Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity.

Similar presentations


Presentation on theme: "Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity."— Presentation transcript:

1 Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity

2 Reading Reading: T. Earl, SOA Principles, http://www.soaprinciples.com/http://www.soaprinciples.com/ For next classes: D. Akhawe, A. Barth, P. Lam, J.C. Mitchell and D. Song, Towards a formal foundation of Web security, Proc. IEEE Symposium on Computer Security Foundations, July 2010. Towards a formal foundation of Web security, Interesting read: Layer7 Technologies, XML Firewall, http://www.layer7tech.com/index.php?q=products/xml- firewall&gclid=CKrGtIv9krMCFRKpnQodGUQACg http://www.layer7tech.com/index.php?q=products/xml- firewall&gclid=CKrGtIv9krMCFRKpnQodGUQACg Microsoft, Web Service Security Patterns - Community Technical Preview, http://msdn.microsoft.com/en-us/library/ff648183.aspx http://msdn.microsoft.com/en-us/library/ff648183.aspx Computer Science and Engineering 2

3 Additional Reading (not required) Software Security: Building Security In by Gary McGraw, Publisher: Addison- Wesley Professional, February 2, 2006, ISBN-10: 0321356705 ISBN-13: 978- 0321356703 24 Deadly Sins of Software Security by Michael Howard, David LeBlanc, John Viega, Publisher: McGraw-Hill Osborne Media, 1 edition (September 3, 2009), ISBN-10: 0071626751, ISBN-13: 978-0071626750 Hacking the Code: ASP.NET Web Application Security, M. Burnett and J.C. Foster, Syngress; 1 edition (May 2004), ISBN-10: 1932266658, ISBN-13: 978-1932266658 Cryptography and Network Security: Principles and Practice, W. Stallings, Prentice Hall; 5 edition (January 24, 2010), ISBN-10: 0136097049, ISBN-13: 978-0136097044 Computer Science and Engineering 3

4 4 SOA Security Concerns

5 SOA Background Four SOA Type –Service, service composition, service inventory, SOA enterprise Four SOA Characteristics –Business-driven, vendor neutral, enterprise-centric, composition-centric Eight service orientation principles –Standardized service contract, service loose coupling, service abstraction, service reusability, service autonomy, service stateleness, service discoverability, service composability Computer Science and Engineering 5

6 WHAT ARE THE SECURITY CONCERNS REGARDING THE SOA CONCEPTS? Computer Science and Engineering 6

7 Attack Models Known attacks –Representation of misuse (false positives and false negatives) Normal usage –Representation of normal usage –Detecting anomalies Attacker’s model –What are the capabilities of the attacker? 1.Carry out steps for known attacks 2.Carry out steps for anomalous usage Automated tools to detect 1 and/or 2 Computer Science and Engineering 7

8 Design Principles Solutions for well known problems Represent recommended activities – Hard to model! attack  detect  eliminate  harden  knowledge prevent Security design patterns for SOA Computer Science and Engineering 8

9 9 SOA Security Patterns Application-level Data confidentiality Data Origin Authentication Direct Authentication Brokered Authentication Network-level Exception Shielding Message Screening Trusted subsystem Service Perimeter Guard

10 Computer Science and Engineering 10 Exception Shielding GoalGoal: prevent the disclosure of information about the service’s internal implementation via exception data ProblemProblem: –Exception data released by a service may contain internal implementation details –Malicious users may exploit this data to compromise the service and its environment SolutionSolution: replace unsafe data with data that is safe by design

11 Computer Science and Engineering 11 Redemptions – SDLC Handle exceptions in application code Do not group exceptions Check return values when appropriate Time to target problem: –Design –Code review –Testing

12 Computer Science and Engineering 12 Redemption – SOA pattern sanitizedUnsafe data is “sanitized” Routines added to the service logicRoutines added to the service logic to perform the sanitization Need: pre-defined exception details that are “safe by design” During: –Design time –Run time

13 Computer Science and Engineering 13 Sanitization Process Customer Server Customer submits a request message Server: attempts to process The request and throws an Exception Exception Shielding Routines: Evaluates exception data and Replaces it if unsafe Server returns safe exception message

14 Computer Science and Engineering 14 Exception Shielding A form of utility logic Supported by: Service Agent, Utility Abstraction, and Service perimeter Guard ImpactImpact: –Extra processing cost –Targets dangerous vulnerability –Incorrect application (e.g., only some of the exceptions are addressed) may lead to a false sense of security

15 Computer Science and Engineering 15 Message Screening GoalGoal: protect a service from malformed or malicious input ProblemProblem: –Malicious user may violate service security or take over the control of the service and its environment SolutionSolution: assume all input data is harmful and screen before using it

16 Computer Science and Engineering 16 Impact AvailabilityAvailability: malicious input may –Crash the program –Exhaust resources (e.g., memory, CPU) ConfidentialityConfidentiality: attacker may be able to access confidential resources IntegrityIntegrity: attacker may –Modify data –Alter control flow –Execute arbitrary commands

17 Computer Science and Engineering 17 Redemption – SDLC Always validate dataAlways validate data Stop using unsafe commands, e.g., strcpy, strncat, etc. Understand casting and operators white listUse “white list” Static analysis tool Manual analysis – design level

18 Computer Science and Engineering 18 Redemption – SOA Pattern Assume all input data is harmful until proven otherwise Use specialized threat screening routines Routines invoked when input data is received by any service capability Standard screening tasks: –Compare the size of the input against the allowable size –Parse the entire input for malicious content

19 Computer Science and Engineering 19 Other Considerations about Screening Routines decryptionScreening requires the decryption of encrypted traffic handle all types of attachmentsMust be able to handle all types of attachments to evaluate malicious content efficientMust be very efficient – not a bottleneck separate utility serviceRelated to Utility Abstraction and Service Agent  isolate message screening routine into a separate utility service Vulnerabilities of XML messages (data types, data content, limited XML parser support)

20 Computer Science and Engineering 20 Network-Level Security Authentication and identification Access Control middlewareMessaging middleware –Communication security –End point security Protocol assurance Security PatternsSecurity Patterns –Trusted subsystem –Service Perimeter Guard

21 Computer Science and Engineering 21 Trusted Subsystem GoalGoal: prevent customers from circumventing a service and directly accessing the resources of the service ProblemProblem: –Customer may perform incorrect modifications –May lead to undesirable forms of implementation coupling SolutionSolution: service is designed to use own credentials for authentication with backend resources

22 Computer Science and Engineering 22 Impact Compromised serviceCompromised service may allow access to unauthorized users Protocol for accessing remote resourcesProtocol for accessing remote resources 1.Authenticate and authorize the message 2.Send a request to the remote resource, accompanied with the services’ own credentials 3.Issue the appropriate issue to the customer

23 Computer Science and Engineering 23 Implementation Variants Service accounts within the trusted subsystem Local accounts are used on each host Use digital certificate (e.g., X509 PKI) for authentication in the trusted subsystem Use IPSec to provide secure communications.

24 Computer Science and Engineering 24 Service Perimeter Guard GoalGoal: protect internal resources from users that remotely access internal computers ProblemProblem: –External attacker may gain access to services running within a private network, and thus to the resources within the private network SolutionSolution: establish an intermediate service at the perimeter of the private network as a secure contact point

25 Demilitarized Zone (DMZ) Perimeter Service: –Operates at application layer –Work in conjunction with existing firewall technologies –Hide internal service details External customerExternal customer: corresponds with the perimeter service’s external contracts Internal serviceInternal service: response is relayed to the customer by the perimeter service

26 Impact Extra cost ofExtra cost of –Processing overhead –Complexity Single point of failureSingle point of failure EffectsPerimeter service represents a point of isolation. Effects: direct authentication, brokered authentication, and message screening

27 Computer Science and Engineering 27 Ongoing projects Business process execution across heterogeneous domains Identity management Trust management Upcoming research areasUpcoming research areas: –Web Services Composition –Web Service Transactions –Service-Level Dependencies

28 Problems for SOA security design Computer Science and Engineering 28


Download ppt "Computer Science and Engineering 1 Service-Oriented ArchitectureSecurity."

Similar presentations


Ads by Google