Presentation is loading. Please wait.

Presentation is loading. Please wait.

XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am.

Published byMuriel Black Modified over 9 years ago

Similar presentations

Presentation on theme: "XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am."— Presentation transcript:

1 XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am

2 Jimmy Zhang XimpleWare XML Security: The definition XML Security refers to the set of practices to ensure the security and authenticity of XML/SOAP payload. Is mostly XML message processing Some common keywords of, or related to, XML security – XML encryption – XML signature – SAML – Single sign on Essential to the success of Web Services.

3 Jimmy Zhang XimpleWare Challenges of XML security processing Existing techniques are based on DOM or SAX – Slow: DOM doesn’t give more than 3~5 MB/sec – Difficult to use: SAX doesn’t build trees in memory, unsuitable for SOAP header processing But there is more. Consider the following: – No incremental update with either DOM or SAX – Repetitive parsing for every message stop

4 Jimmy Zhang XimpleWare The Problem Statement The biggest problem of current XML processing concerns how an XML message is tokenized. – For historical reasons, a token is a string terminated with a NULL. – Tokenize XML this way creates lots of string objects – Object creation is the biggest performance killer – No way to support incremental update

5 Jimmy Zhang XimpleWare The Solution: Virtual Token Descriptor Alternative tokenization technique exists, i.e., using offset and length. Object creation cost also can be minimized by using fixed length integers Virtual Token Descriptor (VTD) is a binary format specifying how to tokenized “non-extractively.” VTD records are 64-bit integers that encode the starting offset, length, token type and nesting depth of tokens in XML

6 Jimmy Zhang XimpleWare Benefits of VTD Potentially very high performance – By reducing per-object memory/processing overhead – Custom ASIC implementation Memory Resident: Random access possible Incremental Update Efficient content extraction Inherent persistent: Avoid repetitive parsing

7 Jimmy Zhang XimpleWare Introducing VTD-XML VTD-XML is the open source (GPL) XML processing API built on the concept of VTD. Current version 0.8 Hosted at http://vtd-xml.sf.nethttp://vtd-xml.sf.net Have all the benefits of VTD Implementation available in both Java and C, delivering 25~35MB/sec sustained parsing performance on a 1.5GHz processor. Ideally suited for XML security application

8 Jimmy Zhang XimpleWare VTD-XML’s User Experience Highest performance parsing available in software Random access capable meaning user-friendliness The most efficient when one wants to add, delete or update XML payload The most efficient to extract content from XML payload VTD, a natural index of XML, can be sent along with XML itself to avoid repetitive parsing. ASIC implementation delivers 2Gb/Sec performance.

9 Jimmy Zhang XimpleWare Case Study 1: Change a single token value Before After

10 Jimmy Zhang XimpleWare Case Study 2: Inserting SAML into XML Payload 2 1 4 3

11 Jimmy Zhang XimpleWare Summary VTD-XML is the next generation XML processing API that fundamentally solves multiple problems of XML security processing.

Download ppt "XML Security Processing With VTD- XML Jimmy Zhang XimpleWare Feb-18, 10:05am."

Similar presentations

HL7 V2 Conformance Testing Robert Snelick NIST January 20 th, 2004

HL7 V2 Conformance Testing Robert Snelick NIST January 20 th, 2004
Naming, Addressing, & Discovery

Naming, Addressing, & Discovery
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.

©Silberschatz, Korth and Sudarshan12.1Database System Concepts Chapter 12: Indexing and Hashing Basic Concepts Ordered Indices B+-Tree Index Files B-Tree.
System Design and Memory Limits. Problem  If you were integrating a feed of end of day stock price information (open, high, low, and closing price) for.

System Design and Memory Limits. Problem  If you were integrating a feed of end of day stock price information (open, high, low, and closing price) for.
12 Pontoon1May 15 12 Pontoon program CE00858-1: Fundamental Programming Techniques.

12 Pontoon1May Pontoon program CE : Fundamental Programming Techniques.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
C++ Programming: Program Design Including Data Structures, Third Edition Chapter 16: Recursion.

C++ Programming: Program Design Including Data Structures, Third Edition Chapter 16: Recursion.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
SaxStore: a n aspect oriented persistence library for Java based on SAX events Riccardo Solmi University of Bologna May 2001.

SaxStore: a n aspect oriented persistence library for Java based on SAX events Riccardo Solmi University of Bologna May 2001.
1 Storing Data: Disks and Files Yanlei Diao UMass Amherst Feb 15, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

1 Storing Data: Disks and Files Yanlei Diao UMass Amherst Feb 15, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.
Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.

Sets and Maps Chapter 9. Chapter 9: Sets and Maps2 Chapter Objectives To understand the Java Map and Set interfaces and how to use them To learn about.
CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.

CS-3013 & CS-502, Summer 2006 Memory Management1 CS-3013 & CS-502 Summer 2006.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Lecture 6: Linked Lists Linked lists Insert Delete Lookup Doubly-linked lists.

Lecture 6: Linked Lists Linked lists Insert Delete Lookup Doubly-linked lists.
Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.

Introducing Hashing Chapter 21 Copyright ©2012 by Pearson Education, Inc. All rights reserved.
CS 255: Database System Principles slides: Variable length data and record By:- Arunesh Joshi( 107) Id:-006538558 Cs257_107_ch13_13.7.

CS 255: Database System Principles slides: Variable length data and record By:- Arunesh Joshi( 107) Id: Cs257_107_ch13_13.7.
Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.

Hippocratic Databases Paper by Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu CS 681 Presented by Xi Hua March 1st,Spring05.
Mapping Physical Formats to Logical Models to Extract Data and Metadata Tara Talbott IPAW ‘06.

Mapping Physical Formats to Logical Models to Extract Data and Metadata Tara Talbott IPAW ‘06.
Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team Presented by: Tom Connolly, Jason Lieberman Company: BizTech Session.

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team Presented by: Tom Connolly, Jason Lieberman Company: BizTech Session.

Similar presentations

Ads by Google