CS 4720 Security CS 4720 – Web & Mobile Systems
CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys out” 2
CS 4720 Distributed System Security 3 “Islands of Security”
CS 4720 A Paradigm Shift without a Clutch These models were just fine when corporations had their own networks If you needed in, you used a VPN Now the open Internet is used as the main network How does this change the security model? Consider this: how do you access a web service? 4
CS 4720 A Paradigm Shift without a Clutch 5 Firewall security happens at the network layer But now we need access on a per-application basis How can we achieve that?
CS 4720 A Paradigm Shift without a Clutch 6 Web services are designed to penetrate firewalls, since they use port 80 Application-level security is needed to examine: –Who is making a request –What info is being accessed –What services is being addressed IP based security is still needed though!
CS 4720 Application Security 101 What are some basic things you do to protect your system at the application level? Catch exceptions and don’t show detailed error messages Hide interfaces “Don’t trust your users” Encryption 7
CS 4720 Application Security Well… shoot. Web services: –Have publically announced interfaces! –Must return detailed exceptions to debug systems! –At some level, must trust users! We need security that is basically XML-aware
CS 4720 System Security 9 Human: social engineering attacks Physical: “steal the server itself” Network: treat your server like a 2 year old Operating System: the war continues Application: just discussed Database: protecting the data
CS 4720 XML-Aware Security Must be able to inspect content of network traffic Must be able to make authorization decisions Must be able to make authentication decisions Must be able to verify XML as valid for this transaction Must also deal with confidentiality and privacy concerns (encryption, message integrity, audit) 10
CS 4720 Web Service Security Concerns Unauthorized Access: people view info that they shouldn’t from a message Unauthorized Alteration: an attacker modifies part of a message Man-in-the-Middle: an attacker sits in-between two parties and views messages (or alters them) as they pass by Denial-of-Service: flood the service with so many messages that it can’t keep up 11
CS 4720 Network Level Security Let’s start with the basic stuff Firewalls –IP Packet Filtering Static Filtering: follow the rules and toss whatever you see Stateful Filtering: allow for dynamically changed rules as requests go out from inside the firewall –Packet filtering only works on IP address… not on the people using the IP address –Further, no idea what the payload is 12
CS 4720 Network to Application Application-specific proxy servers –A connection comes in to the proxy –It verifies the user and payload –Then creates a connection to the application server Disadvantages? 13
CS 4720 Encryption Without going too deep into this… There are three basic “types” of encryption methodologies that we use on the Internet: –Symmetric –Asymmetric –Digital Signature / Certificate Encryption can address: authentication, confidentiality, and integrity of a message 14
CS 4720 Application Level Security Refers to security safeguards built into a particular application and operate independently from the network level security Authentication Authorization Integrity / Confidentiality Non-repudiation / Auditing 15
CS 4720 Authentication Verifying that the requester is the requester… … and that the service is the service This requires a mechanism of “proof of identity” What are some ways accomplish this? Username / password Signed Certificates Kerberos 16
CS 4720 Kerberos A third party system for authentication and encryption What was Kerberos? 17
CS 4720 A little closer to home Netbadge (or more accurately, PubCookie) kie.org/docs/how- pubcookie- works.htmlhttp:// kie.org/docs/how- pubcookie- works.html 18
CS 4720 Authorization Now that we know who you are, what are you allowed to do? Permissions Role-based security How does this work in a database system? How about an operating system? 19
CS 4720 Integrity / Confidentiality What happens if a message is: –Captured and reused? –Captured and modified? –Monitored as is passes by in a passive manner? How do we verify a message hasn’t been tampered with? –Digital signature How do we verify it hasn’t been viewed? –Encryption 20
CS 4720 Non-repudiation / Auditing When we’re charging to use a web service, how do we prove you used the service so we can charge you? How do we track your activities? Digitally signed logs, effectively Also saves the certificate used to perform the transaction (like a signature on a receipt) 21
CS 4720 XML Trust Services XML Signatures XML Encryption XML Key Management and Single Sign-On Basically the same stuff we just talked about, but now in glorious XML! 22
CS 4720 Let’s build a secure system! Get with your team You have been tasked by Hortfield Incorporated to build a secure web service system that, for a price, will return to you the answers for the next test in a given class Users, of course, have to pay for this service And it has to be totally secure to keep the honor council away What do you do? 23
CS 4720 So… seriously, what should we do? When you are asked to build a secure web system, start with the six layers of security –Database –OS –Network –Application –Physical –Human And then go one by one… 24
CS 4720 In case of a corporate environment… You might think that if you’re a new programmer in a corporate environment, a lot of this is not going to be decided by you You’re going to be following a predetermined system spec However, some of you won’t be programmers Many of you will be system architects and system designers and the programmers will be asking YOU what to do! 25
CS 4720 From Before We talked about a need for: –Authentication –Authorization –Integrity / Confidentiality –Non-repudiation / Auditing How do we achieve these with web services? 26
CS 4720 What did this cover? Authentication: –Certificate authority can vouch for sender –Username and Password are part of WS-Security –Public/Private key pair Integrity/Confidentiality: –Signatures –Encryption –All the good stuff 27
CS 4720 Authorization? Doesn’t take place at this “transfer” level More with user groups in the application Database users File system permissions Have a good role-based security policy –People only have access to just enough info and nothing more –Nothing runs as root –Privileges are given out in a very specific fashion 28
CS 4720 Non-repudiation? Either done through text logs or a DB table with transactions –Probably a DB table would be better Record the signature and important activities that the user performed 29
CS 4720 Ugh, I have to figure all this out? If you are building your own service based on JSON/XML and you want to secure it… yup But if you’re doing SOAP, there’s an agreed- upon standard WS-Security –Provides rules for how to handle all security for SOAP web services –Provides schema for the XML to make all this work 30