基于可信计算的Web服务安全增强技术的设计与实现

发布时间：2018-03-26 03:31

本文选题：Web服务　切入点：可信计算　出处：《国防科学技术大学》2014年硕士论文

【摘要】：在网络和计算机技术迅猛发展的形式下,Web服务因其应用灵活以及与用户的动态实时交互的特点,被越来越多的平台所应用。特别是在一些关键领域如金融、政务等系统都将Web服务作为行业的主要平台。可以说Web服务的出现为人们的生产和生活带来了前所未有的便捷。与此相对应的是,随着Web服务应用的不断扩展和深化,Web服务日益突出的安全问题成为其继续应用、发展的瓶颈。传统的信息安全技术或因防御滞后,延误了防御的最佳时机;或因检测技术复杂,增加了系统的复杂性,降低了系统使用效率。都难以有效保障信息的安全。基于以上背景,本文研究了Web服务的基本架构、协议体系、安全需求及Web服务传统安全机制,通过分析传统安全机制的缺陷及不足,认为在传统被动防御的思想下,通过病毒识别、防火墙、入侵检测等外防为主的手段和技术已无法应对越来越多源自系统内部的威胁的实际情况,进而提出借鉴可信计算主动防御的思想,通过信任根和信任链的构建和延伸,改造Java虚拟机,构建可信保障框架,从终端接入的源头建立安全体系,来保障信息服务的安全。相关工作和创新点如下:(1)借鉴可信计算的思想及其关键技术,构建信任根和信任链,并将传统的信任根和信任链拓展、延伸到应用层,并在此基础上构建了服务的可信保障框架。(2)通过对Java虚拟机运行机制和模块组成及安全性分析,扩展标准JVM模块,设计实现可信增强的Java虚拟机,并基于可信增强的Java虚拟机研究了基于Java语言的Web服务安全增强技术。(3)着重研究了可信增强Java虚拟机的服务发布、加载时、运行时可信度量技术和安全可信审计技术的设计与实现。在此基础上围绕可信增强技术的安全性目标,对恶意软件或病毒的篡改、入侵者攻破系统对系统的日志内容进行删除等案例进行了安全性分析。文章在最后构造了相关测试用例,对实现的可信增强Web服务进行了安全性测试,分析了安全增强实施的性能影响。
[Abstract]:With the rapid development of network and computer technology, Web services have been used by more and more platforms because of their flexible application and dynamic real-time interaction with users, especially in some key fields such as finance. Government affairs and other systems regard Web services as the main platform of the industry. It can be said that the emergence of Web services for people's production and life has brought unprecedented convenience. With the continuous expansion and deepening of Web service application, the increasingly prominent security problems become the bottleneck of its continuous application. Traditional information security technology has delayed the best time of defense because of the lag of defense, or because of the complexity of detection technology. The complexity of the system is increased, and the efficiency of the system is reduced. It is difficult to ensure the security of information effectively. Based on the above background, this paper studies the basic architecture, protocol architecture, security requirements and traditional security mechanism of Web services. By analyzing the defects and shortcomings of the traditional security mechanism, the author thinks that under the traditional passive defense thought, through the virus identification, the firewall, Intrusion detection and other external defense methods and techniques can no longer cope with more and more threats from within the system, and then put forward the idea of active defense of trusted computing, through the construction and extension of trust root and chain of trust. In order to guarantee the security of information service, the Java virtual machine is reformed, the trusted guarantee framework is constructed, and the security system is established from the source of terminal access. The related work and innovations are as follows: 1) drawing lessons from the idea of trusted computing and its key technologies. The trust root and the trust chain are constructed, and the traditional trust root and trust chain are extended to the application layer. On this basis, the trusted guarantee framework of the service is constructed. (2) by analyzing the running mechanism, module composition and security of the Java virtual machine, the trust root and trust chain are extended to the application layer. Extend standard JVM module, design and implement trusted enhanced Java virtual machine, and research Web service security enhancement technology based on Java language based on trusted enhanced Java virtual machine. Design and implementation of runtime confidence measurement and security trusted audit technology. Based on this, the tampering of malicious software or virus around the security goal of trusted enhancement technology, This paper analyzes the security of the intrusion attack system by deleting the log contents of the system. In the end, the paper constructs the related test cases, and tests the security of the implemented trusted enhanced Web service. The performance impact of security enhancement implementation is analyzed.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.09

【参考文献】