Advertisement

A Secure Web Services Providing Framework Based on Lock-Keeper

  • Feng Cheng
  • Michael Menzel
  • Christoph Meinel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4773)

Abstract

A general model for securing widely deployed Web Services has been recommended in which the security of Web Services is divided into three layers: network security, host security and the security of Web Service message, also called SOAP message security. According to principles of this model, we propose a new secure Web Services Providing Framework based on the Lock-Keeper technology, which is a high level security solution implementing the basic security concept, ”Physical Separation”. In the proposed framework, the internal Web Services provider and its network are protected well by being physically isolated with the external world. At the same time, trusted Web Service message based communications can be performed smoothly and securely with the guard of a ”SOAP Verification Module”, which is integrated in the Lock-Keeper system. The SOAP Verification Module realizes general functionalities of both ”Trust Management” and ”Threat Prevention” that have been specified by most common WS-Security standards. Experiments demonstrated in this paper show that our proposed framework, which can simultaneously guarantee all the three layers of Web Services security, is feasible, applicable and secure.

Keywords

Trust Management Physical Separation Soap Message Security Approach Network Working Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Booth, D., Haas, H., McCabe, H., et al.: WWW Consortium: Web Service Architecture. (February 2004), http://www.w3.org/TR/ws-arch/
  2. 2.
    Microsoft patterns & practices team: Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0 (November 2005), http://go.microsoft.com/fwlink/?LinkId=57044
  3. 3.
    Lindstrom, P.: Attacking and defending web services, a spire research report (2004), http://forumsystems.com/
  4. 4.
    Eege project: Grid and Web Service Security: Vulnerabilties and Threads Analysis and Model (2005), https://edms.cern.ch/documents/632020/
  5. 5.
    Meinel, C., Sack, H.: WWW - Kommunikation, Internetworking, Web Technologien. Springer, New York (2004)Google Scholar
  6. 6.
    Nadalin, A., Kaler, C., Hallam-Baker P., Monzillo, R.: Web Services Security: Soap Message Security 1.1 (WS-Security 2006): Oasis standard 200602 (March 2006), http://docs.oasis-open.org/
  7. 7.
    Curphey, M., Scambray, J., Olson, E., Howard, M.: Improving Web Application Security: Threats and Countermeasures. Microsoft Press, Redmond, Washington (2003)Google Scholar
  8. 8.
    Cheng, F., Meinel, C.: Research on the Lock-Keeper Technology: Architectures, Applications and Advancements. International Journal of Computer & Information Science 5(3), 236–245 (2004)Google Scholar
  9. 9.
    Della-Libera, G., Gudgin, M., et al.: Web services security policy language (ws-securitypolicy) (July 2005), ftp://www6.software.ibm.com/
  10. 10.
    McIntosh, M., Austel, P.: Xml Signature Element Wrapping Attacks and Countermeasures. In: Proceedings of the ACM (2005)Google Scholar
  11. 11.
    Housley, R. , Ford, W., Polk, W., Solo, D.: Internet X.509 Public Key Infrastructure Certificate and CRL Profile. IETF - Network Working Group, The Internet Society, RFC 2459 (January 1999)Google Scholar
  12. 12.
    Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The Kerberos Network Authentication System (RFC4120). IETF- Network Working Group, The Internet Society (July 2005), http://www.kerberos.info/
  13. 13.
    IAG 2007 website in Microsoft: (2006-2007), http://www.microsoft.com/iag/
  14. 14.
    Kang, M.H., Moskowitz, I.S.: A Pump for Rapid, Reliable, Secure Communication. In: CCS1993. Proceedings of 1st ACM Conference on Computer & Communications Security, Fairfax, VA, ACM Press, New York (1993)Google Scholar
  15. 15.
    Lock-Keeper WebSite in Siemens Switzerland: (2005-2007), http://www.siemens.ch
  16. 16.
    Cheng, F., Meinel, C.: Deployment Virtual Machines in Lock-Keeper. In: Lee, J.-K., Yi, O., Yung, M. (eds.) WISA 2006. LNCS, vol. 4298, Springer, Berlin, Heidelberg (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Feng Cheng
    • 1
  • Michael Menzel
    • 1
  • Christoph Meinel
    • 1
  1. 1.Hasso-Plattner-Institute, University of Potsdam, P.O.Box 900460, 14440, PotsdamGermany

Personalised recommendations