簡易檢索 / 詳目顯示

研究生: 張宇軒
論文名稱: 網路服務安全之操作模型及其語言設計
An Operational Model and Language Support for Securing Web Services
指導教授: 黃冠寰
學位類別: 碩士
Master
系所名稱: 資訊教育研究所
Graduate Institute of Information and Computer Education
論文出版年: 2007
畢業學年度: 95
語文別: 英文
論文頁數: 87
中文關鍵詞: 網路服務安全性可延伸性標記語言簡單物件存取協定網路服務描述語言文件安全語言
英文關鍵詞: Web Services, Security, XML, SOAP, WSDL, DSL
論文種類: 學術論文
相關次數: 點閱:137下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  • 在這篇論文之中,我們提出了一個操作模型,用來支援網路服務(Web Services)的安全性。這操作模型除了滿足基本的安全需求,包括驗證,機密性,完整性及不可否認性外,它也提供了元素層次加密(element-wise encryption)及以時序為基礎的元素次層數位簽章(temporal-based element-wise digital signature)的安全機制。此外,我們所提出的操作模型支援一個具彈性的金鑰規格大綱,可以用來定義三種不同類型的金鑰,分別為靜態金鑰,動態選擇金鑰,以及採用數位簽章的金鑰。服務請求者可以決定使用金鑰的身份,而不需事先和服務提供者協商。在我們所提出來的操作模型中,設計出二種方法,可以用來減少系統開發與維護的成本:(1)我們定義了一個網路服務安全語言(Web Services Security Language,WSSL),將網路服務中的服務實作與安全政策的規格分開。(2)藉由為網路服務安全語言設計的應用程式界面(Application Programming Interface, API)來支援我們所提供的操作模型。最後,實作所提出的系統並且量測其效能,以展示其操作模型的可行性。

    In this paper, we propose an operational model to support the security of Web services. In addition to satisfying the basic security requirements, including authentication,
    confidentiality, data integrity, and nonrepudiation, the proposed model supports security mechanisms such as element-wise encryption and temporal-based element-wise digital signatures. Furthermore, the proposed model supports a flexible key specification scheme called explicit key definition, which can be used to define three different types of keys: static keys, dynamically selected keys, and keys applied to digital signatures. The service requester can determine the identity of the keys used without negotiating with the service provider. The proposed operational model is designed to reduce the costs of system development and maintenance in two ways: (1)by separating service implementation and specification of the security policy for Web services, and (2) by using a specially designed application programming interface to support the proposed operational model. The implementation and experimental results demonstrate the feasibility of the proposed system.

    CHINESE ABSTRACT.........................I ABSTRACT............................... II TABLE OF CONTENTS..................... III LIST OF FIGURES ........................IV LIST OF TABLES..........................VI 1 Introduction...........................1 1.1. Background and motivation.......... 1 1.2. The overview of the operation model ..... 3 2 Related Work.................................9 2.1. XML (eXtensible Markup Language)......... 9 2.2. DSL (Document Security Language)......... 10 2.3. SOAP (Simple Object Access Protocol) .... 12 2.4. WSDL (Web Service Description Language) ....... 13 2.5. WS-Security (Web Services Security) ........... 14 2.6. WS-SecurityPolicy ( Web Services Security Policy )..16 3 Syntax of the WSSL................................ 18 3.1. Key Definition .................................19 3.2. Algorithm Definition ...........................23 3.3. Security Pattern................................24 3.4. Communication Protocol .........................25 3.4.1. Request elements .............................25 3.4.2. Response elements ............................27 4 Syntax of the Secured SOAP Document .............. 29 5 WSSL API...........................................33 5.1. The methods and attributes of class WSSLTransform...33 5.1.1. Environment Settings............................34 5.1.2. Securing and unsecuring processes.............. 37 5.1.3. Needed keys setting ......................... 40 5.1.4. Signature verification.......................46 5.1.5. Error handling ..............................47 5.2. The client-side proxy ........................ 49 5.3. The server-side proxy......................... 52 6 Implementation and Experimental Results.......... 56 7 Conclusions and Future Work...................... 60 Appendix A ....................................... 64 Appendix B ....................................... 80

    1. “Web Services Architecture, W3C Working Group Note 11 February 2004.”
    http://www.w3.org/TR/ws-arch/.
    2. “Extensible Markup Language (XML) 1.0 (Fourth Edition), W3C Recommendation
    16 August 2006.” http://www.w3.org/TR/xml/.
    3. “SOAP Version 1.2, W3C Recommendation 24 June 2003.”
    http://www.w3.org/TR/2003/REC-soap12-part0-20030624/.
    4. “Web Services Description Language (WSDL) Version 2.0, W3C Candidate
    Recommendation 27 March 2006.” http://www.w3.org/2002/ws/desc/.
    5. “Universal Description, Discovery and Integration (UDDI).”
    http://www.oasisopen.org/committees/uddi-spec/.
    6. “XML Encryption WG,” http://www.w3.org/Encryption/2001/Overview.html.
    7. Donald Eastlake, Joseph Reagle, Takeshi Imamura, Blair Dillaway, and Ed Simon,
    “XML Encryption Syntax and Processing. W3C Recommendation 10 December
    2002,” http://www.w3.org/TR/xmlenc-core/.
    8. Donald Eastlake, Joseph Reagle, David Solo, Mark Bartel, John Boyer, Barb Fox,
    Brian LaMacchia, and Ed Simon, “XML-Signature Syntax and Processing W3C
    Recommendation,” 12 February 2002. http://www.w3.org/TR/xmldsig-core/
    9. Gwan-Hwan Hwang and Tao-Ku Chang, “Towards Attribute Encryption and a
    Generalized Encryption Model for XML,” The 4th International Conference on
    Internet Computing 2003 (IC'03), Las Vegas, Nevada, USA.
    10. Gwan-Hwan Hwang, and Tao-Ku Chang, “Document Security Language (DSL)
    and an Efficient Automatic Securing Tool for XML Documents,” The 2nd
    International Conference on Internet Computing 2001 (IC'01), Las Vegas, Nevada,
    USA.CSREA Press, ISBN 1-892512-8-X.
    11. Gwan-Hwan Hwang and Tao-Ku Chang, “An Operational Model and Language
    Support for Securing XML Documents,” Computers & Security, Volume 23, Issue 6,
    pp. 498-529, 2004.
    12. “Web Services Security: SOAP Message Security 1.1 (WS-Security 2004), OASIS
    Standard Specification, 1 February 2006.”
    http://www.oasis-open.org/committees/download.php/16790/wss-v1.1-spec-os-SO
    APMessageSecurity.pdf.
    13. Susan Duncan and Colin Maxwell, “How to Use JDeveloper 10.1.3 to Secure and
    Test a Web Service,” Oracle Corporation,
    http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssec
    urity_howto.html.
    14. W C. Kaler and A. Nadalin, “Web Services Security Policy Language
    (WS-SecurityPolicy),” version 1.1, joint specification by IBM, Microsoft, RSA
    Security,and VeriSign, July 2005;
    http://www.ibm.com/developerworks/library/specification/ws-secpol/.
    15. Michiaki Tatsubori, Takeshi Imamura, and Yuhichi Nakamura, “Best-Practice
    Patterns and Tool Support for Configuring Secure Web Services Messaging.”
    Proceedings of the IEEE International Conference on Web Services (ICWS’04).
    16. George Coulouris, Jean Dollimore, and Tim Kindberg, “Distributed Systems:
    Concepts and Design,” Addison Wesley, the third edition, ISBN: 0201619180.
    17. Tao-Ku Chang and Gwan-Hwan Hwang. “An Application Program Interface for
    Securing XML Documents.” The 2005 International Conference on Internet
    Computing (ICOMP'05), June 27-30, 2005, Las Vegas, USA.
    18. “XML Path Language (XPath) Version 1.0, W3C Recommendation 16 November
    1999.” http://www.w3.org/TR/xpath.
    19. Gosling James, Joy Bill, Steele Guy. “The Java language specification.” 1st ed.
    Reading, Massachusetts, USA: Addison-Wesley; 1986..
    20. Tao-Ku Chang and Gwan-Hwan Hwang. “An Application Program Interface for
    Securing XML Documents.” The 2005 International Conference on Internet
    Computing (ICOMP'05), June 27-30, 2005, Las Vegas, USA..
    21. Tao-Ku Chang and Gwan-Hwan Hwang, “The Design and Implementation of an
    Application Program Interface for Securing XML Documents.” Accepted for
    publication in Journal of Systems and Software.
    22. “PKCS #1: RSA Cryptography Standard.”
    http://www.rsasecurity.com/rsalabs/node.asp?id=2125.
    23. Java Keystore. http://java.sun.com/j2se/1.4.2/docs/api/java/security/KeyStore.html.
    24. Apache Axis2/Java Version 1.1.1
    http://ws.apache.org/axis2/

    QR CODE