Enhancing security for XML Web services

The XML-based interoperable characteristics make enhancing security for XML Web Services a lot different from that of the traditional network-based applications. SSL VPN gateways are usually used to provide security for traditional network-based applications, but not for Web Services. This thesis presents an integrated security solution for securing both traditional network-based applications and Web Services.;The integrated security solution includes a VPN framework and a Web Services framework. Considering that we have already had an SSL VPN gateway developed by our lab, we take it as the motherboard of the solution and the VPN server of the gateway as the security functional part of the VPN framework. As the highlight of this thesis project, a Web Services security component, also the security functional part of the Web Services framework, has been developed, implemented and integrated with the SSL VPN gateway to get the integrated security solution.;The problem of applying ECC over binary fields for XML security, SOAP message security and Web Services security to make the Web Services security component share the same set of ECC keys with the VPN server on the gateway has been studied. Tools for reading ECC keys and certificates from the BUL's key files have been developed. Methods to adopt the ECC key files to ensure security of Web Services have also been developed. To the best of our knowledge, there is no previous work on adopting ECC keys over binary fields for Web Services security.;The integrated security solution we present in this thesis is the prototype of a network device that has functions of three gateways: a VPN gateway, a Web Services security gateway and a Web Services gateway.