|
|
 |
Security
|
Information security and cryptography are cornerstones of the information society.
In fact, strong security mechanisms are needed to implement functions such as
the integrity of financial transactions, the accountability for electronic signatures,
the confidentiality within a virtual enterprise, the privacy of personal information,
or the availability of the critical infrastructure.
|
|
|
|
|
|
Web and Grid Services (WS & GS) are newly emerging technologies that promise
to give a new and global-scale impetus to the old challenge of distributed computing
(DC). One crucial aspect of their potential success will be the handling of security
issues, which in WS and GS is an even greater challenge than in DC because they
are application-level technologies that can reach right into the heart of corporate
IT systems.
Existing network- and host-level intrusion defenses are inadequate for protecting
WS and GS, as these technologies operate at application-level, opening interfaces
into and through web servers to back-end servers. Moreover, even emerging WS-Security
standards that address the protection of WS and GS through traditional mechanisms,
offering a strong set of authentication, authorization, integrity, confidentiality
and other security services, cannot prevent that intrusion attempts will be
made. Some of these attempts may succeed by misusing, abusing or tricking configured
WS-Security mechanisms in some devious way.
IBM's WSIP project addresses these issues and aims at developing technologies
that allow all interface aspects of WS and GS to be fully specified and that
enable automatic run-time validation of all input arguments. The technologies
necessary for protecting WS and GS can be broken down into three parts: a web
service interface hardening tool; a high-performance code generation tool for
input argument screening; and a method of invocation of that code by the web
service platform at run time.
|
|
| |
 |
|
