A message interaction security mechanism based on SOA

At present, SOA (Service-Oriented Architecture) is already widely applied in the enterprise commercial development as it is loose coupling, cross-platform, language-independent, supporting organic businesses architecture. Security for communication between services has become a key technology which restricts SOA and Web services to continue to develop. Network attackers can keep the signature and certification sections of the message unchanged and modify the SOAP messages by removing or adding some elements in the head or the body part at the same time. Current security mechanisms rarely consider the effective use of the structure of the SOAP message itself to detect this type of tampering attacks. Here we give a mechanism using the structured information of SOAP Further to spot XML tampering attacks and make the appropriate details of the principle and implementation. Experiments prove that using this mechanism we can choose different security levels more flexibly without affecting the system efficiency while maintaining the security.