Japan-Austria Joint Workshop on ICT October 18-19 2010, Tokyo, Japan SECTET Model driven Security of Oriented Systems based on Security as a Basel Katt, Ruth Breu, Mukhtiar Memon and Michael Hafner Research Group Quality Engineering University of Innsbruck
Quality Engineering Selected Projects Slide2
Quality Engineering Laura Bassi Lab Living Models for Collaborative Systems Industry Partners Slide3
Agenda Motivation OrientedSystems Challenges Healthcare Scenario SECTET : Model based configuration of Oriented Systems Model Driven Security (MDS) Security as a (SeAAS) Architecture Conclusion Slide4
Oriented Systems Independent partners offer and call services Collaboration across enterprises and systems New generation of cooperative applications Electronic health record, traffic management, energy trading, etc. Slide5
Challenges Collaborative systems based on SOA Dynamically composed, languageandtechnologyindependent and Agile and dynamically evolving systems Standards only address basic security requirements Solve these requirements at a low technical level Security enforcement at the service end points Places significant processing burden on service nodes Renders maintenance and management cumbersome Slide6
Goals The gap between domain experts and software engineers Maintainability and configurabl ity ity of security services Ability to re configure after deployment due to requirement changes or mechanisms updates Support of multiple security architectures for each requirement Enforcement Enforcing complex security requirements Consistent enforcement of security policies in enterprise level solutions Performance Security services involve performance costly functions Slide7
Example Distributed Electronic Health Record (EHR) HealthNetwork Tyrol Slide8
Example Healthcare Scenario EHR represents a consolidated virtual medical record Distributed across various careproviders 1 A General Practitioner 2 Electronic Health Record Patient Records Public Healthcare Provider 3 Referral Diagnosis 4 Virtual Electronic Health Record Patient Records 3 rd Party Institution Patient Electronic Medical Record 5 B Patient Records Radiography Specialist Private Healthcare Provider Slide9
Example Healthcare Scenario Inter organizational workflows s that can be offered or called by each partner Functional interaction between different stakeholders khld (roles) Security requirements Non repudiation and authentication Slide10
SECTET Model Based Configuration of Oriented Systems Security Requirements Business Security Policies (UML Diagrams) 1. MDS: Models configure services of a security architecture 2. SeAAS: Security architecture is based on security as a service paradigm Slide11
SECTET Methodology Model Driven Security (MDS) Traditional MDS approach SECTET MDS approach Slide12
SECTET Model Driven Security Process Two procedures are considered in SECTET MDS approach Architectural pattern refinement Security policy model transformations Two artifacts are generated Security policy configuration Security service process configuration Define abstract security policy define/select abstract archietctural pattern define platform Independent policy model transform to platform specific pattern transform to platform specific policy generate process configuration generate policy configuration deploy configurations Slide13
Model Driven Security (MDS) Benefits Integrate security concerns in the early stage of system development Enrich functional models with security extensions that represent abstract security policies Generatedeclarative security policies and process configurations Separate tasks between: domain experts, security experts and the system administration Support multiple security patterns for each requirement Enhance management and configurabilty of the architecture Slide14
Security Enhanced Functional Models <<domainrole>> RadiographySepcialist <<domainrole>> PrimaryPhysician <<domainrole>> Patient <<partnerrole>> PathologyLab 1 * <<domainrole>> RadiographySepcialist <<partnerrole>> Clinic 1 * Role Model <<domainrole>> PrimaryPhysician <<document>> PatientMedicalRecord 1 <<document>> Radiography <<document>> Prescription Document Model <<document>> Referral <<interface>> MedicalSystem + CreatePMR + ReferToSpecialist() + ViewPMR + UpdatePMR Interface Model Slide15
Abstract Security Models Layer Abstract Authentication Policy Security Architectural Patterns Security Policy Model Platform Specific Architecture Instant Security Policy Slide16
Model Deriven Security Architectural Patterns Security Pattern Refinement Example: Authentication 1) Platform-independent refinement to security architectural pattern 2) Platform-specific refinement to target architecture Slide17
Model Deriven Security Security Policies Slide18
Runtime Platform Model Transformations Source Models Security Policy Models Platform-specific Pattern architecture Transformation Templates Generated Code Slide19 <wsp:policy xmlns:wsp="http://. /policy" <wsp:exactlyone> <sp:asymmetricbinding> <sp:initiatortoken> <sp:x509token sp:includetoken= ".../AlwaysToRecipient"> <sp:wssx509v3token10 /> </sp:initiatortoken> <sp:recipienttoken>.. <sp:algorithmsuite> <sp:tripledesrsa15 />... <sp:includetimestamp /> </sp:signedencryptedsupportingtokens> <sp:signedelements> <sp:xpath xmlns:env=".../">//env:body/*[1]</sp:xpath>.. <sp:contentencryptedelements> <sp:xpath xmlns:env="...e/ e/">//env:body/*[1]</sp:xpath> </sp:contentencryptedelements> </wsp:exactlyone> </wsp:policy> <bpws:process exitonstandardfault="yes" name="nrp" > <bpws:partnerlinks> <bpws:partnerlink p myrole="nro" name="localnrolink" partnerlinktype="tns:nrprocess"/> </bpws:partnerlinks> <bpws:invoke operation="requestnro" partnerlink="remotenrolink" porttype="tns:nro" inputvariable="evidencerequest"/> <bpws:receive operation="receivenro" partnerlink="localnrrlink" porttype="tns:nrr" variable="receiveevidence"> </bpws:sequence> </bpws:process>
SECTET Methodology SeAAS Reference Architecture Features: Benefits Dedicated shared services in a security domain Decoupled from service endpoints SeAAS security compositions engine Out of bound protocol execution Message oriented integration with ESB WS based Standards Better performance Response Request SeAAS Component Token Validation Request Enterprise Bus (ESB) Authentication SeAAS Engine Endpoints Security s Policy Repository Primitive Security s Encryption Signature Easy deployment/management Token Validation Response Compliance Configurable security components Non Logging Repudiation Security service composition Loosely coupled components Extendable architecture Time Stamping Key Repository Authorization Security Monitoring Slide20
Complex Security s Executions Security workflow for complex security service Security WS interface for Inter Domain interactions Client Application (Radiography Specialist) (Request) Access to EHR (Response) Grant/Deny Access Healthcare s (Clinic) Authorization Non-repudiation Non-repudiation Authorization Logging SeAAS Engine Monitoring Monitoring SeAAS Engine Logging Security Compliance Authentication WS Interface Security Token WS Interface Security Token Authentication Security Compliance SeAAS Component (Domain 1) SeAAS Component (Domain 2) Out-of-band Authentication Process Slide21
SECTET Methodology SeAAS Implementation The delivery of security functionality over infrastructure components in a service oriented manner Slide22
SECTET An Overview Vision The systemic realizationof security criticalinterorganizational cooperations based on generic, composable security servcies. Components An extensible domain specific language A reference architecture based on Security As a (SeAAS) A multi level transformation framework for Model Driven Security From Platform Independent Models Model DrivenSecurityProcess Abstract Patterns Specific Patterns 1 2a 2c Business Messages Security Protocol Messages Security Policy 2b 4 to Code Artefacts SeAAS Infrastructure
Conclusion Collaborative systems based on SOA are heterogeneous, agile and dynamically evolving The best practice for SOA security is based on Endpoint security Traditional MDS approach to close the business code gap is Applied in one step Inflexible and supports one security pattern Proposed SECTET framework is based on two main concepts SeAAS methodology for the design of the reference architecture (RA) Enhanced MDS methodology for the configuration of security services Slide24
Future Work Investigating further security services like security monitoring, identity management, and usage control Developing the formal foundation of the refinement process and security composition ii Deploying and testing an EHR system developedby our industrial partner, ITHicoserve Slide25
Slide26 Thank you for your attention! www. sectissimo.info