计算机科学 ›› 2014, Vol. 41 ›› Issue (12): 30-32.doi: 10.11896/j.issn.1002-137X.2014.12.007

• 第十届中国信息和通信安全学术会议 • 上一篇    下一篇

一个Web服务可信体系结构

刘玲霞,王东霞,黄敏桓   

  1. 信息系统安全技术重点实验室 北京100101;信息系统安全技术重点实验室 北京100101;信息系统安全技术重点实验室 北京100101
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受国家自然科学基金(61271252),中国博士后科学基金(2012M521834)资助

Trustworthy Architecture for Web Services

LIU Ling-xia,WANG Dong-xia and HUANG Min-huan   

  • Online:2018-11-14 Published:2018-11-14

摘要: Web服务的安全可信问题是影响其广泛应用的重要因素。已有的解决方案大多从安全角度出发,但对于 服务 面对攻击或安全威胁时仍能按照预期工作则缺乏考虑。从Web服务的安全可信需求出发,对安全的概念进行了拓展,提出了可信的目标和内涵。在此基础上,提出一个以安全交互、联合身份和分布策略为基础,以运维管理、共用机制为支撑的Web服务可信体系结构,其可为Web服务安全可信提供体系结构层面的支持。

关键词: Web服务,可信,体系结构,可信需求,机制

Abstract: The security and trustworthiness issues of Web services are the important factors that influence its development.Most of the existing solutions are from the point of view of security,and lack of considering that services need to still work as expected when facing attacks or threats.In this paper,the notion of security was expanded from the requirement of Web services.The goal and the content of trustworthy were proposed to meet the requirement of Web services.A trustworthy architecture for Web services was proposed.The architecture is based on security interaction,federated identity,and distributed policies and supported by operating maintenance and shared mechanisms.

Key words: Web services,Trustworthy,Architecture,Trustworthy requirement,Mechanism

[1] Sabbari M,Alipour H S.A security model and its strategies for web services[J].International Journal of Computer Applications,2011,36(10):24-31
[2] 吴波.SOA安全关键技术研究[D].长沙:国防科学技术大学,2009
[3] Gerié S,Hutinski .Standard based service-oriented security[C]∥Proceedings of the 18th International Conference on Information and Intelligent Systems.Hrvatska,FOI,2007:327-335
[4] 贺正求,吴礼发,洪征,等.Web服务安全问题研究[J].计算机科学,2010,37(8):32-38
[5] Defense Information Systems Agency.A security architecturefor net-centric enterprise services (nces) version 0.3[R].USA:Defense Information Systems Agency,2004
[6] Globus.Overview of the grid security infrastructure [EB/OL].[2013-9-5].http://www.globus.org/security/overview.html
[7] Foster I,Kishimoto H,Savva A.The open grid services architecture,Version 1.5[R].USA:Global Grid Forum,2006
[8] A,Ashley P,Borrett M,et al.Understanding soa security design and implementation[R].USA:IBM,2007
[9] Peterson G.Service oriented security architecture[J].Information Security Bulletin,2005(10):325-330
[10] Opincaru C,Gheorghe G.Service oriented security architecture[J].Enterprise Modelling and Information Systems Architectures,2009,4(1):39-48
[11] Geric S.Security of Web services based service-oriented archi-tectures[C]∥MIPRO,2010 Proceedings of the 33rd International Convention.Croatia,IEEE,2010:1250-1255
[12] Liu Ling-xia,Wang Dong-xia,Huang Min-huan,et al.A multi-dimensional trustworthy reference framework for network[C]∥Proceedings of the 2012 Second International Conference on Instrumentation & Measurement,Computer,Communication and Control.China:IEEE,2012:1614-1618
[13] 林闯,彭雪海.可信网络研究[J].计算机学报,2005,28(5):751-758

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!