computer science and engineering 1 service-oriented architecture security 2
TRANSCRIPT
Computer Science and Engineering 1
Service-Oriented ArchitectureSecurity 2.Security 2.
ReadingReading
1. New: Security Fundamentals for Web Services, Microsoft patterns and practices, http://msdn.microsoft.com/en-us/library/ff648318.aspx
Computer Science and Engineering 2
Computer Science and Engineering 3
SOA Security ComponentsSOA Security Components
1. Software-level (single service) security
2. Business-level (service composition) security
3. Network-level security
Computer Science and Engineering 4
Network-Level SecurityNetwork-Level Security
• Authentication and identification • Access Control• Messaging middlewaremiddleware
– Communication security– End point security
• Protocol assurance• Security PatternsSecurity Patterns
Service-level PatternsService-level Patterns
• Exception Shielding• Message Validation• Trusted Subsystem• Service Perimeter Guard
Computer Science and Engineering 5
Exception ShieldingException Shielding
Computer Science and Engineering 6
Message ValidatorMessage Validator
Computer Science and Engineering 7
Computer Science and Engineering 8
Trusted SubsystemTrusted Subsystem
• GoalGoal: prevent customers from circumventing a service and directly accessing the resources of the service
• ProblemProblem: – Customer may perform incorrect modifications– May lead to undesirable forms of implementation
coupling• SolutionSolution: service is designed to use own credentials for
authentication with backend resources
Trusted SubsystemTrusted Subsystem
Computer Science and Engineering 9
Computer Science and Engineering 10
Perimeter GuardPerimeter Guard
• GoalGoal: protect internal resources from users that remotely access internal computers
• ProblemProblem: – External attacker may gain access to services running
within a private network, and thus to the resources within the private network
• SolutionSolution: establish an intermediate service at the perimeter of the private network as a secure contact point
Service Perimeter GuardService Perimeter Guard
Computer Science and Engineering 11
Service Interaction PatternsService Interaction Patterns
• Data Confidentiality• Data Origin Authentication• Direct Authentication• Brokered Authentication
Computer Science and Engineering 12
Data ConfidentialityData Confidentiality
Computer Science and Engineering 13
Symmetric key Public key
Data Origin AuthenticationData Origin Authentication
Computer Science and Engineering 14
Symmetric key Public key
Direct AuthenticationDirect Authentication
Computer Science and Engineering 15
Single Sign-On
• Authentication of a user within multiple systems: use Digital Certificates and private keys
• Reduces security administration• Services can pass requester’s identity to other services
Brokered AuthenticationBrokered Authentication
Computer Science and Engineering 17
Brokered AlternativesBrokered Alternatives
Computer Science and Engineering 18
Security Token Service X.509 Digital Certificate
Computer Science and Engineering 19
Service-Composition Service-Composition SecuritySecurity
• Ongoing activitiesOngoing activities:– Business process execution across heterogeneous
domains– Identity management– Trust management
• Upcoming research areasUpcoming research areas:– Web Services Composition– Web Service Transactions– Service-Level Dependencies
Computer Science and Engineering 20
Web Services CompositionWeb Services Composition
• Create complex applications on the fly from individual services
• BPEL4WS, WSBPEL• How to express security and reliability needs?• How to verify that these needs are satisfied?• How to resolve conflict between business needs and
security requirements?
Computer Science and Engineering 21
Web Services TransactionsWeb Services Transactions
• Traditional database transaction managements vs. SOA application needs
• How can we evaluate correct execution? ACID properties? Serializability?
• WS transaction framework:– Atomic (short-term) transactions– Business activity (long-term) transacBusiness activity (long-term) transactions
• What are the security implications of WS transactions?
Computer Science and Engineering 22
Service-Level DependenciesService-Level Dependencies
• Old threats reappearing in new context: deadlocks, denial-of-service, network flooding, etc.
• How to detect and prevent the occurrence of these threats?
• In composition, independently developed services are dependent on each other
• No information about internal processing of the workflow components
MLS SOAMLS SOA
• MLS: control information flow– Permitted flow: from low level to high level
• Revisit read/write operations– Subject reads object: info flow from object to subject– Subject writes object: info flow from subject to
object• WS communication: message transfer (write operation)
Computer Science and Engineering 23
MLS MessagesMLS Messages
• Metadata: represent proper classification• Communication from High to Low services: message
must be de-classified• How can we achieve it?
– Manual classification– Automated classification – TRUST?
Computer Science and Engineering 24
MLS Service InteractionsMLS Service Interactions
• Over multiple domains• Input/output messages• Service broker:
– Discover services– Enforces flow control: up-classify/down-classify
data
Computer Science and Engineering 25
Metadata managementMetadata management
• Data classification– Confidentiality– Integrity– Data access policy {s, f, d, c}
• s service
• f in/out
• d data classification level
• c conditions
Computer Science and Engineering 26
Computer Science and Engineering 27
New Approaches to Improve New Approaches to Improve Security and ReliabilitySecurity and Reliability
• Develop criteria to evaluate correctness of composite application execution– E.g., WS transactions: compensation-based transactions
• Increase reliability using redundant services• Offer security as service• Develop defense models using distributed and
collaborative components– E.g., detect malicious behavior based on collaborative nodes,
verify execution correctness by comparing outcome of different services, deploy intelligent software decoy, etc.
Computer Science and Engineering 28
Conclusion and Future WorkConclusion and Future Work
• All aspects of SOA security must be addressed• Standards are not enough to provide security!• New security concepts applicable to SOA environment
must be developed• Security must be incorporated during the system
development process• Requires collaborationcollaboration among SOA developers, SOA developers,
business experts, and security professionalsbusiness experts, and security professionals