Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions

IEEE International Conference on Web Services (ICWS 2007) Pub Date : 2007-07-09 DOI:10.1109/ICWS.2007.188

I. Djordjevic, S. Nair, T. Dimitrakos

{"title":"Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions","authors":"I. Djordjevic, S. Nair, T. Dimitrakos","doi":"10.1109/ICWS.2007.188","DOIUrl":null,"url":null,"abstract":"Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensive middleware-based solution leveraging on Web services technologies. However, potential merits of hardware-based solutions to further secure application exposure have not been considered so far. This paper describes a method for combining software resource level security features offered by Web services technologies, with the hardware-based security mechanisms offered by trusted computing platform and system virtualisation approaches. In particular, we propose trust-based architecture for protecting the enforcement middleware deployed at the policy enforcement endpoints of Web and grid services. The main motivation is to additionally secure execution environment of the applications, by providing virtual machine level separation that maps from logical domains imposed by Web services level enforcement policies.","PeriodicalId":208234,"journal":{"name":"IEEE International Conference on Web Services (ICWS 2007)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE International Conference on Web Services (ICWS 2007)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICWS.2007.188","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 13

Abstract

Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensive middleware-based solution leveraging on Web services technologies. However, potential merits of hardware-based solutions to further secure application exposure have not been considered so far. This paper describes a method for combining software resource level security features offered by Web services technologies, with the hardware-based security mechanisms offered by trusted computing platform and system virtualisation approaches. In particular, we propose trust-based architecture for protecting the enforcement middleware deployed at the policy enforcement endpoints of Web and grid services. The main motivation is to additionally secure execution environment of the applications, by providing virtual machine level separation that maps from logical domains imposed by Web services level enforcement policies.

查看原文本刊更多论文

Web服务交互自适应安全实施的虚拟化可信计算平台

安全实施框架是任何分布式系统的一个重要方面。由于基于soa的业务模型带来了新的需求，应用程序级别的自适应安全实施变得更加重要。到目前为止，我们在实施框架方面的工作已经产生了利用Web服务技术的全面的基于中间件的解决方案。然而，目前还没有考虑到基于硬件的解决方案在进一步保护应用程序公开方面的潜在优点。本文描述了一种将Web服务技术提供的软件资源级安全特性与可信计算平台和系统虚拟化方法提供的基于硬件的安全机制相结合的方法。特别是，我们提出了基于信任的体系结构，用于保护部署在Web和网格服务的策略实施端点上的实施中间件。其主要动机是通过提供虚拟机级别的分离，从Web服务级别强制策略所施加的逻辑域进行映射，从而进一步保护应用程序的执行环境。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE International Conference on Web Services (ICWS 2007)

自引率

0.00%

发文量