Research And Implementation Of Web Service Security Conifguration Tool Based On Program Slicing

Web service has been widely used in the fields of electronic commerce and enterpriseintegration for its distributed and cross-platform features. With the development andpopularization, Web service faces not only the traditional attack threat, but also many attacks andchallenges for its characteristics. OASIS organization released protocols such as WS-Security toprovide security for Web services. However, due to the complex relationship of the interface-call,it is difficult to ensure the security of each interface simply by a policy configuration tool.Therefore, studying the security of Web services from the Web service source has greatsignificance.Through analyzing source codes by program slicing, the relations between components canbe abstracted, so that some pure codes which only contain a specific component can be generated.This technology can be used to reduce codes for better studying source codes. This paperproposed a method of web service security analysis based on program slicing. It uses the dynamicprogram slicing to parse the source codes (mainly focusing on the research about the source codeswritten in Java), study the source code of the security problems and repair the vulnerabilitythrough the security policy configuration.This paper researches on the source codes of the web services and generate the set of criticalinformation statements. Through program slicing results, the interface-call relationships andsecurity spread is also studied. With an analysis on the interface which can affect the criticalinformation in the web services description language, it is judged that there is securityvulnerability if the policy does not exist.In order to enhance the protection for the securityvulnerability, this paper puts forward the safety protection strategy based on WS-SecurityPolicywhich provides message integrity, confidentiality and authentication.Based on the theories and designs above, a security policy configuration tool for Web serviceis implemented including a slicing module, an analyzer and configuration module and a testmodule. The tool is a relatively automatic Web services tools, it can play a security role from thedevelopment to service publication and testing.