A GENERIC ARCHITECTURE FOR WEB APPLICATIONS TO SUPPORT THREAT ANALYSIS OF INFRASTRUCTURAL COMPONENTS



Similar documents
THREAT MODELLING FOR WEB SERVICES BASED WEB APPLICATIONS

THREAT MODELLING FOR ACTIVE DIRECTORY

THREAT MODELLING FOR SECURITY TOKENS IN WEB APPLICATIONS

What Is the Java TM 2 Platform, Enterprise Edition?

SharePoint 2013 Logical Architecture

Detailed Table of Contents

Web Pages. Static Web Pages SHTML

THREAT MODELLING FOR SQL SERVERS Designing a Secure Database in a Web Application

Web Cloud Architecture

Securely Managing and Exposing Web Services & Applications

4 Understanding. Web Applications IN THIS CHAPTER. 4.1 Understand Web page development. 4.2 Understand Microsoft ASP.NET Web application development

WebLogic Server 7.0 Single Sign-On: An Overview

2012 LABVANTAGE Solutions, Inc. All Rights Reserved.

HPC Portal Development Platform with E-Business and HPC Portlets

Secure web transactions system

VIRGINIA DEPARTMENT OF MOTOR VEHICLES SECURITY ARCHITECTURE POLICY. 03/27/09 Version

How To Protect A Web Application From Attack From A Trusted Environment

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

CHAPTER - 3 WEB APPLICATION AND SECURITY

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

HPC PORTAL DEVELOPMENT PLATFORM

StreamServe Persuasion SP5 StreamStudio

Module 12: Microsoft Windows 2000 Clustering. Contents Overview 1 Clustering Business Scenarios 2 Testing Tools 4 Lab Scenario 6 Review 8

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Client-Server Architecture & J2EE Platform Technologies Overview Ahmed K. Ezzat

How To Protect Your Computer From Being Hacked On A J2Ee Application (J2Ee) On A Pc Or Macbook Or Macintosh (Jvee) On An Ipo (J 2Ee) (Jpe) On Pc Or

Client/server is a network architecture that divides functions into client and server

XIA Configuration Server

SSL VPN Technology White Paper

A Generic Database Web Service

Service Oriented Architectures

Base One's Rich Client Architecture

Exploring ADSS Server Signing Services

Smartphone Enterprise Application Integration

BusinessObjects Enterprise XI Release 2 Administrator s Guide

Web Application Development

How to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer

Internet Engineering: Web Application Architecture. Ali Kamandi Sharif University of Technology Fall 2007

Architecture Design For Web-based Application Systems. Instructor: Dr. Jerry Gao Class: CMPE296U

zen Platform technical white paper

MCTS Self-Paced Training Kit (Exam ): Configuring Windows Server 2008 Application Platform

Lync SHIELD Product Suite

A Flexible Services Architecture Based Translator Web Services

ASP.NET: THE NEW PARADIGM FOR WEB APPLICATION DEVELOPMENT

Run-time Service Oriented Architecture (SOA) V 0.1

Microsoft Solutions for Security and Compliance Microsoft Identity and Access Management Series

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

SaaS-Based Employee Benefits Enrollment System

Novacura Flow 5. Technical Overview Version 5.6

Interwise Connect. Working with Reverse Proxy Version 7.x

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform

MEGA Web Application Architecture Overview MEGA 2009 SP4

JVA-122. Secure Java Web Development

AlphaTrust PRONTO Enterprise Platform Product Overview

Single Sign-on (SSO) technologies for the Domino Web Server

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

JEE Web Applications Jeff Zhuk

Building Web Services with Apache Axis2

Stock Trader System. Architecture Description

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

Federated Identity and Single Sign-On using CA API Gateway

Sophos Mobile Control Technical guide

Web services can convert your existing applications into web applications.

Xerox SMart esolutions. Security White Paper

TIBCO Spotfire Platform IT Brief

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

The Comparison of J2EE and.net for e-business

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

White Paper: OSGi-based E-Health / Assisted Living

ITDUMPS QUESTION & ANSWER. Accurate study guides, High passing rate! IT dumps provides update free of charge in one year!

Geac Expense Management: An Architectural Overview

The Sitecore Solution for Web Content Management

Installation and Configuration Guide

Middleware- Driven Mobile Applications

SOA, case Google. Faculty of technology management Information Technology Service Oriented Communications CT30A8901.

Ameritas Single Sign-On (SSO) and Enterprise SAML Standard. Architectural Implementation, Patterns and Usage Guidelines

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

3-Tier Architecture. 3-Tier Architecture. Prepared By. Channu Kambalyal. Page 1 of 19

KonyOne Server Prerequisites _ MS SQL Server

ACM Crossroads Student Magazine The ACM's First Electronic Publication

Efficiency of Web Based SAX XML Distributed Processing

IT Architecture Review. ISACA Conference Fall 2003

OIOSAML Rich Client to Browser Scenario Version 1.0

Apigee Gateway Specifications

Introduction to SAML

Transcription:

A GENERIC ARCHITECTURE FOR WEB APPLICATIONS TO SUPPORT THREAT ANALYSIS OF INFRASTRUCTURAL COMPONENTS Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen DistriNet Research Group, Katholieke Universiteit Leuven, Celestijnenlaan 200A, 3001 Leuven, Belgium Abstract: Key words: In order to perform a useful threat analysis of a web application platform, some architectural assumptions about such applications must be made. This document describes a generic architecture for typical 3-tier web applications. It serves as the basis for analyzing the threats in the most important infrastructural components in that architecture, presented in the following papers. web applications architectural overview 3-tier model 1. MOTIVATION Web applications are an interesting target for security attacks on the Internet. They are easily accessible through the HTTP-protocol, and often company-critical assets are part of the web application infrastructure. Also, although web applications infrastructures are fairly complex, basic technology for building web applications is easily accessible. Hence, web applications are often designed and built by developers with little or no distributed system security background. Therefore, useable guidelines for building secure web applications are highly useful. This document describes a generic architecture of modern web applications, as commonly used in practice by Independent Software Vendors. Hereby, the most commonly used components within the

2 Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen infrastructure and their interactions are presented. The goal of this document is to define a common architectural view for web applications, which can be used to conduct a thorough threat analysis for each of the infrastructural components. Such an analysis will be presented in the following papers ([6. 7,8.9,10]), and will serve as the basis for a set of guidelines to support Independent Software Vendors in building secure web applications. 2. WEB APPLICATIONS In the early days of the World Wide Web, web s offered static content to end users, visiting the website with a browser. But today, static web s are more and more replaced by web applications: dynamic websites that use the browser as a user interface to a -resident application. Typical examples of such web applications are e-commerce sites, or front-ends to business processes, databases or existing legacy systems. A variety of technologies for building web applications exists today. Older technologies such as CGI (common gateway interface) provided a simple standardized interface between a web and an existing application. The application was started on the web for every dynamic request in order to process the request, introducing a big startup and shutdown overhead. In newer technologies such as Java Servlets, JSP and ASP.NET, dynamic requests are handled by components that can be plugged into the web. The real processing work can be delegated to a separate application, leading to better performance and manageability. Moreover, the application can offer support for non-functional requirements of the application such as transactional behavior, synchronization, access control and so forth. Because of these advantages and the widespread adoption of application s in building complex web applications, only this last technology is considered in this document. Web applications are distributed applications [11], using the HTTP transport protocol. The system architecture is a client- model. Both the client (e.g. a rich client) and the can take part in the processing of information, known as client side and side processing. In this paper, we distinguish between web applications and web services. Web services expose functionality through an XML-based messaging protocol (most often the SOAP protocol [13]), and are very often run on top of HTTP. Whereas web applications are intended to be used by end-users through a standard browser, web services are intended to support machine-

A generic architecture for web applications to support threat analysis of infrastructural components 3 to-machine communication over the Internet. Web services can be an important infrastructural component for building web applications. 3. ARCHITECTURAL OVERVIEW Our generic web application architecture consists of a client at the enduser side, and a 3-tier processing side (presentation tier, business tier and back-office tier) as shown in figure 1. Firewalls are placed between every two tiers to enable network perimeter security. Often, this architecture is simplified by omitting FW3 and/or FW2, and by implementing two or more tiers on the same machine. Also, in some deployments the authentication is directly connected to the web. company network authentication & directory client FW1 web FW2 application FW 3 database smartcard reader mainframe, application,... client tier presentation tier business tier back-office tier Figure 1. Architectural overview 3.1 Client tier: Basically, the client tier consists of a recent web browser, possibly extended with client-side application components downloaded from the web (such as Java Applets or.net assemblies). In the latter case, the client is referred to as a rich client within this document. The client tier interacts with the web through simple HTML over HTTP, or, in case of a rich client, the client can act as a web service entity and use SOAP over HTTP interactions with the web. Furthermore, the client can be equipped with a smartcard reader to interface with a smartcard or other security token. Such tokens can be used among others for authenticating the user and protecting the requests.

4 Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen 3.2 Presentation tier: The presentation tier is responsible for formatting the processed information before returning it to the client, and for handling client requests by performing input validation and delegating them to the appropriate units within the business tier. Usually, the processed information is formatted using the markup languages HTML (in case of a client browser) or XML (in case of a rich client). Infrastructural components within the presentation tier are typically the web, whether or not accompanied by a web connector of the application. 3.3 Business tier: The business tier contains the application. The application implements the actual business logic. In order to achieve its functionality, several services can be provided to the application from the backoffice tier. The web from the presentation tier can interact with the application by using remote procedure calls, web services or a proprietary application protocol. 3.4 Back-office tier: The back-office tier provides some basic services to the business tier, such as a database system and an authentication and directory service. The SQL query language is mostly used in requests towards the database system, and both LDAP [14] and X.509 [15] in communication with the directory service. The communication protocol for the authentication service depends on the authentication system used (e.g. Kerberos [12]). The back-office tier can also contain back-end systems including mainframes, wrapped legacy applications and interfaces to remote application s. The presented architecture does not include some of the more advanced features of web applications, such as the dynamic discovery of services, business integration and associated trust relationships. These features are out of scope for this document, as this is typically not an Independent Software Vendor task.

A generic architecture for web applications to support threat analysis of infrastructural components 5 4. A SIMPLE EXAMPLE In this section, the presented architecture for web applications is mapped to actual technologies on Microsoft platforms. Each entity is assumed to be equipped with a recent version of Windows (for instance Windows XP on the client, and Windows Server 2003 on the s). An architectural overview is illustrated in figure 2. company network Active Directory IExplorer.NET Framework FW1 IIS ASP.NET FW2 IIS ASP.NET COM+ FW 3 SQL smartcard reader ASP.NET Figure 2. Architectural overview instantiated with Microsoft technologies The client system has a recent version Internet Explorer and the.net framework. The client interacts with the web using simple HTML over HTTP or SOAP over HTTP. In the latter case, the client downloads and executes.net assemblies within the browser. The client can use a smart card reader for authentication and encryption purposes. The presentation tier hosts a web running IIS and ASP.NET. The web interacts with an application in the business tier, using web services. The application runs IIS, ASP.NET, COM+, A directory, a database and a remote application are located within the back-office tier. The directory in a Microsoft environment is typically Active Directory. The business tier uses SQL to interact with the database, running SQL Server. Connection to a remote application or wrapped legacy application is done via SOAP. 5. ACKNOWLEDGEMENTS This document is a result of the Designing Secure Applications (DeSecA) project, funded by Microsoft. Partners within this project are the Università Degli Studi Di Milano [1], the Technical University of Ilmenau [2], the University of Salford [3], and the COSIC [4] and DistriNet [5] research groups of the Katholieke Universiteit Leuven. Each of these partners performed a threat analysis on one particular infrastructural component or

6 Lieven Desmet, Bart Jacobs, Frank Piessens, and Wouter Joosen technology within the presented web architecture, focusing of course on the technologies provided by Microsoft. The results of these studies are reported in the following papers, respectively for SQL [6], ASP.NET [7], Active Directory [8], security tokens [9] and web services [10]. 6. REFERENCES 1. Departemento di Informatica e Comunicazione, Univesità degli studi di Milano, Italy; url: http://www.dico.unimi.it 2. Technical University of Ilmenau, Research Group Multimedia Applications, Germany; url: http://www-ifmk.tu-ilmenau.de/mma 3. Information Systems Security Research Group, University of Salford, UK, url: http://sec.isi.salford.ac.uk/ 4. COmputer Security and Industrial Cryptography (COSIC), Department Electrical engineering (ESAT), Katholieke Universiteit Leuven, Belgium; url: http://www.esat.kuleuven.ac.be/cosic/ 5. DistriNet Research Group, Department of Computer Science, Katholieke Universiteit Leuven, Belgium url: http://www.cs.kuleuven.ac.be/cwis/research/distrinet/ 6. E. Bertino, D. Bruschi, S. Franzoni, I. Nai-Fovino, and S. Valtolina, Threat modelling for SQL Server, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK 7. R. Grimm and H. Eichstädt, Threat Modelling for ASP.NET - Designing Secure Applications, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK 8. paper of Active Directory 9. paper of security tokens 10. L. Desmet, B. Jacobs, F. Piessens, and W. Joosen, Threat Modelling for web services based web applications, Eighth IFIP TC-6 TC-11 Conference on Communications and Multimedia Security (CMS 2004), September 2004, UK 11. G. F. Coulouris, J. Dollimore and T. Kindberg, Distributed systems: concepts and design, third edition, Addison-Wesley, 2001 12. J. Kohl and C. Neuman, The Kerberos Network Authentication Service (V5), RFC 1510, September 1993, http://www.ietf.org/rfc/rfc1510.txt 13. W3C Note, SOAP: Simple Object Access Protocol 1.1, May 2000, http://www.w3.org/tr/2000/note-soap-20000508/ 14. M. Wahl, T. Howes, S. Kille, Lightweight Directory Access Protocol (v3), RFC 2251, December 1997, http://www.ietf.org/rfc/rfc2251.txt 15. R. Housley, W. Ford, W. Polk, D. Solo, Internet X.509 Public Key Infrastructure Certificate and CRL Profile, RFC 2459, January 1999, http://www.ietf.org/rfc/rfc2459.txt

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information