Task-role-based access control model
Information Systems
IEEE Security and Privacy
Aclamate: An AOSD Security Framework for Access Control
DASC '06 Proceedings of the 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing
A Performance Evaluation of Web Services Security
EDOC '06 Proceedings of the 10th IEEE International Enterprise Distributed Object Computing Conference
A Framework for Enhancing Web Services Security
COMPSAC '07 Proceedings of the 31st Annual International Computer Software and Applications Conference - Volume 01
Web Service Security model Using CBD Architecture
SERA '07 Proceedings of the 5th ACIS International Conference on Software Engineering Research, Management & Applications
XML and Web Services Security Standards
IEEE Communications Surveys & Tutorials
Hi-index | 0.00 |
Web service technologies have been widely used in diverse applications. However, there are still many security challenges in reliability, confidentiality and data nonrepudiation, which are prominent especially in some Web service systems that have massive resources in diverse forms. An enhanced mechanism for secure accesses of Web resources is presented and implemented based on the combination of modules of identity authentication, authorized access, and secure transmission to improve the security level of these systems. In the identity authentication, the highly safe and recognized authentication method U-Key is used. For the aspect of authorized access, the integration of an improved Spring Security framework and J2EE architecture is applied to ensure authorized access to Web resources, while the security interceptor of Spring Security is extended and a series of security filters are added to keep web attacks away. Moreover, some improvements of the XML encryption and XML decryption algorithm are made to enhance the security and speed of data transmission, by means of mixing RSA and DES algorithm. The above security mechanism has been applied to an online virtual experiment platform based on Web services named VeePalms. The experimental results show that most security problems with high severity in the system have been solved and medium-low severe problems degreased dramatically.