Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Slides:



Advertisements
Similar presentations
NRL Security Architecture: A Web Services-Based Solution
Advertisements

Operating System Security
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
CTO Office Reliability & Security Distinctions and Interactions Hal Lockhart BEA Systems.
A Successful RHIO Implementation
Securing the Broker Pattern Patrick Morrison 12/08/2005.
OASIS Reference Model for Service Oriented Architecture 1.0
Security Controls – What Works
Chapter 21 Successfully Implementing The Information System
Latest techniques and Applications in Interprocess Communication and Coordination Xiaoou Zhang.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Trust, Privacy, and Security Moderator: Bharat Bhargava Purdue University.
1 Review Topics 1.Basic understanding of a business process 2.The relationship of a business process with a work flow 3.The different types aspects and.
Aligning Business Processes to SOA B. Ramamurthy 6/16/2015Page 1.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Data Security in Local Networks using Distributed Firewalls
Web services security I
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Špindlerův Mlýn, Czech Republic, SOFSEM Semantically-aided Data-aware Service Workflow Composition Ondrej Habala, Marek Paralič,
SEC835 Database and Web application security Information Security Architecture.
© Drexel University Software Engineering Research Group (SERG) 1 Based on the paper by Philippe Kruchten from Rational Software.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
“Assuring Reliable and Secure IT Services”. IT Redundancy: Its Value How much reliability to buy? Customer Service impacted as a result of 15 minutes.
CSCE 548 Secure Software Development Web Application Security.
1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Computer & Network Security
Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 ITU-T Security Standardization on Mobile Web Services Lee, Jae Seung Special Fellow,
Architecting Web Services Unit – II – PART - III.
CSC8320. Outline Content from the book Recent Work Future Work.
Cryptography, Authentication and Digital Signatures
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.
Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.
ACM 511 Introduction to Computer Networks. Computer Networks.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Creating and Managing Digital Certificates Chapter Eleven.
Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
Web Services Security Patterns Alex Mackman CM Group Ltd
Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.
VIEWS b.ppt-1 Managing Intelligent Decision Support Networks in Biosurveillance PHIN 2008, Session G1, August 27, 2008 Mohammad Hashemian, MS, Zaruhi.
A service Oriented Architecture & Web Service Technology.
Building Distributed Educational Applications using P2P
THE STEPS TO MANAGE THE GRID
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Component-Based Software Engineering: Technologies, Development Frameworks, and Quality Assurance Schemes X. Cai, M. R. Lyu, K.F. Wong, R. Ko.
NAAS 2.0 Features and Enhancements
Web Information Systems Engineering (WISE)
WS Standards – WS-* Specifications
Access Control What’s New?
Design.
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Computer Science and Engineering 1 Service-Oriented Architecture Security 2.

Reading 1.New: Security Fundamentals for Web Services, Microsoft patterns and practices, Computer Science and Engineering 2

3 SOA Security Components 1.Software-level (single service) security 2.Business-level (service composition) security 3.Network-level security

Computer Science and Engineering 4 Network-Level Security Authentication and identification Access Control middlewareMessaging middleware –Communication security –End point security Protocol assurance Security PatternsSecurity Patterns

Service-level Patterns Exception Shielding Message Validation Trusted Subsystem Service Perimeter Guard Computer Science and Engineering 5

Exception Shielding Computer Science and Engineering 6

Message Validator Computer Science and Engineering 7

8 Trusted Subsystem GoalGoal: prevent customers from circumventing a service and directly accessing the resources of the service ProblemProblem: –Customer may perform incorrect modifications –May lead to undesirable forms of implementation coupling SolutionSolution: service is designed to use own credentials for authentication with backend resources

Trusted Subsystem Computer Science and Engineering 9

10 Perimeter Guard GoalGoal: protect internal resources from users that remotely access internal computers ProblemProblem: –External attacker may gain access to services running within a private network, and thus to the resources within the private network SolutionSolution: establish an intermediate service at the perimeter of the private network as a secure contact point

Service Perimeter Guard Computer Science and Engineering 11

Service Interaction Patterns Data Confidentiality Data Origin Authentication Direct Authentication Brokered Authentication Computer Science and Engineering 12

Data Confidentiality Computer Science and Engineering 13 Symmetric keyPublic key

Data Origin Authentication Computer Science and Engineering 14 Symmetric keyPublic key

Direct Authentication Computer Science and Engineering 15

Single Sign-On Authentication of a user within multiple systems: use Digital Certificates and private keys Reduces security administration Services can pass requester’s identity to other services

Brokered Authentication Computer Science and Engineering 17

Brokered Alternatives Computer Science and Engineering 18 Security Token ServiceX.509 Digital Certificate

Computer Science and Engineering 19 Service-Composition Security Ongoing activitiesOngoing activities: –Business process execution across heterogeneous domains –Identity management –Trust management Upcoming research areasUpcoming research areas: –Web Services Composition –Web Service Transactions –Service-Level Dependencies

Computer Science and Engineering 20 Web Services Composition Create complex applications on the fly from individual services BPEL4WS, WSBPEL How to express security and reliability needs? How to verify that these needs are satisfied? How to resolve conflict between business needs and security requirements?

Computer Science and Engineering 21 Web Services Transactions Traditional database transaction managements vs. SOA application needs How can we evaluate correct execution? ACID properties? Serializability? WS transaction framework: –Atomic (short-term) transactions –Business activity (long-term) transac –Business activity (long-term) transactions What are the security implications of WS transactions?

Computer Science and Engineering 22 Service-Level Dependencies Old threats reappearing in new context: deadlocks, denial-of-service, network flooding, etc. How to detect and prevent the occurrence of these threats? In composition, independently developed services are dependent on each other No information about internal processing of the workflow components

MLS SOA MLS: control information flow –Permitted flow: from low level to high level Revisit read/write operations –Subject reads object: info flow from object to subject –Subject writes object: info flow from subject to object WS communication: message transfer (write operation) Computer Science and Engineering 23

MLS Messages Metadata: represent proper classification Communication from High to Low services: message must be de-classified How can we achieve it? –Manual classification –Automated classification – TRUST? Computer Science and Engineering 24

MLS Service Interactions Over multiple domains Input/output messages Service broker: –Discover services –Enforces flow control: up-classify/down-classify data Computer Science and Engineering 25

Metadata management Data classification –Confidentiality –Integrity –Data access policy {s, f, d, c} s service f in/out d data classification level c conditions Computer Science and Engineering 26

Computer Science and Engineering 27 New Approaches to Improve Security and Reliability Develop criteria to evaluate correctness of composite application execution –E.g., WS transactions: compensation-based transactions Increase reliability using redundant services Offer security as service Develop defense models using distributed and collaborative components –E.g., detect malicious behavior based on collaborative nodes, verify execution correctness by comparing outcome of different services, deploy intelligent software decoy, etc.

Computer Science and Engineering 28 Conclusion and Future Work All aspects of SOA security must be addressed Standards are not enough to provide security! New security concepts applicable to SOA environment must be developed Security must be incorporated during the system development process collaboration SOA developers, business experts, and security professionalsRequires collaboration among SOA developers, business experts, and security professionals

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.