Virtualised Trusted Computing Platform for Adaptive Security Enforcement of Web Services Interactions

摘要

Security enforcement framework is an important aspect of any distributed system. With new requirements imposed by SOA-based business models, adaptive security enforcement on the application level becomes even more important. Our work on the enforcement framework to date has resulted in a comprehensive middleware-based solution leveraging on web services technologies. However, potential merits of hardware-based solutions to further secure application exposure have not been considered so far. This paper describes a method for combining software resource level security features offered by Web Services technologies, with the hardware-based security mechanisms offered by Trusted Computing Platform and system virtualisation approaches. In particular, we propose trust-based architecture for protecting the enforcement middleware deployed at the policy enforcement endpoints of web and grid services. The main motivation is to additionally secure execution environment of the applications, by providing virtual machine level separation that maps from logical domains imposed by web services level enforcement policies.