| Web Services is a kind of message-driven cross-platform service technology,has been widely used in various fields of the Internet.Extensible Markup Language(XML)and Simple Object Access Protocol(SOAP)are the technical foundation of Web services.Web services are increasingly widely used,but there is a data leakage,vulnerable to XML attacks,SOAP message lost or tampered and other security issues.Trusted Computing realized encryption,hashing,and other security operations with efficiency and credibility by means of hardware.Trusted computing technology based on Trusted Cryptography Module(TCM).In order to overcome the shortcomings of pure software protection,this paper applies trusted computing technology to Web services,builds a trusted virtual platform,and proposes a trusted Web services framework.The main works are as follows:Aiming at the traditional Web service interaction process and its hidden trouble in the remote feasibility of the terminal,we propose a framework of secure Web services interaction and identity authentication based on TCM.(1)We study Linux startup mechanism of embedded platform and modify Linux bootstrap code to realize trusted boot of the terminal platform.(2)We build virtual containers on the traditional embedded platform and build virtual TCM for each container to build trusted virtualized platform.So,a complete trust chain is realized from embedded hardware to application in virtual domain.(3)In this paper,we research and compare a variety of authentication mechanisms.then introduce TCM in zero-knowledge proof protocol to realize anonymous authentication to requestor,which reduce the compute of TCM compared with traditional anonymous authentication mechanism.We build a trusted virtual platform based on the domestic TCM,then deploy and implement the trusted web services framework.The experiment proves that the trusted web services framework based on Trusted Virtualization Platform is safe and feasible,which achieves the expected results. |
PDF Full Text Request