基于三维球体模型的XML通信协议安全评估方法

doi:10.3969/j.issn.1000-436x.2013.03.024

Abstract

Abstract:

Aiming at the problems of security assessment in XML communication protocols, a novel three-dimensional spherical model based protocol security evaluation method was proposed. Firstly, a three-dimensional security evaluation index system was constructed through positions of indexes on the spherical shell. Secondly, by using the coordinate's projection area as a measure criterion, evaluation indexes' weights of the first level and the second level were obtained with the analytic hierarchy process (AHP), the sphere and the sector angle. Thirdly, security components values of XML communication protocol were calculated in the aspects of XML's content, communication load and security vulne-rability. Finally, the security evaluation result of XML communication protocol was achieved through quantization calcu-lation and further comprehensive analysis. Experimental results show that this method is competent for the protocol secu-rity evaluation and meets security evaluating requirem L communication protocols effectively.

Key words: XML, protocol, three-dimensional spherical model, AHP, security evaluation

Hong-yu YANG,Jin-bo YU,Li-xia XIE. Three-dimensional spherical model based XML communication protocols security evaluation method[J]. Journal on Communications, 2013, 34(3): 183-191.

Figures/Tables 17

安全等级	指标B₁评估值	指标B₂评估值	指标B₃评估值
	$Q_{1} = V_{1} \cdot S_{1}^{' T}$	$Q_{2} = V_{2} \cdot S_{2}^{' T}$	$Q_{3} = V_{3} \cdot S_{3}^{' T}$
一级	V₁=(V₁₁,V₁₂,V₁₃,V₁₄)	V₂=(V₂₁,V₂₂,V₂₃)	V₃=(V₃₁,V₃₂,V₃₃,V₃₄)
	S₁'=(S₁₁',S₁₂',S₁₃',S₁₄')	S₂'=(S₂₁',S₂₂',S₂₃')	S₃'=(S₃₁',S₃₂',S₃₃',S₃₄')
	Q₁₁=V₁₁*S₁₁'，	Q₂₁=V₂₁*S₂₁'，	Q₃₁=V₃₁*S₃₁'，
	S₁₁'=0.169 8p	S₂₁'=0.076 4p	S₃₁'=0.051 6p
	Q₁₂=V₁₂*S₁₂'，	Q₂₂=V₂₂*S₂₂'，	Q₃₂=V₃₂*S₃₂'，
	S₁₂'=0.169 8p	S₂₂'=0.081 6p	S₃₂'=0.051 6p
二级	Q₁₃=V₁₃*S₁₃'，	Q₂₃=V₂₃*S₂₃'，	Q₃₃=V₃₃*S₃₃'，
	S₁₃'=0.039 2p	S₂₃'=0.081 6p	S₃₃'=0.051 6p
	`Q₁₄=V₁₄*S₁₄'，		Q₃₄=V₃₄*S₃₄'，
	S₁₄'=0.159 0p		S₃₄'=0.051 6p

References 16

[1]	LIJ , CHENH , DENGF , et al. A security evaluation method based on threat classification for Web service[J]. Journal of Software, 2011,6(4): 595-603.
[2]	程睿 . 基于 SOA的SOAP消息交互安全机制的研究与实现[D]. 西安: 西安电子科技大学， 2008. CHENGR . Research and Implementation on Security Mechanism of SOAP Message Exchange Based on SOA[D]. Xian: Xidian University, 2008.
[3]	ALROUHB , GHINEAG . A performance evaluation of security me-chanisms for Web services[A]. Proc of the 2009 Fifth International Conference on Information Assurance and Security[C]. Piscataway, USA, 2009. 715-718.
[4]	孙丁丁 . 通过 SOAP扩展优化Web服务性能的研究[D]. 乌鲁木齐: 新疆大学， 2007. SUND D . Research on Optimizing Web Service via SOAP Exten-sion[D]. Urumqi: Xinjiang University, 2007.
[5]	陈晓苏, 周晴，肖道举 . Web服务中UDDI安全机制研究[J]. 华中科技大学学报， 2005,30(8): 58-60. CHENX S , ZHOUQ , XIAOD J . Study of security mechanisms of UDDI in Web service[J]. Journal of Huazhong University of Science and Technology(Nature Science), 2005,30(8): 58-60.
[6]	尹星 . 基于SAML的单点登录模型及其安全的研究与实现[D]. 镇江: 江苏大学， 2005. YINX . Research and Implementation of SAML-Based SSO Model and it's Security[D]. Zhenjiang: Jiangsu University, 2005.
[7]	宓洽群 . 大学教学原理[M]. 上海：上海交通大学出版社， 1989. 97-100. MIQ Q . University Teaching Principles[M]. Shanghai: Shanghai Jiaotong University Press, 1989. 97-100.
[8]	徐耀玲, 唐五湘, 吴秉坚 . 科技评估指标体系设计的原则及其应用研究[J]. 中国软科学， 2010,30(2): 48-51. XUY L , TANGW X , WUB J . Design principle and application of S＆T evaluation index system[J]. China Soft Science, 2010,30(2): 48-51.
[9]	杨宏宇, 谢丽霞, 朱丹 . 漏洞严重性的灰色层次分析评估模型[J]. 电子科技大学学报， 2010,39(5): 778-782. YANGH Y , XIEL X , ZHUD . A vulnerability severity grey hierarchy analytic evaluation model[J]. Journal of University of Electronic Science and Technology of China, 2010,39(5): 778-782.
[10]	PANGJ , PENGX . Trustworthy Web service security risk assessment research[A]. Proc of the 2009 International Forum on Information Technology and Applications[C]. Piscataway, USA, 2009. 417-420.
[11]	周晓洁 . 基于模糊综合评价法的船舶热源系统优选研究[D]. 上海: 上海交通大学， 2010. ZHOUX J . Study on The Selection of Marine Heat Source System Based on Fuzzy Comprehensive Evaluation Method[D]. Shanghai: Shanghai Jiaotong University, 2010.
[12]	加尔布雷斯 . Web服务安全性高级编程[M]. 北京：清华大学出版社， 2003. 400-444. GALBRAITHB . Professional Web Services Security[M]. Beijing： Tsinghua University Press, 2003. 400-444.
[13]	FLYR . Detecting fraud on websites[J]. IEEE Security ＆ Privacy, 2011,9(6): 80-85.
[14]	ANTUNESN , VIEIRAM . Defending against Web application vulne-rabilities[J]. IEEE Computer, 2012,45(2): 66-72.
[15]	陈伟琳 . 协议安全测试理伦和方法的研究[D]. 北京：中国科学技术大学， 2008. CHENW L . Research on Testing Theory and Methods of Protocol Security[D]. Beijing： University of Science and Technology of China, 2008.
[16]	赵德明 . 多维度Web服务安全性评估[D]. 北京：中国石油大学, 2011. ZHAOD M . Multiple Dimension Security Assessment of Web Ser-vice[D]. Beijing： China University of Petroleum, 2011.

Metrics

Recommended 0

No Suggested Reading articles found!

安全等级	评估指标
	机密性C₁₁
二级	完整性C₁₂不可否认性C₁₃
	可用性C₁₄
	加密强度D₁₁₁，信息重要度D₁₁₂
三级	公钥设施健壮性D₁₂₁，密钥保管力度D₁₂₂行为不可否认D₁₃₁，时间不可否认D₁₃₂
	抵御拒绝服务攻击能力D₁₄₁，灾难恢复的能力D₁₄₂

安全等级	评估指标
	可用性C₂₁
二级	完备性C₂₂
	可控性C₂₃
	抵御拒绝服务攻击的能力D₂₁₁，灾难恢复的能力D₂₁₂
三级	定界字符可去除性D₂₂₁，定界字符可注入性D₂₂₂
	交互过程的原子性D₂₃₁，交互过程的隔离性D₂₃₂

安全等级	评估指标
	截获C₃₁
二级	篡改C₃₂伪造C₃₃
	中断C₃₄
	可发现性D₃₁₁，可发现性D₃₂1，可发现性D₃₃₁，可发现性D₃₄₁
三级	可重现性D₃₁₂，可重现性D₃₂₂，可重现性D₃₃₂，可重现性D₃₄₂
	可利用性D₃₁₃，可利用性D₃₂₃可利用性D₃₃₃，可利用性D₃₄₃

最终评估结果	Q取值范围
低	0~0.3p
较低	0.3~0.5p
中下	0.5~0.6p
中平	0.6~0.7p
中上	0.7~0.8p
较高	0.8~0.9p
高	0.9~p

协议	可靠性	机密性	完整性
SOAP	0.165 8	0.451 5	0.392 0
SAML	0.103 5	0.096 0	0.352 4

Three-dimensional spherical model based XML communication protocols security evaluation method

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 17

References 16

Related Articles 15

Metrics

Recommended 0

评估指标	取值
V₁₁	1
V₁₂	0.923 1
V₁₃	0.6
V₁₄	0.703 5
V₂₁	0.551 1
V₂₂	0.583 3
V₂₃	0.5
V₃₁	0.48
V₃₂	0.72
V₃₃	0.58
V₃₄	0.54

协议						专家
协议	1	2	3	4	5	6	7	8	9	10
SOAP	中	中	中	中	中	中	中	中	较	中
SOAP	上	上	平	上	上	上	平	上	高	上
SAML	中	中	中	中	中	中	中	中	中	中
SAML	平	下	下	平	下	下	下	上	下	下

协议	抗假冒	抗篡改	抗否认	抗泄露	抗拒绝服务	抗提升特权	总安全度
SOAP	0.14	0.22	0.23	0.22	0.25	0.16	0.78（中上）
SAML	0.12	0.39	0.32	0.35	0.28	0.14	0.69（中下）

协议	认证	机密性	完整性	可用性	授权	审计	不可否认
SOAP	0.156 8	0.172 0	0.102 5	0.120 0	0.075 0	0.135 5	0.095 8
SAML	0.126 9	0.062 4	0.093 3	0.084 5	0.060 0	0.142 0	0.075 0

[1]	Shiqi ZHAO, Xiaohong HUANG, Zhigang ZHONG. Research and implementation of reputation-based inter-domain routing selection mechanism [J]. Journal on Communications, 2023, 44(6): 47-56.
[2]	Shengxing YU, Zhong CHEN. Efficient secure federated learning aggregation framework based on homomorphic encryption [J]. Journal on Communications, 2023, 44(1): 14-28.
[3]	Youliang TIAN, Maoqing TIAN, Hongfeng GAO, Miao HE, Jinbo XIONG. Cooperation-based location authentication scheme for crowdsensing applications [J]. Journal on Communications, 2022, 43(9): 121-133.
[4]	Guanxiong HA, Qiaowen JIA, Hang CHEN, Chunfu JIA. Data popularity-based encrypted deduplication scheme without third-party servers [J]. Journal on Communications, 2022, 43(8): 17-29.
[5]	Anqi YIN, Yuanbo GUO, Ding WANG, Tongzhou QU, Lin CHEN. Provably secure quantum resistance two-server password-authenticated key exchange protocol [J]. Journal on Communications, 2022, 43(3): 14-29.
[6]	Chong LI, Xiujuan DU, Lijuan WANG, Xiaojing TIAN. Rule and perception based MAC protocol for UAN [J]. Journal on Communications, 2022, 43(2): 65-75.
[7]	Zhengyu ZHU, Pengfei CHEN, Zixuan WANG, Kexian GONG, Di WU, Zhongyong WANG. Short wave protocol signals recognition based on Swin-Transformer [J]. Journal on Communications, 2022, 43(11): 127-135.
[8]	Jinbo XIONG, Yongjie ZHOU, Renwan BI, Liang WAN, Youliang TIAN. Towards edge-collaborative, lightweight and privacy-preserving classification framework [J]. Journal on Communications, 2022, 43(1): 127-137.
[9]	Xiang GONG, Tao FENG, Jinze DU. Formal modeling and security analysis method of security protocol based on CPN [J]. Journal on Communications, 2021, 42(9): 240-253.
[10]	Zhiqiang YAO, Zhirong ZHU, Guohua YE. Achieving resist against DHCP man-in-the-middle attack scheme based on key agreement [J]. Journal on Communications, 2021, 42(8): 103-110.
[11]	Taoshen LI, Anni SHI, Zhe WANG, Lu HE. Optimal relay selection for full duplex SWIPT-NOMA systems with maximal throughput [J]. Journal on Communications, 2021, 42(5): 87-97.
[12]	Xiangmao CHANG, Jun ZHAN, Zhiwei WANG. Low-cost group-based identity security authentication protocol for NB-IoT nodes [J]. Journal on Communications, 2021, 42(12): 152-162.
[13]	Hongqiang YAN,Linjie WANG. Research of authentication techniques for the Internet of things [J]. Journal on Communications, 2020, 41(7): 213-222.
[14]	Chunxiang GU,Weisen WU,Ya’nan SHI,Guangsong LI. Method of unknown protocol classification based on autoencoder [J]. Journal on Communications, 2020, 41(6): 88-97.
[15]	Yanjing SUN,Junqiu YANG,Yan CHEN,Yanfen WANG,Xiaojing CHEN,Fengzhen LIU,Zhi SUN. RAW online regrouping method in IEEE 802.11ah protocol for industrial Internet of things [J]. Journal on Communications, 2020, 41(4): 92-101.