| At present, SOA(Service Oriented Architecture) has been widely used in enterprise-class commercial development. One of the focus problems which hinder the development and spread of SOA and web services is how to guarantee the security of message communication between different web services. It provides options of different channels and uses existing enterprise applications to enhance their business agility, improve system reuse and reduce development costs for enterprise information system and protect the existing IT infrastructure investments. In SOA architecture, the actual systems interaction includes service requests and service meet, so that we need to balance between safety and efficiency, we must take into account both security guarantees and efficiency. The traditional oriented computing environment security technology is difficult to adapt to the new features of service-oriented architecture, how to ensure the safety of service-oriented architecture, especially the SOA framework and how to ensure the security of the SOAP message in transmission become challenging research topic.Attackers on the network mainly use SOAP-based XML hierarchical structure to attack SOAP message. Message signature and authentication remains the same, but the attackers try to modify the SOAP message through deleting or adding some elements in head or entity, which changed hierarchy of the original SOAP message element. The attack is very subtle, though the message structure has been changed, the signature is still valid, if there is no comprehensive safety inspection mechanism, the error SOAP message may be received for the security by the ultimate message receiver. Currently, no security mechanisms can effectively use structural information of SOAP message itself to detect such tampering attack, which seriously affected the detection accuracy and efficiency. Using structure information of SOAP can easily detect tampering attacks against SOAP message. Using SOAP Further structural information to identify the mechanism of XML tampering attacks will be present.Through structural information SOAP Further XML tampering attacks can be easily detected. Firstly we calculate SOAP Further information of the node, then send SOAP message and add the information to SOAP envelope element existing in the SOAP message header or entity, then add the signature to the header. ExSOAPFur module of each intermediate node of SOAP messaging path is responsible for adding SOAP Further information and signing process. Taking into account the needs of safety and efficiency, we use the controllable security level 2 supporting the same envelope to achieve adding of SOAP security control information. Experiments show that, as a complement to the existing security technologies, adding SOAP Further have more flexible choice of different security levels. It can ensure both security and efficiency, which indirectly improve the computational efficiency of encryption, signing, decryption and certification and achieve an overall improvement to the system. |
PDF Full Text Request