期刊文献+

基于Rop的开放平台安全性研究 被引量:2

Research on the Security of Open Platform Based on Rop
下载PDF
导出
摘要 本文在对ROP框架和Web安全技术进行研究的基础上,首先对ROP进行了介绍,与其它技术进行了比较;同时对XML消息重写攻击对消息本体的影响进行了分析并研究了其解决策略。然后使用Ecplise平台,基于B/S的架构设计并实现了一个单点登录系统。采用ROP框架解决第三方平台认证授权问题,利用分层模型来降低系统层与层的间的耦合度,提高了系统的可扩展性和可维护性;其次针对消息本体传输安全问题,提出了ROP—Jusnit方案,并通过测试验证了其安全性和可行性。 Based on the study of Rop framework and Web security technology, Rop is introduced and compared with other technologies. At the same time, the impact of XML message rewriting attacks on message ontology is analyzed and its solution is studied. On the Eeplise platform, a single sign on system is implemented based on the B/S architecture design. The ROP framework is used to solve the authority of the platform for third - party certification, the hierarchical model is used to reduce the coupling between layer and layer, thus the system scalability and maintainability have been improved. Secondly, ROP -Jusnit scheme is proposed to solve the message body transmission security. And its safety and feasibility are tested and verified.
作者 白宏图
出处 《西安铁路职业技术学院学报》 2016年第1期7-13,共7页 Journal of Xi’an Railway Vocational & Technical Institute
关键词 安全 认证 授权 ROP Security Authentication Authorization ROP
  • 相关文献

参考文献10

  • 1朱蔚恒,周伟,龙舜.开放平台解决方案及其安全策略研究[J].计算机工程,2012,38(12):265-267. 被引量:19
  • 2Mihai - Gabriel Inoita. Secure Single Sign - On using CAS and OpenID [ J ]. Journal of Mobile, Embedded and Distributed Systems. 2012, ( 3 ).
  • 3金红.ROP防御研究现状[J].计算机安全,2013(5):77-81. 被引量:3
  • 4马琳,宋俊德,宋美娜.开放平台:运营模式与技术架构研究综述[J].电信科学,2012,28(6):125-140. 被引量:28
  • 5X. Cui, L. Li, and J. Wei, A Novel SOAP Attachment - O- riented Security Mode [ C ]. 17th International Symposi- um on Software Reliability Engineering,2006.
  • 6C. M. Jayalath and R. U. Fernando, A Modular Architec- ture for Secure and Reliable Distributed Communica- tion, [ J ] Apache Software Foundation, pp. 1 - 8,2007.
  • 7OASIS Standard, Web Services Security : SOAP Message Security 1.0 [ S ]. 2004.
  • 8OASIS Standard, Web Services Reliable Messaging Poli- cy Assertion ( WS - RM Policy) [ S]. 2009.
  • 9Symantec, " Symantec Global Internet Security Threat Report Trends for 2009", in Volume XV,2010.
  • 10Web Services Description Requirements,W3C October 2092.

二级参考文献19

  • 1百度开放平台详细介绍[EB/OL].[2008-10-26].http://open.baidu.com/.
  • 2淘宝开放平台详细介绍[EB/OL].[2008-03-26].http://open.taobao.com/.
  • 3Facebook.Facebook Developers[EB/OL].(2011-05-15).http://developers.facebook.com.
  • 4OpenSocial Foundation.OpenSocial——It’s Open,It’s Social,It’sup to You[EB/OL].(2011-05-23).http://www.opensocial.org.
  • 5Fielding R T.Architectural Styles and the Design of Network-based Software Architectures[D].Berkeley,USA:University ofCalifornia,2000.
  • 6Hammer E.Beginner’s Guide to OAuth[EB/OL].(2011-07-15).http://hueniverse.com/2007/10/beginners-guide-to-oauth-part-i-overview.
  • 7高嘉阳.Web开放平台安全体系的研究与设计[D].北京:北京邮电大学,2009.
  • 8Hovav Shacham. The Geometry of Innocent Flesh on the Bone: R, eturn-into-libc without Function Calls (on the x86): CCS'07 Proceedings of the 14th ACM conference on Computer and communications security, 2007[C]. New York NY, USA= ACM, 2007:552-561.
  • 9Erik Buchanan, lyan Roemer, Hovav Shacham. When Good Instructions Go Bad: Generalizing R, eturn-Oriented Programming to ff, ISC: CCS'08 Proceedings of the i5th ACM conference on Computer and communications security 2008[C]. New York, NY, USA: ACM , 2008:27-38.
  • 10RIf Oriented Hund, Rootkits Thorsten Holz, Felix C. Freiling. R, eturn- Bypassing Kernel Code Integrity Protection Mechanisms: SSYMO9 Proceedings of the 18th conference on USENIX security symposium, 2009[C]. CA, USA: USENIX Association Berkeley, 2009:586-598.

共引文献42

同被引文献4

引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部