| 基于XML重写的SOAP安全 |
| |
| 引用本文: | 朱 云,徐 枫,宴 轲.基于XML重写的SOAP安全[J].信息工程大学学报,2013,14(5):634-640. |
| |
| 作者姓名: | 朱 云 徐 枫 宴 轲 |
| |
| 作者单位: | 1.61938部队,北京 100840; 2.军事经济学院,湖北 武汉 430035; 3.汉口学院,湖北 武汉 430212 |
| |
| 摘 要: | 基于传统Web安全方法实施防护的Web服务常常受到XML重写攻击的威胁,而SOAP作为Web服务的关键技术,其安全也成为了Web服务安全的重要组成部分.文章首先分析了各种XML重写攻击技术,阐述了各种XML重写攻击技术的手段和特点;针对不同XML重写攻击手段提出了预防XML重写攻击的技术和方法,并重点分析了基于SOAP消息本身的方法和基于安全策略内容的方法;最后,总结归纳了预防XML重写攻击的两种方式,并提出了下一步的工作.
|
| 关 键 词: | Web服务 安全 简单对象访问协议 XML重写攻击 |
SOAP Security Based on XML Rewrite |
| |
| ZHU Yun,XU Feng,YAN Ke.SOAP Security Based on XML Rewrite[J].Journal of Information Engineering University,2013,14(5):634-640. |
| |
| Authors: | ZHU Yun XU Feng YAN Ke |
| |
| Affiliation: | 1. Unit 61938,Beijing 100840,China;2. Military Economics, Wuhan 430035, China; 3. Hankou Academy, Wuhan 430212, China) |
| |
| Abstract: | Web Services based on traditional Web security technology may face great threat as an attacker may intercept, SOAP is one of the critical technologies of web service, so its security is an important part of web service security. This paper analyzes several XML rewriting attack methods, describes their advantages and disadvantages, proposes the methods to avoid XML rewriting attacks, and describes in detail two methods based on SOAP messages and security policies. Finally, the paper summarizes the general approach to avoiding XML rewriting attack and proposes the future work. |
| |
| Keywords: | Web service security SOAP SML rewriting attack |
| 本文献已被 维普 等数据库收录! |
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
|
