XML%20Security%20Processing%20With%20VTD-XML

1
XML Security Processing With VTD-XML

• Jimmy Zhang
• XimpleWare
• Feb-18, 1005am

2
XML Security The definition

• XML Security refers to the set of practices to
  ensure the security and authenticity of XML/SOAP
  payload.
• Is mostly XML message processing
• Some common keywords of, or related to, XML
  security
• XML encryption
• XML signature
• SAML
• Single sign on
• Essential to the success of Web Services.

3
Challenges of XML security processing

• Existing techniques are based on DOM or SAX
• Slow DOM doesnt give more than 35 MB/sec
• Difficult to use SAX doesnt build trees in
  memory, unsuitable for SOAP header processing
• But there is more. Consider the following
• No incremental update with either DOM or SAX
• Repetitive parsing for every message stop

4
The Problem Statement

• The biggest problem of current XML processing
  concerns how an XML message is tokenized.
• For historical reasons, a token is a string
  terminated with a NULL.
• Tokenize XML this way creates lots of string
  objects
• Object creation is the biggest performance killer
• No way to support incremental update

5
The Solution Virtual Token Descriptor

• Alternative tokenization technique exists, i.e.,
  using offset and length. Object creation cost
  also can be minimized by using fixed length
  integers
• Virtual Token Descriptor (VTD) is a binary format
  specifying how to tokenized non-extractively.
• VTD records are 64-bit integers that encode the
  starting offset, length, token type and nesting
  depth of tokens in XML

6
Benefits of VTD

• Potentially very high performance
• By reducing per-object memory/processing overhead
• Custom ASIC implementation
• Memory Resident Random access possible
• Incremental Update
• Efficient content extraction
• Inherent persistent Avoid repetitive parsing

7
Introducing VTD-XML

• VTD-XML is the open source (GPL) XML processing
  API built on the concept of VTD.
• Current version 0.8 Hosted at http//vtd-xml.sf.ne
  t
• Have all the benefits of VTD
• Implementation available in both Java and C,
  delivering 2535MB/sec sustained parsing
  performance on a 1.5GHz processor.
• Ideally suited for XML security application

8
VTD-XMLs User Experience

• Highest performance parsing available in software
• Random access capable meaning user-friendliness
• The most efficient when one wants to add, delete
  or update XML payload
• The most efficient to extract content from XML
  payload
• VTD, a natural index of XML, can be sent along
  with XML itself to avoid repetitive parsing.
• ASIC implementation delivers 2Gb/Sec performance.

9
Case Study 1 Change a single token value

• Before

• After

10
Case Study 2 Inserting SAML into XML Payload
3
2
1
4
11
Summary

• VTD-XML is the next generation XML processing API
  that fundamentally solves multiple problems of
  XML security processing.