Web服务的可信交互及身份认证机制

发布时间：2018-04-04 18:40

本文选题：可信计算　切入点：Web服务　出处：《南京理工大学》2017年硕士论文

【摘要】：Web服务是一种基于消息驱动的跨平台服务技术,其技术基础是可扩展标记语言XML和简单对象访问协议SOAP。Web服务的应用日益广泛,但其存在着信息泄漏,易受XML攻击,SOAP消息丢失篡改等安全问题。可信计算技术通过硬件方式实现加密、哈希等安全性操作,具有高效性以及可信性。国内可信计算技术以国产可信密码模块(Trusted Cryptography Module,TCM)为基础。为克服纯软件手段存在的缺陷,从源头保证终端安全,将可信计算技术应用于Web服务,搭建可信虚拟化平台,并提出一种可信Web服务框架,具体工作如下:(1)针对传统的Web服务交互过程及其在终端远程可信性方面存在的隐患,提出一种基于TCM的安全Web服务框架。(2)研究嵌入式平台Linux启动机制,修改Linux引导阶段代码,实现Web终端平台的可信启动。(3)在传统的嵌入式平台上利用虚拟化技术搭建容器,并为各容器配备虚拟TCM,构建可信虚拟化平台,并在此基础上实现了从嵌入式硬件到虚拟域应用软件的完整信任链。(4)研究比较多种身份认证机制,在基于数字签名的零知识证明协议中引入TCM,实现Web服务响应方对请求方的匿名认证,与传统匿名身份认证机制相比可有效减少TCM的计算量。本文基于国产TCM搭建可信虚拟化平台,并部署实现web服务安全框架。实验证明,基于可信虚拟化平台的Web服务安全框架是安全可行的,达到了预期的效果。
[Abstract]:Web service is a kind of cross-platform service technology based on message driven. Its technical foundation is extensible markup language (XML) and simple object access protocol (SOAP.Web).Vulnerable to XML attacks soap message loss tampering and other security issues.Trusted computing technology implements encryption, hash and other security operations by hardware, which has high efficiency and credibility.The domestic trusted computing technology is based on trusted Cryptography module TCMs.In order to overcome the defects of pure software, to guarantee the terminal security from the source, the trusted computing technology is applied to Web services, the trusted virtualization platform is built, and a trusted Web service framework is proposed.The main work is as follows: 1) aiming at the hidden trouble of the traditional Web service interaction process and its remote credibility, this paper proposes a secure Web service framework based on TCM. It studies the Linux startup mechanism of the embedded platform and modifies the Linux boot phase code.Implement trusted startup of Web terminal platform. Build container on traditional embedded platform, and construct trusted virtualization platform with virtual TCMs for each container.On this basis, we implement a complete trust chain from embedded hardware to virtual domain application software.TCM-based zero-knowledge proof protocol based on digital signature is introduced to implement anonymous authentication of the requestor by Web service responders. Compared with the traditional anonymous authentication mechanism, the computation of TCM can be reduced effectively.This paper builds a trusted virtualization platform based on domestic TCM, and deploys a web service security framework.Experiments show that the Web services security framework based on trusted virtualization platform is secure and feasible, and achieves the desired results.
【学位授予单位】：南京理工大学
【学位级别】：硕士
【学位授予年份】：2017
【分类号】：TP309;TP393.09

【参考文献】