Research On Security Mechanism Of SOAP In The Command And Control System Based On SOA

Information silos have become the urgent issues to tackle when informationize the army Command&Control System. The Command&Control System based on SOA can integrate different architecture, solve the problems of information silos, and achieve the interoperability among multiple Command&Control Systems. The Command&Control System based on SOA can enhance the characteristics of quick responses and reuse distributed collaboration and service etc. But it has to bear a series of management, security risk caused by the public service, especially in the process of information interaction. It has become the bottlenecks and obstacles to the Command&Control System based on SOA. Research on the security based on SOAP is the prerequisite to accelerate the application of SOA in Command&Control System, so it’s very important to build the SOAP security model, research on SOAP security mechanisms, provide the reliable security information interaction environment.Firstly, the Command&Control System based on SOA and its implementation technology are researched, then achieve the SOA command&control simulation system combined with the SOA development technologies according to the system framework and requirements analysis of the Command&Control System.On this basis, Combined with the characteristic of protocol to analyse the vulnerability and security requirements of SOAP, research on the attacks based on SOAP and then a security model is put up. Based on the above research, the XML Encryption, XML Signature, Timestamp, and authentication security for SOAP messages was implemented. And then to catch and analyse the SOAP messages by using the WireShark tools, the effectiveness of the security process is verified.At the last part, attack for the System added the SOAP security model and the System not added the SOAP security model. And then by comparing and analysing the system memory and CPU resources before and after the attack testing, we can conclude that:the Command&Control Simulation System added the SOAP security model not only can solve the confidentiality, integrality, identity authentication undeniable and other security issues, but also has the abilities to resist XML injection attack, XML nesting attack and replay attack.