6/28/20151 bringing semantic security to semantic web services b. ramamurthy
Post on 21-Dec-2015
216 views
TRANSCRIPT
04/18/23 1
Bringing Semantic Security to Semantic
Web Services
B. Ramamurthy
04/18/23 2
Introduction Humans can read web pages and understand them,
but their inherent meaning is not shown in a way that allows their interpretation by a computer (program).
One way to enable machine-to-machine exchange and automated processing is to provide the information in such as way that computers can understand it.
This is precisely the objective of the semantic web. The next generation of the Web will combine
existing Web technologies with knowledge representation formalisms.
04/18/23 3
Semantic Web Services
Web Services
WWWSemantic
Web
SemanticWeb
Servicesdyna
mic
stat
ic
04/18/23 4
RDF, OWL, WSDL-S
RDF is a standard for creating descriptions of information. RDF is for simple semantics.
OWL provides a language for defining structured web-based ontologies which allows a richer integration and interoperability of data among communities and domains.
WSDL-S establishes a mapping between WSDL descriptions and ontological concepts.
04/18/23 5
WSDL-S Example
Semantics can be added to operations, messages, preconditions and efforts
xmlns:sm= http://dme.uma.pt/jcardoso/StudentMng.owl#
<interface name = “StudentmanagmentUMA”>
<operation name = “RegisterStudent” >
<action element = sm:RegisterStudent” />
..
<input messageLabel = “ID” element = “sm:studentID” />
<output messageLabel = “student” element = “sm:StudentInfo” />
..
</interface>
04/18/23 6
Authoring Tool for WSDL-S
To create, represent, and manipulate WSDL-S documents WSDL4J can be used.
WSDL4J provides Java APIs for WSDL parsing and generation.
WSDL4J supports extensibility elements providing an easy mechanism to add new extensions.
04/18/23 7
Web Services Security Background
Standards are proposed or accepted regarding authentication, encryption, and identity management.
RSA encryption, XML signatures , SAML – Security Assertion Markup Language
There are 5 fundamental areas to consider: Message level protection, Message privacy, parameter checking, authentication, and authorization.
This is application layer security (not network layer security).
04/18/23 8
Application of RSA
Lets say a person in Atlanta wants to send a message M to a person in Buffalo:
Atlanta encrypts message using Buffalo’s public key B E(M,B)
Only Buffalo can read it using it private key b: E(b, E(M,B)) M
In other words for any public/private key pair determined as previously shown, the encrypting function holds two properties: E(p, E(M,P)) M E(P, E(M,p)) M
04/18/23 9
How can you authenticate “sender”?
In real life you will use signatures: we will look at concept of digital signatures next.
Instead of sending just a simple message, Atlanta will send a signed message signed by Atlanta’s private key: E(B,E(M,a))
Buffalo will first decrypt using its private key and use Atlanta’s public key to decrypt the signed message: E(b, E(B,E(M,a)) E(M,a) E(A,E(M,a)) M
04/18/23 10
Digital Signatures
Strong digital signatures are essential requirements of a secure system. These are needed to verify that a document is:
Authentic : source Not forged : not fake Non-repudiable : The signer cannot credibly deny
that the document was signed by them.
04/18/23 11
Digest Functions
Are functions generated to serve a signatures. Also called secure hash functions.
It is message dependent. Only the Digest is encrypted using the private
key.
04/18/23 12
Alice’s bank account certificate
1. Certificate type: Account number2. Name: Alice3. Account: 62626264. Certifying authority: Bob’s Bank5. Signature: {Digest(field 2 + field 3)}KBpriv
04/18/23 13
Digital signatures with public keys
{h}Kpri
M
Signing
Verifying
E(Kpri , h)
128 bits
H(M) h
M
hH(doc)
D(Kpub ,{h}) {h}Kpri h'
h = h'?
M
signed doc
04/18/23 14
Message Privacy
Deals with confidentiality of messages. Message header has token and signature. Typically WS are chained together to form a
complex service. In this situation we need end-to-end encryption
schemes. Scheme such as SSL will not suffice. Solution: XML encryption allows for encryption of
any combination of the message body, header, attachments, and sub-structures.
04/18/23 15
XML Signature
Service requestor encrypts the message and the signature information in the header it may specify in the header that it used providers public key.
Private key of the provider is then used decrypt the XML request.
XML Encryption allows for multiple keys to be used for encrypting different sections thus allowing intermediaries to access parts of the message.
04/18/23 16
Message level Protection Message level protection has to with message
integrity. How do assure that the message has not been modified?
This is done by creating a message digest. Digest is a cryptographic checksum of an octet
stream which is created using an algorithm, say, SHA-1 algorithm.
Provider gets the message, its digest as signature and type of algorithm used to create the digest. It creates the digest and compares with the one from the sender and verifies the integrity of the messages.
04/18/23 17
Message validity
Message validity is ensuring that the contents of a message are appropriate to the service and that they are well formed.
You check the types used and operations used are valid.
SQL injection is a common malicious code. Typical identification method is to look for “;’ (semicolon) that allows for SQL commands to follow.
04/18/23 18
Authentication
Authentication is verifying that the requester is who he/she claims to be.
In a typically closed environment: user name / password
If the sender previously unknown: send credential to verify oneself.
Trusted authorities issues certificates that can be used as credential. (Verified by Verisign)
04/18/23 19
Authorization
In any organization, data located may have levels of sensitivity. Ex: grades and student personal information in a university: Infosource at UB.
Authorization is granting of rights which includes the granting of access based on access rights.
This typically takes place after authentication. Three most common access control
implementations: Access matrix Access Control List (ACL) Role Based Access Control (RBAC)
04/18/23 20
Access Matrix A general model of access control as exercised by a
file or database management system is that of an access matrix.
Basic elements of the model are: Subject: An entity capable of accessing objects. The
concept of subject equates that of a process. Object: Anything to which access is controlled. Ex: files,
programs, segments of memory. Access right: The way in which an object is accesses by
the subject. Examples: read, write, and execute.
04/18/23 21
Access Matrix (contd.)
userA
userB
userC
File 1 File 2File 3 File 4 Acct1 Acct2 Printer1
OwnR, W
Own
R, WOwn
R, W Own
R, W
R
R,W R
W R
InquiryCredit
Inquiry
Credit
InquiryDebit
InquiryDebit
P
04/18/23 22
Access Matrix Details
Row index corresponds to subjects and column index the objects.
Entries in the cell represent the access privileges/rights.
In practice, access matrix is quite sparse and is implemented as either access control lists (ACLs) or capability tickets.
04/18/23 23
ACLs
Access matrix can be decomposed by columns, yielding access control lists.
For each object access control list lists the users and their permitted access rights.
The access control list may also have a default or public entry to covers subjects that are not explicitly listed in the list.
Elements of the list may include individual as well group of users.
04/18/23 24
WS Security
Access Control Scheme name/password access token associated with each process object
indicating privileges associated with a user security descriptor
access control list used to compare with access control list for object
04/18/23 25
Access Token (per user/subject)
Security ID (SID)
Group SIDs
Privileges
Default Owner
Default ACL
04/18/23 26
Security Descriptor (per Object)
Flags
Owner
System Access Control List(SACL)
Discretionary Access ControlList (DACL)
04/18/23 27
Access Control List
ACL Header
ACE Header
Access Mask
SID
ACE Header
Access Mask
SID
.
.
.
04/18/23 28
Access Mask
Generic AllGeneric ExecuteGeneric WriteGeneric Read
Access System Security
Maximum allowed
DeleteRead Control
Write DACWrite OwnerSynchronizeGeneric
Access Types
StandardAccess Types
Specific Access Types
04/18/23 29
Access Control Using ACLs
When a process attempts to access an object, the object manager in security executive reads the SID and group SIDs from the access token and scans down the object’s DACL.
If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.
04/18/23 30
RBAC
In 2004 the National Institute of Standards and Technology (NIST) published a standard for defining the features of the Role Based Access Control (RBAC).
Two parts: (i) Reference model and (ii) System and Administrative functions.
Reference model: objects, operations, permissions, roles and users (in-band artifacts)
Administrative model: system functionality, administrative operations and reviews.
04/18/23 31
RBAC Details RBAC starts with Permission sets. Permission express a privilege to access a
resource. Examples of permission: “create a file”, “access
grades information” (ublearns) Next steps is defines Roles and assigning
permissions to Roles. Examples of roles: “Physician”, “Reviewer” Scenario driven approach is typically used to
connect roles to permissions. Upper level ontology in SWS should map Users,
Roles, Groups etc. to the ontology.