An improved security framework for Web service-based resources

被引:5
作者
Jiang, Wenbin [1 ]
Xu, Hui [1 ]
Dong, Hao [1 ]
Jin, Hai [1 ]
Liao, Xiaofei [1 ]
机构
[1] Huazhong Univ Sci & Technol, Serv Comp Technol & Syst Lab, Cluster & Grid Comp Lab, Sch Comp Sci & Technol, Wuhan 430074, Peoples R China
基金
中国国家自然科学基金;
关键词
Web service; Spring Security; authentication; authorized access; secure transmission;
D O I
10.3906/elk-1303-12
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Web service-based application has become one of the dominative ones of the Internet. This trend brings more and more security challenges in reliability, confidentiality, and data nonrepudiation, especially in some systems that have massive diversified resources. An improved framework for secure accesses of Web resources is presented and implemented by extending and enhancing the Spring Security framework. It improves the security level of systems for identity authentication, authorized access, and secure transmission. The highly safe authentication is based on the integration of an improved authentication module of Spring Security with a U-key method and a RSA algorithm. For authorized access, the Spring Security's ACL (access control list) mechanism is improved by optimizing the domain object-level access control. For secure transmission, a compromising method is presented to take both the security level and the speed of data transmission into account by means of mixing the RSA and DES algorithms. In addition, the security interceptor of Spring Security is extended and a series of security filters are added to keep Web attacks away. The above improved security framework has been applied to an online virtual experiment platform named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems decreased dramatically. Moreover, VeePalms has been used in practice for about 2 years, which has proved the effectiveness of the security framework.
引用
收藏
页码:774 / 792
页数:19
相关论文
共 23 条
  • [1] Chen Y, 2010, 2 INT C INF SCI ENG, P1541
  • [2] Static analysis for security
    Chess, B
    McGraw, G
    [J]. IEEE SECURITY & PRIVACY, 2004, 2 (06) : 76 - 79
  • [3] Field J.P., 2011, Proceedings of the second international workshop on restful design, P59, DOI DOI 10.1145/1.967428.1967443
  • [4] Garrison WC, 2012, PROCEEDINGS OF THE 2012 NEW SECURITY PARADIGMS WORKSHOP (NSPW'12), P115
  • [5] Jiang W, 2012, 14 IEEE INT C HIGH P, P25
  • [6] Jiang W, 2011, 4 INT C HUM CENTR CO, P187
  • [7] Jiang W, 2010, COMMUNICATIONS CCF, V6, P64
  • [8] Li Z, 2012, ADV INTELL SOFT COMP, V163, P197
  • [9] Ma K, 2012, J INFORM COMPUTATION, V9, P5249
  • [10] Min Zhu, 2011, 2011 International Conference on Computer Science and Service System (CSSS), P1063