一种基于SOA的SOAP消息安全传输机制

计算机科学 ›› 2012, Vol. 39 ›› Issue (6): 77-80.

• 计算机网络与信息安全 • 上一篇下一篇

一种基于SOA的SOAP消息安全传输机制

华悦,徐涛

(南京航空天航大学计算机科学与技术学院南京210016);(中国民航大学计算机科学与技术学院天津300300)

出版日期:2018-11-16 发布日期:2018-11-16

SOAP Message Security Transport Mechanism Based on SOA

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 随着SOA技术的发展与普及应用，基于SOA的Web服务安全问题日益突出，而SOAP消息传输的安全性是决定Web服务安全的重要因素。目前SOAP消息的传输主要依赖于WS安全标准，但由于WS安全标准存在种种缺陷，因此SOAP消息在传输过程中会受到XML注入攻击等Web攻击。提出了一种新的SOAP消息安全传输机制，即在现有的基于WS安全标准的安全传输机制基础上添加SOAP Validation节点。最后通过实验验证，该安全传输机制能检测出XML注入攻击，提高SOAP消息传输的安全性。

关键词: SOA, SOAP，安全传输机制，XML注入攻击

Abstract: With the technology development and popularization of SOA applications, the security issues of Web services based on SOA have become increasingly prominent. The security of SOAP message is of great importance to Web service security. Currently SOAP message transport mainly depends on the WS Security standards. However, the WS-Security standards have some drawbacks. hhe SOAP messages in transport will be attacked by XML injection attacks and other Web attacks. Therefore, this paper designed a new SOAP message security transport mechanism which added the SOAP Validation node into the existing Web services security transport framework based on the WS standards. At last the experiments demonstrate that this security transport mechanism can truly detect some of XML attacks and improve the security of SOAP message.

Key words: SOA, SOAP, Security transport mechanism, XML inj ection attacks

华悦,徐涛. 一种基于SOA的SOAP消息安全传输机制[J]. 计算机科学, 2012, 39(6): 77-80. https://doi.org/

参考文献

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

一种基于SOA的SOAP消息安全传输机制

SOAP Message Security Transport Mechanism Based on SOA

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 0

Metrics

本文评价

推荐阅读 0