| Web services, defined as a sort of services oriented architecture and a newborn distributed calculation mode, it takes the advantages of loose coupling, independence from platforms, language neutral and so on. As its related technologies coming into continuous development and maturity, its applications are more and more popular in our society. While with the natures of dynamics and distributivity, new security problems arise which have already gone beyond the traditional network security mechanism. Therefore, to find out a relatively complete solution for web services security has been a research subject of great importance in both theoretical and practical world.After taking in-depth analysis on web services security requirement and its related technologies, this thesis, thus proposes an attribute-based access control model and constructs a relatively complete web service security model by considering its performance requirements, moreover, security analysis and tests for this security model have been also carried out on the basis of Pi Calculation theories.First, this thesis studies on architecture and the related key technology of web services, takes a systematic analysis on web services security requirements, such as data confidentiality, integrity, non-repudiation as well as its authentication, access control and so on. Moreover, according to various security requirements, this thesis also carries out a further research on security control and specifications of web services.Second, based on XACML systematic architecture and SAML specifications, this thesis succeeds in constructing an attribute-based web services access control model, providing the representation and acquisition of subject attribute and recourse properties and designing the performance architecture in details and working process of the model which allows flexible and fine-grained authorization access control, thus meeting the authorization and access control security requirements of web services under dynamic distribution environment.Last, this thesis proposes an integrated web services security model, presenting its overall design and working process. This model is created mainly based on SOAP message security handling model and access control model, which on one side ensures the security of web services and makes no influence on performance on the other side. Moreover, this thesis, based on Pi calculation theories, also provides a formal description and validity analysis to this security model and manages to carry out its security test with the help of MWB tools.In conclusion, this thesis succeeds in solving security domain-across access authorization problems under web services circumstance. Meanwhile it also presents a relatively complete web services security solution to problems arising between web services security measures and performance, which explores a new way in the field of web services security. |
PDF Full Text Request