Abstract
A general model for securing widely deployed Web Services has been recommended in which the security of Web Services is divided into three layers: network security, host security and the security of Web Service message, also called SOAP message security. According to principles of this model, we propose a new secure Web Services Providing Framework based on the Lock-Keeper technology, which is a high level security solution implementing the basic security concept, ”Physical Separation”. In the proposed framework, the internal Web Services provider and its network are protected well by being physically isolated with the external world. At the same time, trusted Web Service message based communications can be performed smoothly and securely with the guard of a ”SOAP Verification Module”, which is integrated in the Lock-Keeper system. The SOAP Verification Module realizes general functionalities of both ”Trust Management” and ”Threat Prevention” that have been specified by most common WS-Security standards. Experiments demonstrated in this paper show that our proposed framework, which can simultaneously guarantee all the three layers of Web Services security, is feasible, applicable and secure.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Booth, D., Haas, H., McCabe, H., et al.: WWW Consortium: Web Service Architecture. (February 2004), http://www.w3.org/TR/ws-arch/
Microsoft patterns & practices team: Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0 (November 2005), http://go.microsoft.com/fwlink/?LinkId=57044
Lindstrom, P.: Attacking and defending web services, a spire research report (2004), http://forumsystems.com/
Eege project: Grid and Web Service Security: Vulnerabilties and Threads Analysis and Model (2005), https://edms.cern.ch/documents/632020/
Meinel, C., Sack, H.: WWW - Kommunikation, Internetworking, Web Technologien. Springer, New York (2004)
Nadalin, A., Kaler, C., Hallam-Baker P., Monzillo, R.: Web Services Security: Soap Message Security 1.1 (WS-Security 2006): Oasis standard 200602 (March 2006), http://docs.oasis-open.org/
Curphey, M., Scambray, J., Olson, E., Howard, M.: Improving Web Application Security: Threats and Countermeasures. Microsoft Press, Redmond, Washington (2003)
Cheng, F., Meinel, C.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)
Della-Libera, G., Gudgin, M., et al.: Web services security policy language (ws-securitypolicy) (July 2005), ftp://www6.software.ibm.com/
McIntosh, M., Austel, P.: Xml Signature Element Wrapping Attacks and Countermeasures. In: Proceedings of the ACM (2005)
Housley, R. , Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF - Network Working Group, The Internet Society, RFC 2459 (January 1999)
Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication System (RFC4120). IETF- Network Working Group, The Internet Society (July 2005), http://www.kerberos.info/
IAG 2007 website in Microsoft: (2006-2007), http://www.microsoft.com/iag/
Kang, M.H., Moskowitz, I.S.: A Pump for Rapid, Reliable, Secure Communication. In: CCS1993. Proceedings of 1st ACM Conference on Computer & Communications Security, Fairfax, VA, ACM Press, New York (1993)
Lock-Keeper WebSite in Siemens Switzerland: (2005-2007), http://www.siemens.ch
Cheng, F., Meinel, C.: Deployment Virtual Machines in Lock-Keeper. In: Lee, J.-K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, Springer, Berlin, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, F., Menzel, M., Meinel, C. (2007). A Secure Web Services Providing Framework Based on Lock-Keeper. In: Ata, S., Hong, C.S. (eds) Managing Next Generation Networks and Services. APNOMS 2007. Lecture Notes in Computer Science, vol 4773. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75476-3_38
Download citation
DOI: https://doi.org/10.1007/978-3-540-75476-3_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75475-6
Online ISBN: 978-3-540-75476-3
eBook Packages: Computer ScienceComputer Science (R0)