Á¤º¸°úÇÐȸ ³í¹®Áö C : ÄÄÇ»ÆÃÀÇ ½ÇÁ¦
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
À¥¼ºñ½º º¸¾È¿¡¼ SOAP ¸Þ½ÃÁö¿¡ °üÇÑ »ðÀÔ ¹× º¯°æ °ø°Ý¿¡ ´ëÇÑ ¹æ¾î¹ý |
| ¿µ¹®Á¦¸ñ(English Title) |
A Solution for Injection andRewriting Attacks on SOAP Messages in Web Services Security |
| ÀúÀÚ(Author) |
¹ãº¹Èï
¾ÆÁöÁî
¸² û
º¯Á¤¿ë
Pham Phuoc Hung
Aziz Nasridinov
Lin Qing
Jeong Yong Byun
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 18 NO. 03 PP. 0244 ~ 0248 (2012. 03) |
Çѱ۳»¿ë
(Korean Abstract) |
ÀÏ´Ü SOAP ¸Þ½ÃÁö°¡ À¥¼ºñ½º°£¿¡ ¼ÒÅëÀ» À§ÇÏ¿© »ç¿ëµÇ¸é ±×µéÀÇ ¹«°á¼º°ú ±â¹Ð¼ºÀº °üÂûµÇ¾î¾ß ÇÒ ÇÊ¿ä°¡ ÀÖ´Â ¹®Á¦ÀÌ´Ù. À¥ ȯ°æ¿¡¼ ¸¸³ª´Â µµÀüµéÀº SOAP ¸Þ½ÃÁöÀÇ XML °ø°Ý ¶§¹®¿¡ ¹ß»ýÇØ ¿Ô´Ù. ±×°ÍÀº SOAP ¸Þ½ÃÁö¿¡¼ ÀüÇüÀûÀÎ °áÁ¡¿¡ ´ëÇÑ ±Ù¿øÀÌ µÇ¸ç, »ç¿ëÇϱ⿡ ¸¹Àº ¾àÁ¡À» ¸¸µç´Ù. ºÒÇàÇÏ°Ôµµ À¥¼ºñ½º Áß°£Ç°ÀÇ Á¸Àç´Â ÀÌµé °áÁ¡À» ±Ô¸íÇÏ°í ±×µéÀ» °íÄ¥ ¼ö ÀÖ°Ô Çϴµ¥ ´ëÇÑ ±â´É ÇѰ踦 Á¦°øÇÑ´Ù. ÀÌµé ¹®Á¦¸¦ ã¾Æ¼ ´Ù·ç±â À§ÇÏ¿© º» ³í¹®¿¡¼ SOA¿¡¼ SOAP ¸Þ½ÃÁöÀÇ º¸¾È ¾àÁ¡À» Ž±¸ÇÒ »Ó¸¸ ¾Æ´Ï¶ó ½Å·Ú¼ºÀ» °³¼±ÇÏ°í À§ÇÏ¿© º¸¾ÈÀ§Çù°ú ½Î¿ì±â À§ÇÏ¿© SOAP¿¡¼ ¹ß»ýµÈ ÀüÇüÀûÀÎ °áÁ¡À» ÀÚµ¿À¸·Î ã¾Æ³»°í ¹Ù·ÎÀâÀ» ¼ö ÀÖ°Ô ÇÏ´Â ½Ã½ºÅÛÀ» Á¦¾ÈÇÑ´Ù.
|
¿µ¹®³»¿ë
(English Abstract) |
Once SOAP messages are used for the communication among web services, their integrity and confidentiality should be preserved. XML-based attacks have often been used on SOAP messages which create a foundation for typical faults and make them vulnerable to use. Web Services middleware have limitation in identifying these faults and possibly fixing them. Therefore to cope with the XML-based attacks, in this paper, we explore the security vulnerability of SOAP messages and propose a system which is able to automatically detect and fix typical faults occurred in SOAP messages due to XML Attacks.
|
| Å°¿öµå(Keyword) |
SOAP
º¸¾È
XML°ø°Ý
»ðÀÔ
À¥¼ºñ½º
Security
XML Attacks
Injection
Web Services
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
