【作者】 沈海波；

【导师】 洪帆；

【作者基本信息】 华中科技大学 ， 计算机软件与理论， 2007， 博士

【摘要】 随着Web服务从技术概念到实际应用的不断发展,其松散耦合、语言中立、平台无关性、可跨互联网链接应用等优点日益明显。同时,其异构性、动态性、复杂性、跨组织的松耦合性,极容易暴露其弱点和局限性。作为典型的分布式应用,Web服务面临的安全挑战包括:数据机密性、完整性、不可否认性、身份认证、访问控制、审计和安全管理等多个方面,同时还具有其自身的特点。因此业界一致认为,安全性是Web服务要成为主流技术之前必须解决的一个关键问题。而身份认证、授权与访问控制、信任建立和委托等是其中的主要安全问题。因此,对Web服务中的关键安全技术进行深入研究,既具有理论意义又具有实用价值。Web服务中,为完成某项任务或实现某个功能,常常有多个企业或组织共同协作,并且每个组织又都可能参与多个这种形式的协作。这些企业或组织可能采取完全不同的身份识别和认证机制,如何在一个统一的框架中兼容现存的和可能出现的多种不同认证机制以及身份凭证,在多个企业或组织之间如何映射身份凭证,是Web服务必须面对的问题。特别是,当用户需要访问多个Web服务才能完成业务处理的话,他不希望在每个Web实体上都需要提供自己的身份凭证,而是希望只登录一次,就可以访问全部相关的站点(即单点登录)。SAML(Security Assertion Markup Language,安全声明标记语言)标准和WS-Federation(Web Services Federation Language,Web服务联邦语言)规范为实现单点登录认证提供了技术支持。在分析SAML、WS-Federation和XKMS(XML Key Management Specification,XML密钥管理规范)如何实现单点登录认证机制的基础上,提出了一种基于SAML和Cookie的Web服务门户网站安全认证系统模型,实现了单一管理域和信任联盟中不同管理域之间的单点登录。模型具有灵活、可扩展、跨平台等特性。传统的授权是基于请求访问资源的实体的身份,或是基于直接或间接分配给这些实体的角色。但在象Web服务这样的开放环境中,资源和请求者通常位于不同的安全域中,他们之间一般没有先前建立的信任关系,互不知晓彼此的身份,身份信息(如用户名和口令、身份证书)并不适合于确定一个实体是否值得信任和授权。因此,提出了基于属性的访问控制(attribute-based access control,ABAC)机制。在ABAC中,利用相关主体、资源、环境的属性作为授权决策的基础,从而避免了在请求之前就分配权限给请求者的麻烦。对ABAC进行了扩展和形式化描述,给出了面向Web服务的基于XACML(eXtensible Access Control Markup Language,可扩展访问控制标记语言)的ABAC实现框架。为了更好地实现ABAC,还讨论了属性生存周期内的属性管理问题。ABAC机制因其灵活性和适用性,已广泛应用于开放和分布式的系统中,但也存在着策略管理和维护难度较大的问题以及用户敏感属性暴露问题。因为访问控制决策所需的属性可能来自不同的管理域,以不同的术语来表示和解释,即其语义可能不完全相同,从而导致了对语义互操作性的需求。这些只能用语义Web技术(尤其是Ontology技术)来解决。语义Web技术能改进面向服务的、异构环境的安全性,处理语义互操作引起的挑战。基于语义Web技术和扩展XACML,提出了一种称为具有语义的属性访问控制(Semantic-aware Attribute-Based Access Control,简称S-ABAC)方法,以解决ABAC中存在的问题。在Web服务环境,访问者与资源控制者通常在不同的安全域,资源控制者事先无法知晓访问者的身份,并且访问者通常是随机地访问资源,如何动态地建立信任关系便成为一个非常重要的问题。目前很多解决方案中,都假定存在一个可信的第三方权威机构,依据第三方提供的信息进行访问决策;然而,在一个开放、动态和多变的Web环境中,存在完全可信的第三方是不现实的,而需要一种合理的方法来评估第三方及合作伙伴的可信程度。自动信任协商(Automated Trust Negotiation ,ATN)机制通过属性凭证、访问控制策略的交互披露,资源的请求方和提供方可动态地建立信任关系。同时,在异构、分布式的Web服务环境,为了对资源的访问进行有效的控制,通常要使用委托(delegation)技术。分析了Web服务中的信任建立机制,提出了一种基于WS-Trust的信任建立模型和基于自动信任协商的Web服务访问控制模型。最后,基于SAML委托声明和WS-Trust规范,还提出了面向Web服务的权限委托模型和实现框架。更多还原

【Abstract】 With the development of Web service, its merits, like the loosely coupled, language-neutral, platform-independent, linking applications within organizations across Internet, are becoming more and more important. But in the same time, some weaknesses and limitations begin to emerge due to its heterogeneity, dynamic, complexity and the loosely coupled nature across organizations. As the typical distributed applications, web services security challenges include data confidentiality (including transport data confidentiality and SOAP message confidentiality), data integrity (including transport data integrity and SOAP message integrity), non-repudiation, identity authentication, trust, access control, auditing and security management. So business circles agree conformably that its security is the key issue that must be addressed before web service becomes the mainstream technique. Identity authentication, authorization, access control, trust establishment and delegation are the main security issues. Therefore, in depth research on the key security techniques in web services not only has academic value, but also has practice meaning.In web services environment, it usually needs more enterprises or organizations to cooperate to accomplish a task or implement a function, and every organization may participate in many such cooperation. Because those enterprises or organizations may use different identity authentication mechanism, it is the problem that web services must face how to give attention to two or more things the existent and forthcoming authentication mechanism and how to map the identity credentials between those enterprises or organizations. Furthermore, when user must invoke many web services to accomplish business processing, he/she do not want to provide his/her identity credential to every web entity, but he/she want to authenticate only once and gain access to all federative web sites, i.e. Single sign-on (SSO). SAML (Security Assertion Markup Language) and WS-Federation provide technique support for single sign-on. By analyzing SAML, WS-Federation and XKMS (XML Key Management Specification) are how to achieve single sign-on, we present security authentication system model for web services portal website based on SAML and Cookie. This system model achieves single sign-on both in a single management domain and in a trust federation with different management domains, which has the characteristics such as flexibility, extensibility and across-platform, and so on.Traditionally, authorization has been based on the identity of the entity requesting access to a resource, either directly or through roles assigned to entity. However, in the open environment like web service, resources and their requestors may come from different security domains and they often will not have any preexisting relationship, so much as they do not know each other. Therefore, identity information such as user names and password, or identity certificates, is usually inadequate to determine whether or not a party should be trusted. So an attribute-based access control (ABAC) approach has been proposed. In ABAC systems, authorization decisions are based on attributes of requestor, resource and environment. ABAC avoids the need for permissions to be assigned to individual requestors before the request is made. In this paper the modeling and extending for ABAC was discussed, and the implementation architecture of ABAC for web services based on XACML was presented. In the end, the attribute management throughout their lifecycle was discussed so as to use ABAC better.ABAC is particularly suitable for authorization and access control in open and distributed systems due to its flexibility and applicability. However, the higher flexibility and applicability of ABAC come along with higher complexity in the specification and maintenance of the policies and the problem of sensitive attributes exposure. Because the needed attributes in access control decision may come from the different security domains, they may be annotated and interpreted with different terminology, that is to say, their semantic may be completely different. This results in the requirement for semantic interoperability, which can be settled using semantic web technologies, especially Ontology. Semantic web technologies can be used to improve security in service-oriented, open heterogeneous environments and what semantic interoperability challenge must be met. In this paper, a new semantic-aware attributed-based access control (called S-ABAC) approach was presented based on an extension of the established XACML standard and semantic web technologies so as to resolve the issues in ABAC.In web services environment, resources and their requestors may come from different security domains, resources controller do not know the identity of requestor in advance, and requestors visit usually the resources at random. It is an every important problem how to establish dynamically the trust relationship between them. In existing solutions, it was assumed that there is a trusty third party authority to provide information to make authorization decision, but which is not realistic in open, dynamic and phantasmagoric web services environment. So we need a reasonable method to evaluate whether or not the third party or collaborator is trusty. Automated Trust Negotiation (ATN) is a means to establish mutual trust between resource requestor and resource provider through the exchange of sensitive attribute credentials and access control policies. In heterogeneous and distribute web services environment, the delegation technology is usually needed to control the access to resources. In this paper, the trust establishment mechanism in web services was analyzed, and a trust establishment model based on WS-Trust was proposed. An ATN-based access control model for web services was also presented. And a delegation model and framework was proposed based on SAML delegation assertion and WS-Trust in the end.更多还原