Á¤º¸°úÇÐȸ ³í¹®Áö C : ÄÄÇ»ÆÃÀÇ ½ÇÁ¦
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
XaT-SOAP: XML ±â¹Ý °ø°Ý Çã¿ë SOAP ¸Þ½ÃÁö |
| ¿µ¹®Á¦¸ñ(English Title) |
XaT-SOAP: XML-based Attack-Tolerant SOAP Messages |
| ÀúÀÚ(Author) |
¾ÆÁöÁî ³ª½º¸®µð³ëºê
¹ã º¹ Èï
¸² û
º¯ Á¤ ¿ë
Aziz Nasridinov
Pham Phuoc Hung
Lin Qing
Jeong Yong Byun
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 18 NO. 06 PP. 0489 ~ 0493 (2012. 06) |
Çѱ۳»¿ë
(Korean Abstract) |
¿©·¯ À¥¼ºñ½º º¸¾È ±â¼úµéÀº Çù·Â ȯ°æ¿¡¼ Çù·ÂÀÚ °£¿¡ SOAP ¸Þ½ÃÁöÀÇ ¾ÈÀüÇÑ ±³È¯À» ¸ñÀûÀ¸·Î ÀÌ¿ëµÈ´Ù. ÇÏÁö¸¸ ÀÌ·¯ÇÑ º¸¾È±â¼úµéÀ» ÀÌ¿ëÇÒÁö¶óµµ SOAP ¸Þ½ÃÁö´Â ¾ÆÁ÷µµ XML±â¹Ý °ø°Ý¿¡ Ãë¾àÇÒ ¼ö ÀÖ´Ù. À§¿Í °°Àº°ø°ÝÀ¯ÇüÀ» ´Ù·ç±â À§ÇÏ¿© ¿ì¸®´Â XaT-SOAP (XML ±â¹Ý °ø°Ý °¨³» SOAP ¸Þ½ÃÁö)¶ó´Â »õ·Î¿î Á¢±Ù¹ýÀ» Á¦¾ÈÇÑ´Ù. ÀÌ Á¢±Ù¹ý¿¡¼ ¿ì¸®´Â ¸ÕÀúSOAP ¸Þ½ÃÁöÀÇ ¿ø¼Ò ±¸Á¶¸¦ ¿ÂÅç·ÎÁö¸¦ »ç¿ëÇؼ ¸¸µé°í SOAP ¸Þ½ÃÁö Çì´õºÎ¿¡ ºÎÂøÇÑ´Ù. ºÎÂøµÈ ¿ÂÅç·ÎÁö¸¦ Á¢¼ö´Ü¿¡¼ °ËÁõÇϸé XML°ø°ÝÀ» ŽÁöÇÒ ¼ö ÀÖÀ» °ÍÀÌ´Ù. ¶ÇÇÑ º» ¿¬±¸¿¡¼ SOAP ¸Þ½ÃÁö¿¡ °üÇÑ ¸ðµç º¯°æ »çÇ×Àº ·Î±×¿¡ ¾²¿© Áø´Ù. ±×·¡¼ ¸¸¾à º¸¾È ½ÇÆа¡ ÀϾ¸é ¿ì¸®´Â ÀÌ ·Î±×¸¦ Á¡°ËÇÒ ¼ö ÀÖ°í, º¸¾ÈÀÌ ¼º°øÇÑ ÁöÁ¡¿¡¼ºÎÅÍ º¹±¸µÉ ¼ö ÀÖ´Ù. ¿ì¸®´Â ¼öÇ༺´É Æò°¡¸¦ ÅëÇؼ È¿À²¼º ÃøÁ¤°ú ÇÔ²² Á¦¾ÈµÈ Á¢±Ù¹ýÀÇ ±¸ÇöÀ» Á¦°øÇÑ´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Several Web Service Security (WS-Security) technologies are used aiming at securing exchanges of SOAP messages among partners in a collaborative environment. However, although all of these security standards, SOAP message can still be vulnerable to XML-based attacks. In order to deal with these types of attacks, we propose a new approach called XaT-SOAP (XML-based Attacks Tolerant SOAP messages). In this approach, we first build SOAP message elements structure using ontology and then attach it in SOAP message¡¯s header. If we validate this ontology in the receiving end, we will be able to detect XML-based attacks. Also, in our approach, all modifications on SOAP messages are written to a log. So if security failures have occurred, we can check this log and recover from effect of successful execution. We will provide an implementation of our proposed approach along with efficiency measurements through performance evaluation.
|
| Å°¿öµå(Keyword) |
SOAP ¸Þ½ÃÁö
¿ÂÅç·ÎÁö
À¥¼ºñ½º
XML±â¹Ý°ø°Ý
SOAP message
Ontology
Web Service Security
XML-based attack
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
