-84.
9Benameur A, Kadir F A, Fenet S. XML rewriting attacks: exist- ing solutions and their limitations [ C ]//Proceeding of the in- ternational conference on applied computing. Algavre, Portu- gal:[ s. n. ] ,2008:94-102.
10Gajek S,Liao L J,sehwenk J. Breaking and fixing the inline approach[ C ]//Proceedings of the 2007 ACM workshop on secure web services. New York, NY, USA : ACM, 2007 : 37 - 43.

引证文献1

1刘宝龙,杨威,陈桦.XML重写攻击检测技术研究[J].计算机技术与发展,2016,26(6):101-105.

1吴铮,段友祥.基于PI演算的反XML重写攻击安全模型验证[J].微计算机应用,2008,29(4):39-43.
2宋瑞,赵强.基于SOA的SOAP消息交换安全的研究[J].科学技术与工程,2009,9(9):2487-2491. 被引量：2
3刘宝龙,杨威,陈桦.XML重写攻击检测技术研究[J].计算机技术与发展,2016,26(6):101-105.
4孙英佶,顾明.SOAP安全扩展模式SXSOAP及其在电子政务中应用[J].计算机工程与应用,2003,39(34):142-145.
5汪丽才.Axis Web服务中SOAP安全的实现[J].太原理工大学学报,2007,38(4):312-315. 被引量：3
6吴昌伦,王毅刚.信息安全策略研究(二)[J].网络安全技术与应用,2003(6):19-20. 被引量：2
7王婷.基于SOAP安全代理的Web Service设计[J].电脑知识与技术,2011,7(10):6850-6852. 被引量：1
8张小波,程良伦.Web Service在企业集成中的安全应用[J].计算机应用与软件,2011,28(6):77-79. 被引量：4
9许玲.企业信息系统中的Web Service安全[J].通信技术,2011,44(5):48-51. 被引量：3
10钱权,严家德.Web Service的安全机制[J].计算机工程,2007,33(22):190-192. 被引量：18

信息工程大学学报

2013年第5期

浏览历史

内容加载中请稍等...

基于XML重写的SOAP安全被引量：1

参考文献12

同被引文献13

引证文献1

相关作者

相关机构

相关主题

浏览历史

基于XML重写的SOAP安全 被引量：1

参考文献12

同被引文献13

引证文献1

相关作者

相关机构

相关主题

浏览历史

基于XML重写的SOAP安全被引量：1