1 / 11

XML Security Processing With VTD-XML

XML Security Processing With VTD-XML. Jimmy Zhang XimpleWare Feb-18, 10:05am. XML Security: The definition. XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. Is mostly XML message processing

kirti
Download Presentation

XML Security Processing With VTD-XML

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. XML Security Processing With VTD-XML Jimmy Zhang XimpleWare Feb-18, 10:05am

  2. XML Security: The definition • XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. • Is mostly XML message processing • Some common keywords of, or related to, XML security • XML encryption • XML signature • SAML • Single sign on • Essential to the success of Web Services.

  3. Challenges of XML security processing • Existing techniques are based on DOM or SAX • Slow: DOM doesn’t give more than 3~5 MB/sec • Difficult to use: SAX doesn’t build trees in memory, unsuitable for SOAP header processing • But there is more. Consider the following: • No incremental update with either DOM or SAX • Repetitive parsing for every message stop

  4. The Problem Statement • The biggest problem of current XML processing concerns how an XML message is tokenized. • For historical reasons, a token is a string terminated with a NULL. • Tokenize XML this way creates lots of string objects • Object creation is the biggest performance killer • No way to support incremental update

  5. The Solution: Virtual Token Descriptor • Alternative tokenization technique exists, i.e., using offset and length. Object creation cost also can be minimized by using fixed length integers • Virtual Token Descriptor (VTD) is a binary format specifying how to tokenized “non-extractively.” • VTD records are 64-bit integers that encode the starting offset, length, token type and nesting depth of tokens in XML

  6. Benefits of VTD • Potentially very high performance • By reducing per-object memory/processing overhead • Custom ASIC implementation • Memory Resident: Random access possible • Incremental Update • Efficient content extraction • Inherent persistent: Avoid repetitive parsing

  7. Introducing VTD-XML • VTD-XML is the open source (GPL) XML processing API built on the concept of VTD. • Current version 0.8 Hosted at http://vtd-xml.sf.net • Have all the benefits of VTD • Implementation available in both Java and C, delivering 25~35MB/sec sustained parsing performance on a 1.5GHz processor. • Ideally suited for XML security application

  8. VTD-XML’s User Experience • Highest performance parsing available in software • Random access capable meaning user-friendliness • The most efficient when one wants to add, delete or update XML payload • The most efficient to extract content from XML payload • VTD, a natural index of XML, can be sent along with XML itself to avoid repetitive parsing. • ASIC implementation delivers 2Gb/Sec performance.

  9. Case Study 1: Change a single token value • After • Before

  10. Case Study 2: Inserting SAML into XML Payload 3 2 1 4

  11. Summary • VTD-XML is the next generation XML processing API that fundamentally solves multiple problems of XML security processing.

More Related