0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

Cryptography and Network Security
Unissons nos Talents T O G E T H E RT A L E N T E D 1 Web Services Security – Challenges & Trends Magan Pal Singh Technical Architect, Sopra Group
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Christopher Irish David Orr Sophya Kheim Adam Lange Daniel Palma
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Core Web Service Security Patterns
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Applied Cryptography for Network Security
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Chapter 8 Web Security.
Web services security I
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Ganesh Kirti Roger Sullivan Oracle Corporation “This presentation is for informational purposes only and may not be incorporated into a contract or agreement.”
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Chapter 21 Distributed System Security Copyright © 2008.
Web Services Standards. Introduction A web service is a type of component that is available on the web and can be incorporated in applications or used.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
Network Security Introduction Light stuff – examples with Alice, Bob and Trudy Serious stuff - Security attacks, mechanisms and services.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Secure Systems Research Group - FAU Patterns for Web Services Security Standards Presented by Keiko Hashizume.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
W3C Web Services Architecture Security Discussion Kick-Off Abbie Barbir, Ph.D. Nortel Networks.
Dr. Rebhi S. Baraka Advanced Topics in Information Technology (SICT 4310) Department of Computer Science Faculty of Information Technology.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Copyright © 2003 Jorgen Thelin / Cape Clear Software 1 A Web Services Security Framework Jorgen Thelin Chief Scientist Cape Clear Software Inc.
Web Security Introduction (Some of the slides were adapted from Oppliger’s online slides at
Network Security Introduction
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Web Services Security Standards Dr. Phillip M. Hallam-Baker C.Eng. FBCS VeriSign Inc.
Web Services Security Mike Shaw Architectural Engineer.
Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.
1 WS-Security Yosi Taguri Microsoft Israel
Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Security in SDR & cognitive radio
Presentation transcript:

0 Web Service Security JongSu Bae

1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents

2 1. Introduction  Web Service Security concept (1)To prevent unexpected external threat or risk (2)To secure Web services Provide Secure or trusted message communication mechanisms for Web Services Secure Messaging

3 1. Introduction  Web Service Security trend Gartner, Web Services Projects Remain a Priority, 2004/4 Gartner, Hype Cycle for Web Services, 2004/6

4 2. Web Service Security  Web Service Security Threat Message Alteration affect message integrity, whereby, an attacker may modify parts (or the whole) message Confidentiality unauthorized entities obtain access to information with in a message or message parts Man-in-the-middle attacker to compromise a SOAP intermediary and then intercepts messages between the web service requester and the ultimate receiver Spoofing attacker assumes the identity of a trusted entity in order to sabotage the security of the target entity Denial of Service focus on preventing legitimate users of a service from the ability to use the service Replay Attacks an intruder intercepts a message and then replays it back to a targeted agent

5  Web Service Security Requirement 2. Web Service Security Authentication Mechanisms verify the identities of the requester and provider agents Authorizationcontrol the requester access to appropriate system resources Data Integrity and Confidentiality Ensures that the data is only accessible by the intended parties Integrity of Transactions and Communications ensure that the business process was done properly and the flow of operations was executed in a correct manner End-to-End Integrity and Confidentiality of Messages integrity and confidentiality of messages must be ensured even in the presence of intermediaries Audit Trails play the role of an audit guard that can monitor; watch resources and other agents Distributed Enforcement of Security Policies define a security policy and enforce it across various platforms with varying privileges Non-Repudiationprovide evidence about the occurrence of transactions

6 2. Web Service Security  Web Service Security Standard OrganizationWorking GroupProtocol NameCurrent State W3C XML Encryption Working Group XML SignatureApproved XML Encryption Working Group XML EncryptionApproved XML Key Management Working Group XKMS 2.0Approved OASIS Security Services TC(Technical Committee) SAML 2.0Approved eXtensible Access Control Markup Language TC XACML 2.0Approved Web Services Security TCWS-Security 1.1Approved WS-I Basic Security Profile Working Group WS-I Basic Security Profile Draft

7 3. Web Service Security Mechanism  Web Service Security Methods Security methodTechnologiesDescriptions Transmission Level Security (Point-to-point) SSL/TLSsecure sockets layer, transport layer security XML Firewall/ Gateway Provide network level message validation Message Level Security (End-to-End) XML encryptionAdd ciphered text in SOAP Message XML signatureAdd signature in SOAP Message WS-SecurityEnhancing SOAP message to provide integrity and confidentiality by accommodate a wide variety of security models and encryption technologies like SAML, XML Encryption, etc. SAMLAllows business entities to make assertions XKMSXML Key Management XACMLDefines access control policy OthersWS-SecureConversation, WS-Federation, WS- Authorization, WS-Policy, WS-Trust, WS-Privacy

8 3. Web Service Security Mechanism  Message Level Security Original requester Ultimate receiver Intermediary All Message Decrypt All Message Encrypt Original requester Ultimate receiver Intermediary All Message Encrypt Message Encrypt All Message Decrypt Message Decrypt http, etc SOAP Security model  Transmission Level Security vs Message Level Security

9 3. Web Service Security Mechanism  Transmission Level Security Provides Point-to-point security mechanism Secures each communication entries O O O O O XML Firewall/Gateway  SSL/TLS Send or Receive message by secure communication session Works transmission and TCP/IP Layer Software based  XML Firewall/Gateway validate XML schema based incoming message Software & Hardware based O O O O O

10 3. Web Service Security Mechanism  Message Level Security  XML signature  XML Encryption Enveloping Signature Enveloped Signature Detached Signature Gil-dong,Hong …… s98asd32fl2kjJSD9 …… s98asd32fl2kjJSD9

11 4. Tool Support  Security Requirement and Standard XML Signatur e XML Encryption WS- Security XKMSSAMLXACML WS- Trust WS- Policy Confidentiality Integrity Authentication Authorization Nonrepudiation Key Management Trust Management Privacy Policies

12 4. Tool Support  Web Service Security support tool VendorWAS/Development ToolSupportetc BEAWebLogic Server 8.1 / WebLogic Workshop 8.1 Web Services Security(WS- Security) Version 1.0 (2002/4/5) IBMWebSphere Application Server 5.1 / WebSphere Studio Application Developer Web Services Security(WS- Security) Version 1.0 (2002/4/5) Web Services Security Addendum (2002/8/18) Web Services Security: SOAP Message Security Working Draft13 (2003/5/13) MSIIS6.0/ Microsoft Windows Server / Microsoft Visual Studio.NET Web Services Security(WS- Security) Version 1.0 (2002/4/5) Web Services Security Addendum (2002/8/18) WSE (Web Service Enhancement)

13 5. Q&A Thank you for listening

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.