基于安全代理的Web服务端到端安全通信技术研究

上海交通大学硕士学位论文基于安全代理的Web服务端到端安全通信技术研究姓名：李丽楠申请学位级别：硕士专业：通信与信息系统指导教师：倪佑生20050101-1-WebWebWebInternetWebWebWebWebWebWeb-2-WebWebWebWebWebWebWeb-3-RESEARCHONEND-TO-ENDSECURITYCOMMUNICATIONSTECHNOLOGYOFSECURITYPROXY--BASEDWEBSERVICESABSTRACTAsanewWebapplication,WebservicesmakeuseofInternettoconnecttheapplications,systemsandresources,whichareinthesameenterpriseorindifferententerprisestoactivatenewbusinessworkflowandtomaintaintherelationshipsbetweenusersandpotentialvendorwhoareinallofworld.Webservicesrealizetoshareinformationbetweenclientsandenterpriseflexiblyandspeedily.Howevertherearealotofsecurityrisksforitsopenness,includinginformationpurloining,tricking,destroyingandothersecurityimpacts.ThereforeWebservicesanditsend-to-endcommunicationstechnologyhavebecomethehotspotinE-businessandinformationsecurityfield.-4-ThisthesisresearchesWebservicespoint-to-pointandend-to-endcommunicationsmodelsandtheirworkingprocessandthenanalyzestheirsecurityrisksandthesolutionswhichhavealreadyexisted.Itpointsoutthatthesecuritysolutionsofpoint-to-pointcommunicationshaven’tpreventedcomplexesWebservicesend-to-endcommunications.ThethesisextendsthesignificationofWebservices.Andnowthedefinitionofend-to-endcommunicationsmeansthatthecommunicationsofdifferentapplicationswhichcanbeinthesameordifferentsecurityregion.Analyzingthesecuritydemandtoend-to-endcommunicationsofwebservices,thethesisprovidesasecurityproxy-basedend-to-endcommunicationsframeworkofWebServices,thecomponentsoftheframeworkandhowtheframeworkguaranteesthesecurityofWebservicewiththeinteractionofcomponents.Thethesisdiscussesthecoreequipmentoftheframework---securitypolicyserverandprovidesthefundamentalanddesignideatothecoremodulesinsecuritypolicyserver.Webservices-basedRBACmoduleovercomesthemappingproblemsintheWebservicesend-to-endcommunications.MessagetracingmodulecanfindthebottlenecksofsystemandsecurityauditwhentracingtheWebservicesmessages.Securitypolicymanagementmodulecanresolvethesecuritypolicynegotiationproblembeforecommunicationsofdifferentapplicationswhichinthesameordifferententerprises.The-5-centralizedmanagementofsecuritypolicyserverguaranteesthesecurityofend-to-endcommunications,integrity,confidentialityandNonrepudiationofmessageswhentheyareacrossdifferentapplications.IntheendthethesisdeeplyanalyzesthebackgroundoffundinteractionWebservicesandtheresultofsecurityframeworkappliedtoit.Afterresearchingtheprocessoffunddealingcarefullythethesismakesclearlyabouthowtheframeworksecuretheend-to-endcommunications.Theproposedframeworkisgeneralandeasytoextend.Ithasgreatapplicationforeground.Forexample,itcanbeusedinvirtualbank,managementofsupplychain,E-businessandE-hospitalwhichhashighsecuritydemand.Withthedevelopmentofsecuritytechnologies,thesecurityproxy-basedframeworkcanintegratenewsecuritytechnologiesandnewsecurityproductstoitselfinordertoenforcetheabilitytodefensetheattackandsecurityofinteroperationsbetweenenterprises.Webservices,end-to-end,security,securityproxy,E-businessWeb-1-InternetWebWebB2C(business-to-customer)B2B(business-to-business)B2CInternetB2BSCMSupplyChainManagementiSCMB2BWebWebWebInternetWebWebWeb(IDC)WebWebWeb-2-200671116%WebWebInternetWebWebWebIBMWebWebInternet”WebInternetWebInternetXMLWebWebWebWeb1-1Servicebrokers.UDDIregistry.privatedirectoriesWebserviceconsumersWebserviceprovidersFindPublishbindsearchcriteriaforwebservicesWSDLURLWSDLfileSOAPrequestSOAPresponseinvokeWSDLURLSbussinessandservicesinfo.URLtoWSDLWebServicesRolesandOperationsFrameworkWeb-3-WebWebWebWSDL(WebServicesDescriptionLanguageWeb)WebUDDI(UniversalDescription,DiscoveryandIntegration)WebUDDISOAPWebWebWebSOAP(SimpleObjectAccessProtocol)WebUDDI(UniversalDescription,DiscoveryandIntegration)WebWSDL(WebServicesDescriptionLanguageWeb)1.2.2.1SOAPSOAPXMLSOAPSOAPSOAPSOAPSOAPWeb-4-XMLSchemaHTTPSMTPFTPSOAPSOAPEnvelope(SOAPSOAPencodingrulesSOAPSOAPRPCRepresentationSOAPRPCSOAPbindingSOAPSOAPSOPAXML1.2.2.2UDDIUDDIWebXMLWebUDDIWebWebXMLSchemaXMLSchemaSOAPWebUDDIUDDIWebWebURLWeb-5-1.2.2.3WSDLWSDLWebWSDLWebWebWSDLWSDLWSDLWSDLWebWebWSDLWSDLWebWSDLWSDLWeb(1)WebWebWebWebWebJ2EE.NETInternetWebInternetXML/SOAPWeb-6-(2)Web(3)WebWebWebWebCORBADCOMEJB(4)WebWeb(5)Web(WSDL)WebWebWebWeb4(1)(business-oriented)ERPSCM/CRMWeb(2)(consumer-oriented)B2CWebWebB2C(3)(device-oriented)PC(Email)(4)(system-oriented)InternetInternetInternetWeb-7-WebWebWebWebWebWebWebWebWebWebWebWebWebWeb/WebWeb(grid)WebWebWebWebWeb-8-E-serviceDataprocessingE-businessE-governmentWebportalWorkflowmodelingMonitor/MngttoolsService-orientedprogrammingmodelServiceorchestration&workflowServicemanagement&monitorSimulationtoolsSimulationtoolsSimulationtoolsSimulationtoolsSimulationtoolsCommonservicesSimulationtoolsDomainspecificservicesResourceservicesService-orientedsecuritymechanismService-orientedQoSmechanismGridserviceruntime(servicecontainer)PhysicalresourceLogicresourcesGridapp.layerSimulationtoolsService-orientedtoolslayerService-orientedarchitecturelayer(SOA)Resources(fabric)layerWeb-9-WebWebInternetInternetWebWebWebWeb()WebWebWebWebWebWebWeb-10-WebWebWebWe