Extensão de Segurança para o Perfil DPWS
Resumo
Recentemente Serviços Web vêm sendo alvo de padrões e especificações visando a sua aplicação diretamente sobre dispositivos embarcados. A especificação DPWS é um exemplo de esforço neste sentido. Neste trabalho é apresentada uma proposta de extensão de um Serviço de Segurança ao modelo funcional do DPWS. Esta extensão trata de maneira independente os aspectos de segurança seguindo as definições de WS-Security e WS-SecureConversation. Este modelo estendido é aplicado em um protótipo de um sistema de gerenciamento da distribuição de energia elétrica no sentido de evidenciar a eficiência das proposições e escolhas.Referências
Almqvist, L e Wikstrom, R. (1994) “Standardizing energy management by using simple network managementprotocol”, In: Telecommunications Energy Conference, 1994. INTELEC '94., 16th International.
Bartel, M., Boyer, J., e Fox, B. (2002). XML-Signature Syntax and Processing. W3C.
Castro, A L S et al. (2001) “Power Quality Monitoring Instrument for Energy Distribution Feeder”, 11th IMEKO TC-4 Symposium Trends in Electrical Measurement and Instrumentation and 6th EuroWorkshop on ADC modelling and testing, Lisbon - PORTUGAL, September 13-14.
Dierks, T. et al. (1999) “The TLS Protocol”, Version 1.0, http://www.ietf.org/rfc/rfc2246.txt, IETF RFC 2246, January 1999.
DPWS (2009). Devices Profile for Web Services. OASIS.
Hernández, V., López, L., Prieto, O., Martínez, J. F., García, A. B. e Da-Silva., A. (2009) “Security Framework for DPWS Compliant Devices”. In: Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference.
Imamura, T., Dillaway, B., e Simon, E. (2002). XML Encryp. Syntax and Proc. W3C.
Jammes, F., Mensch, A. e Smit, H. (2005) “Service-Oriented Device Communications Using the Devices Profile for Web Services”. In: Proceedings of the 3rd international workshop on Middleware for pervasive and ad-hoc computing, páginas: 1-8, Grenoble, France.
Karnouskos, S. e Tariq, M. M. J. (2009) “Using Multi-Agent Systems to Simulate Dynamic Infrastructures Populated with Large Numbers of Web Service Enabled Devices”. In: The 9th International Symposium on Autonomous Decentralized Systems – ISADS, Athens, Greece.
Martínez, J. F., López, M., Hernández, V., Jean-Marie, K., García, A. B., López, L., Herrera, C. e Sánchez-Alarcos, C. J. (2008) “A security architectural approach for DPWS-based devices”. In: CollECTeR Ibéroamérica 2008 conference. Madrid, Spain.
OASIS (2004). WS Security: SOAP Message Security 1.0. OASIS.
OASIS (2007). WS-SecureConversation. OASIS.
OASIS (2009). Web Services Dynamic Discovery (WS-Discovery). OASIS.
Pras, A., Drevers, T., van de Meent, R. e Quartel. D. (2004) “Comparing the Performance of SNMP and Web Services-Based Management”, In: ETRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, FALL 2004. IEEE 2004.
RFC 2631 (1999). “Diffie-Hellman Key Agreement Method”. E. Rescorla Junho 1999.
W3C (2006a). Web Services Transfer (WS-Transfer). W3C. Disponível em: http://www.w3.org/Submission/WS-Transfer/
W3C (2006b). Web Services Addressing 1.0 - Core. W3C. Disponível em: http://www.w3.org/TR/ws-addr-core/
W3C (2007). Web Services Policy 1.5 – Framework. W3C. Disponível em: http://www.w3.org/TR/ws-policy/
Bartel, M., Boyer, J., e Fox, B. (2002). XML-Signature Syntax and Processing. W3C.
Castro, A L S et al. (2001) “Power Quality Monitoring Instrument for Energy Distribution Feeder”, 11th IMEKO TC-4 Symposium Trends in Electrical Measurement and Instrumentation and 6th EuroWorkshop on ADC modelling and testing, Lisbon - PORTUGAL, September 13-14.
Dierks, T. et al. (1999) “The TLS Protocol”, Version 1.0, http://www.ietf.org/rfc/rfc2246.txt, IETF RFC 2246, January 1999.
DPWS (2009). Devices Profile for Web Services. OASIS.
Hernández, V., López, L., Prieto, O., Martínez, J. F., García, A. B. e Da-Silva., A. (2009) “Security Framework for DPWS Compliant Devices”. In: Emerging Security Information, Systems and Technologies, 2009. SECURWARE '09. Third International Conference.
Imamura, T., Dillaway, B., e Simon, E. (2002). XML Encryp. Syntax and Proc. W3C.
Jammes, F., Mensch, A. e Smit, H. (2005) “Service-Oriented Device Communications Using the Devices Profile for Web Services”. In: Proceedings of the 3rd international workshop on Middleware for pervasive and ad-hoc computing, páginas: 1-8, Grenoble, France.
Karnouskos, S. e Tariq, M. M. J. (2009) “Using Multi-Agent Systems to Simulate Dynamic Infrastructures Populated with Large Numbers of Web Service Enabled Devices”. In: The 9th International Symposium on Autonomous Decentralized Systems – ISADS, Athens, Greece.
Martínez, J. F., López, M., Hernández, V., Jean-Marie, K., García, A. B., López, L., Herrera, C. e Sánchez-Alarcos, C. J. (2008) “A security architectural approach for DPWS-based devices”. In: CollECTeR Ibéroamérica 2008 conference. Madrid, Spain.
OASIS (2004). WS Security: SOAP Message Security 1.0. OASIS.
OASIS (2007). WS-SecureConversation. OASIS.
OASIS (2009). Web Services Dynamic Discovery (WS-Discovery). OASIS.
Pras, A., Drevers, T., van de Meent, R. e Quartel. D. (2004) “Comparing the Performance of SNMP and Web Services-Based Management”, In: ETRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, FALL 2004. IEEE 2004.
RFC 2631 (1999). “Diffie-Hellman Key Agreement Method”. E. Rescorla Junho 1999.
W3C (2006a). Web Services Transfer (WS-Transfer). W3C. Disponível em: http://www.w3.org/Submission/WS-Transfer/
W3C (2006b). Web Services Addressing 1.0 - Core. W3C. Disponível em: http://www.w3.org/TR/ws-addr-core/
W3C (2007). Web Services Policy 1.5 – Framework. W3C. Disponível em: http://www.w3.org/TR/ws-policy/
Publicado
11/10/2010
Como Citar
MENDONÇA, Igor Thiago Marques; FRAGA, Joni da Silva; DIAS, Roberto Alexandre.
Extensão de Segurança para o Perfil DPWS. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 10. , 2010, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2010
.
p. 133-146.
DOI: https://doi.org/10.5753/sbseg.2010.20583.
