XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am.

Slides:

Advertisements

Similar presentations

HL7 V2 Conformance Testing Robert Snelick NIST January 20 th, 2004

Advertisements

Naming, Addressing, & Discovery

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.

System Design and Memory Limits. Problem  If you were integrating a feed of end of day stock price information (open, high, low, and closing price) for.

12 Pontoon1May Pontoon program CE : Fundamental Programming Techniques.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

C++ Programming: Program Design Including Data Structures, Third Edition Chapter 16: Recursion.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

SaxStore: a n aspect oriented persistence library for Java based on SAX events Riccardo Solmi University of Bologna May 2001.

1 Storing Data: Disks and Files Yanlei Diao UMass Amherst Feb 15, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.

CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Lecture 6: Linked Lists Linked lists Insert Delete Lookup Doubly-linked lists.

Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.

CS 255: Database System Principles slides: Variable length data and record By:- Arunesh Joshi( 107) Id: Cs257_107_ch13_13.7.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

Mapping Physical Formats to Logical Models to Extract Data and Metadata Tara Talbott IPAW ‘06.

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team Presented by: Tom Connolly, Jason Lieberman Company: BizTech Session.

Block and Stream Ciphers1 Reference –Matt Bishop, Computer Security, Addison Wesley, 2003.

By: Shawn Li. OUTLINE XML Definition HTML vs. XML Advantage of XML Facts Utilization SAX Definition DOM Definition History Comparison between SAX and.

Networking Nasrullah. Input stream Most clients will use input streams that read data from the file system (FileInputStream), the network (getInputStream()/getInputStream()),

CHP - 9 File Structures. INTRODUCTION In some of the previous chapters, we have discussed representations of and operations on data structures. These.

XP New Perspectives on XML, 2 nd Edition Tutorial 10 1 WORKING WITH THE DOCUMENT OBJECT MODEL TUTORIAL 10.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

The GRIMOIRES Service Registry Weijian Fang and Luc Moreau School of Electronics and Computer Science University of Southampton.

XML 1 Enterprise Applications CE00465-M XML. 2 Enterprise Applications CE00465-M XML Overview Extensible Mark-up Language (XML) is a meta-language that.

Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

Denis Walker. RIPE 45, May 2003, Barcelona. 1 DBupdate Denis Walker RIPE NCC.

C++ Programming: From Problem Analysis to Program Design, Fourth Edition Chapter 17: Recursion.

Computer Emergency Notification System (CENS)

WEB BASED DATA TRANSFORMATION USING XML, JAVA Group members: Darius Balarashti & Matt Smith.

DBMS Implementation Chapter 6.4 V3.0 Napier University Dr Gordon Russell.

Introduction to Implementing XML web services authentication John Messing Law-on-Line, Inc. Prepared for Maricopa County ICJIS May 17, 2006.

1 File Systems: Consistency Issues. 2 File Systems: Consistency Issues File systems maintains many data structures  Free list/bit vector  Directories.

Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.

Zdenek Nejedly, Campus Services Rasim Duric, Lelio Fulgenzi, Deborah MacDougall, Networking Services Computing & Communications Services University of.

File Storage Organization The majority of space on a device is reserved for the storage of files. When files are created and modified physical blocks are.

 A Web service is a method of communication between two electronic devices over World Wide Web.

® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management

An Overview and Evaluation of Web Services Security Performance Optimizations Robert van Engelen & Wei Zhang Department of Computer Science Florida State.

Data Manipulation Jonathan Rosenberg dynamicsoft.

Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.

WORKING WITH THE “CALL HTTP WEB SERVICE” WORKFLOW ACTIVITY Derek Nishino Nishino Consulting

C++ Programming: Program Design Including Data Structures, Fourth Edition Chapter 16: Recursion.

Cross Language Clone Analysis Team 2 February 3, 2011.

MD5 & Hash Encryption By Alex Buzak. Overview Purpose of MD5 and Hash Encryptions Examples MD5 Algorithm Explanation of Possible Security Risks Practical.

Sets and Maps Chapter 9. Chapter Objectives  To understand the Java Map and Set interfaces and how to use them  To learn about hash coding and its use.

Java Message Service Introduction to JMS API. JMS provides a common way for Java programs to create, send, receive and read an enterprise messaging system’s.

D Copyright © 2004, Oracle. All rights reserved. Using Oracle XML Developer’s Kit.

SQL Triggers, Functions & Stored Procedures Programming Operations.

Technical Security Issues in Cloud Computing By: Meiko Jensen, Jorg Schwenk, Nils Gruschka, Luigi Lo Lacono Presentation by: Winston Tong 2009 IEEE.

@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.

Chapter 27 Network Management Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

February 2009, FOSDEM GNUstep Application Project DataBasin Accessing Salesforce.com from GNUstep: DataBasin +

Notice: MySQL is a registered trademark of Sun Microsystems, Inc. MySQL Conference & Expo 2011 Michael “Monty” Widenius Oleksandr “Sanja”

Shibboleth Identity Provider Version 3

Jonathan Rosenberg dynamicsoft

CHP - 9 File Structures.

HMA Identity Management Status

Node.js Express Web Services

B. R. Chandavarkar CSE Dept., NITK Surathkal

External Methods Chapter 15 (continued)

Lecture 22 Inheritance Richard Gesick.

XML Problems and Solutions

Siddhesh Bhobe Persistent eBusiness Solutions

Extensible Markup Language (XML)

Presentation transcript:

XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am

Jimmy Zhang XimpleWare XML Security: The definition XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. Is mostly XML message processing Some common keywords of, or related to, XML security – XML encryption – XML signature – SAML – Single sign on Essential to the success of Web Services.

Jimmy Zhang XimpleWare Challenges of XML security processing Existing techniques are based on DOM or SAX – Slow: DOM doesn’t give more than 3~5 MB/sec – Difficult to use: SAX doesn’t build trees in memory, unsuitable for SOAP header processing But there is more. Consider the following: – No incremental update with either DOM or SAX – Repetitive parsing for every message stop

Jimmy Zhang XimpleWare The Problem Statement The biggest problem of current XML processing concerns how an XML message is tokenized. – For historical reasons, a token is a string terminated with a NULL. – Tokenize XML this way creates lots of string objects – Object creation is the biggest performance killer – No way to support incremental update

Jimmy Zhang XimpleWare The Solution: Virtual Token Descriptor Alternative tokenization technique exists, i.e., using offset and length. Object creation cost also can be minimized by using fixed length integers Virtual Token Descriptor (VTD) is a binary format specifying how to tokenized “non-extractively.” VTD records are 64-bit integers that encode the starting offset, length, token type and nesting depth of tokens in XML

Jimmy Zhang XimpleWare Benefits of VTD Potentially very high performance – By reducing per-object memory/processing overhead – Custom ASIC implementation Memory Resident: Random access possible Incremental Update Efficient content extraction Inherent persistent: Avoid repetitive parsing

Jimmy Zhang XimpleWare Introducing VTD-XML VTD-XML is the open source (GPL) XML processing API built on the concept of VTD. Current version 0.8 Hosted at Have all the benefits of VTD Implementation available in both Java and C, delivering 25~35MB/sec sustained parsing performance on a 1.5GHz processor. Ideally suited for XML security application

Jimmy Zhang XimpleWare VTD-XML’s User Experience Highest performance parsing available in software Random access capable meaning user-friendliness The most efficient when one wants to add, delete or update XML payload The most efficient to extract content from XML payload VTD, a natural index of XML, can be sent along with XML itself to avoid repetitive parsing. ASIC implementation delivers 2Gb/Sec performance.

Jimmy Zhang XimpleWare Case Study 1: Change a single token value Before After

Jimmy Zhang XimpleWare Case Study 2: Inserting SAML into XML Payload

Jimmy Zhang XimpleWare Summary VTD-XML is the next generation XML processing API that fundamentally solves multiple problems of XML security processing.