Design And Implimentation Of Web Service Enhanced Security Technology Based On Trusted Computing

With the rapid development of Internet and computer technology, Web service is implemented in more and more platforms for its flexibility and dynamic real-time interaction with users. Especially in some key areas, such as finance, government affairs and other systems, Web Service is the primary platform for their services. The emergence of Web service has brought unprecedented convenience for people's production and life.However, increasingly prominent security issues become the bottleneck of Web service with the broadening and deepen of its application. Traditional information security technology delays the best defense chance for its defense; or because of the complex detection technique, the system complexity increases, and the system using efficiency is reduced, so that the information security cannot be ensured effectively.Based on the background above, this paper studies the basic architecture, the protocol architecture, security requirements and traditional security mechanisms of the Web service. Based on the study above, we concluded that the means and techniques of virus identification, firewall, intrusion detection and the like have been unable to cope with more and more internal threats in systems with the traditional passive defense concept after analyzing the defects and disadvantages of traditional security mechanisms. Further, the paper discloses that the concept of dependable computing active defense can be used for reference to guarantee the security of information services by constructing and extending a trust root and a trust chain, modifying a Java virtual machine, constructing a dependable guarantee framework, and establishing a security system for a source accessed from the terminal. In this paper, the relevant measures and innovations are as follows:(1) Use the reference of the trusted computing concept as well as the key technology thereof. This paper constructs a trust root and a trust chain, expand and extend the traditional trust root and the traditional trust chain to an application layer, and on the basis above, construct the dependable guarantee framework of the service.(2) By analyzing the runtime mechanism of the Java virtual machine and the module composition and safety. This paper expands the standard JVM modules, designs a Java virtual machine for achieving trust enhancement. This paper studies the Web service security enhancement technology based on Java language on the basis of the Java virtual machine for achieving trust enhancement.(3) In this paper, we focuses on the design and implementation of the trust measurement technology and the technology of security audit on the trust-enhanced Java Virtual Machine during service publication, loading and running. This paper analyzes the security of cases, including the system was tampered by malware or the invaders so that to cancel log content of system, constructs relevant testing examples and tests the security for the achieved trust-enhanced Web service. And then this paper analyzes the performance influences on implementing security enhancement.