JavaPolis 2004 Middleware and Web Services Security

Similar documents
Virtual machine interface. Operating system. Physical machine interface

Outline SOA. Properties of SOA. Service 2/19/2016. Definitions. Comparison of component technologies. Definitions Component technologies

Motivation Definitions EAI Architectures Elements Integration Technologies. Part I. EAI: Foundations, Concepts, and Architectures

Middleware Lou Somers

What Is the Java TM 2 Platform, Enterprise Edition?

Infrastructure that supports (distributed) componentbased application development

How To Protect Your Computer From Being Hacked On A J2Ee Application (J2Ee) On A Pc Or Macbook Or Macintosh (Jvee) On An Ipo (J 2Ee) (Jpe) On Pc Or

Contents. Client-server and multi-tier architectures. The Java 2 Enterprise Edition (J2EE) platform

Chapter 6. CORBA-based Architecture. 6.1 Introduction to CORBA 6.2 CORBA-IDL 6.3 Designing CORBA Systems 6.4 Implementing CORBA Applications

Chapter 1: Distributed Systems: What is a distributed system? Fall 2008 Jussi Kangasharju

What is Middleware? Software that functions as a conversion or translation layer. It is also a consolidator and integrator.

Using mobile phones to access Web Services in a secure way. Dan Marinescu

Introduction to CORBA. 1. Introduction 2. Distributed Systems: Notions 3. Middleware 4. CORBA Architecture

Introduction CORBA Distributed COM. Sections 9.1 & 9.2. Corba & DCOM. John P. Daigle. Department of Computer Science Georgia State University

NIST s Guide to Secure Web Services

WebSphere Training Outline

Architectural Overview

Java Security Web Services Security (Overview) Lecture 9

Principles and Foundations of Web Services: An Holistic View (Technologies, Business Drivers, Models, Architectures and Standards)

Chapter 4. Architecture. Table of Contents. J2EE Technology Application Servers. Application Models

Redbooks Paper. WebSphere Application Server V5 Architecture. Carla Sadtler

Distributed Systems. REK s adaptation of Prof. Claypool s adaptation of Tanenbaum s Distributed Systems Chapter 1

T Network Application Frameworks and XML Web Services and WSDL Tancred Lindholm

enterprise^ IBM WebSphere Application Server v7.0 Security "publishing Secure your WebSphere applications with Java EE and JAAS security standards

WebLogic Server 7.0 Single Sign-On: An Overview

White Paper: 1) Architecture Objectives: The primary objective of this architecture is to meet the. 2) Architecture Explanation

JVA-122. Secure Java Web Development

Module 17. Client-Server Software Development. Version 2 CSE IIT, Kharagpur

Client-Server Architecture & J2EE Platform Technologies Overview Ahmed K. Ezzat

2.1 What are distributed systems? What are systems? Different kind of systems How to distribute systems? 2.2 Communication concepts

Distributed Database Design

EC-Council Network Security Administrator (ENSA) Duration: 5 Days Method: Instructor-Led

How to Build an E-Commerce Application using J2EE. Carol McDonald Code Camp Engineer

Distributed Systems. Distributed Systems

How To Develop A Web Service In A Microsoft J2Ee (Java) 2.5 (Oracle) 2-Year Old (Orcient) 2Dj (Oracles) 2E (Orca) 2Gj (J

Single Sign On In A CORBA-Based

Security Goals Services

SECURING WEB SERVICES

Oracle Application Server 10g Web Services Frequently Asked Questions Oct, 2006

Detailed Table of Contents

How To Understand The Concept Of A Distributed System

EJB & J2EE. Component Technology with thanks to Jim Dowling. Components. Problems with Previous Paradigms. What EJB Accomplishes

Service Virtualization: Managing Change in a Service-Oriented Architecture

Network Security Administrator

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Web Services and Service Oriented Architectures. Thomas Soddemann, RZG

Service Oriented Architectures

VPN. Date: 4/15/2004 By: Heena Patel

ICANWK406A Install, configure and test network security

An Oracle White Paper Dec Oracle Access Management Security Token Service

Developing Java Web Services

B. WEB APPLICATION ARCHITECTURE MODELS

WEB SERVICES SECURITY

25 May Code 3C3 Peeling the Layers of the 'Performance Onion John Murphy, Andrew Lee and Liam Murphy

Security (II) ISO : Security Architecture of OSI Reference Model. Outline. Course Outline: Fundamental Topics. EE5723/EE4723 Spring 2012

Distributed Objects and Components

IBM WebSphere Data Power SOA Applicances V3.8.1 Solution IMP. Version: Demo. Page <<1/10>>

Software Concepts. Uniprocessor Operating Systems. System software structures. CIS 505: Software Systems Architectures of Distributed Systems

Grid Computing. Web Services. Explanation (2) Explanation. Grid Computing Fall 2006 Paul A. Farrell 9/12/2006

Security & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173

Service-Oriented Architectures

1 What Are Web Services?

<Project Name> Solution Architecture Preliminary System Design

WebService Security. A guide to set up highly secured client-server communications using WS-Security extensions to the SOAP protocol

Secure Identity Propagation Using WS- Trust, SAML2, and WS-Security 12 Apr 2011 IBM Impact

Evaluation of different Open Source Identity management Systems

ITS. Java WebService. ITS Data-Solutions Pvt Ltd BENEFITS OF ATTENDANCE:

Oracle WebLogic Foundation of Oracle Fusion Middleware. Lawrence Manickam Toyork Systems Inc

Web Services. Copyright 2011 Srdjan Komazec

Distributed Systems and Recent Innovations: Challenges and Benefits

FUSE-ESB4 An open-source OSGi based platform for EAI and SOA

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

A DEPLOYMENT-READY SOLUTION FOR ADDING QUALITY-OF-SERVICE FEATURES TO WEB SERVICES

Client-Server Applications

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Middleware and the Internet. Example: Shopping Service. What could be possible? Service Oriented Architecture

1 What Are Web Services?

Cryptography and network security CNET4523

Software Requirement Specification Web Services Security

A standards-based approach to application integration

CH ENSA EC-Council Network Security Administrator Detailed Course Outline

Web Services Development for IBM WebSphere Application Server V7.0. Version: Demo. Page <<1/10>>

IBM SPSS Collaboration and Deployment Services Version 6 Release 0. Single Sign-On Services Developer's Guide

CS 356 Lecture 28 Internet Authentication. Spring 2013

C/S Basic Concepts. The Gartner Model. Gartner Group Model. GM: distributed presentation. GM: distributed logic. GM: remote presentation

MIDDLEWARE 1. Figure 1: Middleware Layer in Context

OPC UA vs OPC Classic

Extreme Java G Session 3 Main Theme Java Core Technologies (Part I) Dr. Jean-Claude Franchitti

Service-Oriented Architecture and Software Engineering

Transcription:

JavaPolis 2004 Middleware and Web Services Security Dr. Konstantin Beznosov Assistant Professor University of British Columbia

Do you know what these mean? SOAP WSDL IIOP CSI v2

Overall Presentation Goal Learn what security mechanisms are available in middleware and Web services products

Speaker s Qualifications Konstantin Worked for end-user, consulting, and developer organizations Co-authored CORBA Security standards proposals Resource Access Decision Security Domain Membership Management (SDMM) CORBA Security Co-authored

This Slide Gains Your Audience s Attention I do not believe current tools, technologies, and methodologies support Extreme Performance Testing.

How many of you can explain? Various security mechanisms What middleware and Web services are What makes middleware and Web services security special What common architectures for security mechanisms are in most middleware and Web service technologies What are the differences among security mechanisms of various middleware and Web service technologies?

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

What is Computer Security? security -- safety, or freedom from worry How can it be achieved? Get rid of the sources of worry Don t trust computers anything valuable Make computers too heavy to steal Buy insurance (liability transfer) Create redundancy (disaster recovery services)

Goals of Security Prevention Prevent attackers from violating security policy Detection Detect attackers violation of security policy Recovery Stop attack, assess and repair damage Continue to function correctly even if attack succeeds

What Computer Security Policies are Concerned with? Confidentiality Keeping data and resources hidden Integrity Data integrity (integrity) Origin integrity (authentication) Availability Enabling access to data and resources CIA

Conventional Approach to Security Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography Service Continuity Disaster Recovery Requirements Assurance Assurance Design Assurance Development Assurance Operational Assurance

Protection provided by a set of mechanisms (countermeasures) to prevent bad things (threats) from happening

Authorization protection against breaking rules Rule examples: Only registered students should be able to take exam or fill out surveys Only the bank account owner can debit an account Only hospital s medical personnel should have access to the patient s medical records Your example

Access Control Definition: enforces the rules, when rule check is possible Authorization Engine Access Decision Function Object Resource (data/method s/menu item) Target Subject Principal User, Client Initiator Mix of terms: Action Authorizatio n Decision Entitlement Reference Monitor Authorization == Access Control Decision Authorization Engine == Policy Engine Security Subsystem

Authorization Mechanisms: Data Protection No way to check the rules e.g. telephone wire or wireless networks No trust to enforce the rules e.g. MS-DOS

Accountability You can tell who did what when (security) audit -- actions are recorded in audit log Non-Repudiation -- evidence of actions is generated and stored

Availability Service continuity -- you can always get to your resources Disaster recovery -- you can always get back to your work after the interruption

Types of Security Mechanisms secure precise broad set of reachable states set of secure states

Assurance Set of things the system builder and the operator of the system do to convince you that it is really safe to use. the system can enforce the policy you are interested in, and the system works as intended

How do you decide which policies to enforce and mechanisms to use?

It s all about risk Asset Value Threat Value Vulnerability Value Risk = Asset * Vulnerability * Threat

Security is a Process Source: Common Criteria for Information Technology Security Evaluation. 1999

Classes of Threats Disclosure Snooping Deception Modification Spoofing repudiation of origin denial of receipt Disruption Modification denial of service Usurpation Modification Spoofing Delay denial of service

Key Points Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography Service Continuity Disaster Recovery Requirements Assurance Assurance Design Assurance Development Assurance Operational Assurance

Key Points (cont-ed) Secure, precise, and broad mechanisms Risk = Asset * Vulnerability * Threat Steps of improving security Classes of threats Disclosure Deception Disruption Usurpation Reference monitor mediates actions of subjects on objects

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

What is middleware? It s what s between topware and underwear

Distributed Application Built Using DOS "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

Distributed Application Built Using NOS "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

Distributed Application Built Using Middleware 1.1 "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

Software Support for Distributed Applications System Description Main Goal DOS Tightly-coupled operating system for multiprocessors and homogeneous multicomputers Hide and manage hardware resources NOS Loosely-coupled operating system for heterogeneous multicomputers (LAN and WAN) Offer local services to remote clients Middleware Additional layer atop of NOS implementing general-purpose services Provide distribution transparency

Most Middleware Uses Remote Procedure Call "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

RPC Clients and Servers "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

Distributed Objects Distributed Computing Environment (DCE) Remote Objects Common Object Request Broker Architecture (CORBA) Microsoft s Distributed Component Object Model (DCOM) & COM+ Java Remote Method Invocation (RMI) Enterprise Java Beans.NET Remoted Objects

Middleware Services Communication facilities Naming Persistence Concurrency Distributed transactions Fault tolerance Security

Middleware Openness "Distributed Systems: Principles and Paradigms" by A. S. Tanenbaum, M. van Steen. Prentice Hall; (2002)

What s Middleware Openness? Operating system independent Completeness and portability Interoperability

What s Web Services?

How do middleware and Web services differ? Features/ properties middleware traditional MOM Web services Client server yes no no RPC yes no no OS independent mostly mostly no Completeness and portability yes mostly no interoperability yes yes yes

Promise of Web Services Interoperability across lines of business and enterprises o Regardless of platform, programming language and operating system End-to-end exchange of data o Without custom integration Loosely-coupled integration across applications o Using Simple Object Access Protocol (SOAP) Trader Application Brokerage Application Accounting Application SOAP Sender SOAP Receiver/ Sender SOAP Receiver

Web Services Features XML-based messaging interface to computing resources that is accessible via Internet standard protocols WS help intranet (business units) and extranet (business partners) applications to communicate SOAP format for WS communications Defined in XML Supports RPC as well as document exchange o No predefined RPC semantics Stateless Can be sent over various carriers: HTTP, FTP, SMTP, postal service

SOAP Message Example <?xml version="1.0"?> <env:envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope"> <env:header> <n:alertcontrol xmlns:n="http://example.org/alertcontrol"> <n:priority>1</n:priority> <n:expires>2001-06-22t14:00:00-05:00</n:expires> </n:alertcontrol> </env:header> <env:body> <m:alert xmlns:m="http://example.org/alert"> <m:msg>pick up Mary at school at 2pm</m:msg> </m:alert> </env:body> </env:envelope>

Typical Web Service Environment

J2EE Web Service Systems Client Tier Presentation Tier RMI-IIOP Com ponent Tier Back-office Tier EJB Container Application Client SOAP Web Server EJB Mainfram es JSPs RMI-IIOP EJB JDBC Brow ser HTML Servlets EJB JCA Databases

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

client-server paradigm & security request A response B request request A response B C

requirements due to distribution centralized administration localized run-time decisions

object paradigm & security (1/2) objects small amounts of data ==> large numbers o R: Scale on large numbers of objects and methods diverse methods ==> complex semantics o R: Security administrators should not have to understand semantics of methods collections R: Similar names or locations should NOT impose membership in same collection(s). R: For an object to be assigned to the same collection, name similarity and/or co-location should not be required.

object paradigm & security (2/2) many layers of indirection and late binding names multi-name, nameless and transient objects R: Transient objects should be assigned to security policies without human intervention. less rigid naming hierarchies R: No assumptions that administrators know a name of each object in the system.

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

Middleware Security Stack Client Application Proxy ORB Security Service Security Mechanism Implementation OS Network RPC Abstraction Middleware Security security context abstraction Actual messages Server Application Application Server Skeleton Adapter ORB Security Service Security Mechanism Implementation OS Network

Policy Enforcement and Decision Application Target Access Request Enforcement Function Decision Decision Request Decision Function Middleware Security Subsystem Middleware Access Request

Distributed Authentication Password-based Symmetric key e.g., Kerberos Asymmetric key e.g., PKI

Data Protection Client Application Proxy ORB Security Service Security Mechanism Implementation OS Network RPC Abstraction Middleware Security security context abstraction Actual messages Server Application Application Server Skeleton Adapter ORB Security Service Security Mechanism Implementation OS Network

Data Protection in Web Services

SOAP Message with WS-Security <? Xml version= 1.0?> <env:envelope xmlns:env= http://www.w3.org/2001/12/soap-envelope xmlns:sec= http://schmas.xmlsoap.org/ws/2002/04/secext xmlns:sig= http://www.w3.org/2000/09/xmldsig# xmlns:enc= http://www.w3.org/2001/04/xmlenc# > <env:header> <sec:security sec:actor= http://www.w3.org/2001/12/soap-envelope/actor/next sec:mustunderstand= true > <sig:signature> </sig:signature> <enc:encryptedkey> </enc:encryptedkey> <sec:binarysecuritytoken </sec:binarysecuritytoken </sec:security> </env:header> <env:body> <enc:encrypteddata> </enc:encrypteddata> </env:body> </env:envelope>

WS-Security Message integrity and message confidentiality Compliance with XML Signature and XML Encryption Encoding for binary security tokens Set of related claims (assertions) about a subject X.509 certificates Kerberos tickets Encrypted keys

XML Encryption Encrypt all or part of an XML message Separation of encryption information from encrypted data Super-encryption of data <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> <EncryptionMethod Algorithm='http://www.w3.org/2001/04/xmlenc#3des-cbc'/> <ds:keyinfo xmlns:ds='http://www.w3.org/2000/09/xmldsig#'> <ds:keyname>john Smith</ds:KeyName> </ds:keyinfo> <CipherData> <CipherValue>A23B45C56</CipherValue> </CipherData> </EncryptedData>

XML Signature Apply to all or part of a document Contains: references to signed portions, canonicalization algorithm, hashing and signing algorithm Ids, public key of the signer. Multiple signatures with different characteristics over the same content <Signature Id="MySignature" xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/ /REC-xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/> <Reference URI="http://www.w3.org/TR/2000/REC-xhtml1-20000126/"> <Transforms> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue> </Reference> </SignedInfo> <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue> <KeyInfo> <KeyValue> <DSAKeyValue> <P>...</P><Q>...</Q><G>...</G><Y>...</Y> </DSAKeyValue> </KeyValue> </KeyInfo> </Signature>

Security Policy Decisions

Policy Enforcement and Decision Application Target Access Request Enforcement Function Decision Decision Request Decision Function Middleware Security Subsystem Middleware Access Request

scaling policy decisions attributes permissions domains, types Clients Methods Targets Subjects

Credentials Delegation What are credentials? Push and pull models

Issues in Distributed Audit Monitor activity across and between objects. Order of the audit records is hard to determine because of the lack of global time. Performance No guarantee that an event has been logged.

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

COM+ Specifics

Authentication in COM+ Supported mechanisms Kerberos Windows NT LAN Manager (NTLM) Granularity modes Never At the time of establishing secure channel On every call With every network packet Credentials delegation options No delegation Unconstrained simple delegation (a.k.a., impersonation) o Only one hop for NTLM

Data Protection in COM+ Supported modes Origin authentication and integrity protection As above + confidentiality protection

Access Control in COM+ The three hurdles to go through 1. Activate server process 2. Process border checks 3. DLL border checks Granularity Component Interface Method

COM+ Access Control Architecture

Accountability in COM+ No out-of-the-box support Developers should rely on Windows event logs

EJB Specifics

EJB Run-time Security Client address space (JVM) Container address space (JVM) EJB object stub Caller Identity EJB object Enterprise Bean instance Caller Identity Enterprise Bean class AccessControlEntries Bean Identity Container EJB server Common Secure Interoperability (CSI) v2 defines wire protocol

Authentication in EJB Defines only the use of JAAS for authenticating and credentials retrieving Implementation-specific Credentials delegation options No delegation Unconstrained simple delegation (a.k.a., impersonation)

Data Protection in EJB Implementation-specific

Access Control in EJB Configured through deployment descriptor Granularity Down to individual method on a class, but not bean instance Can be different from JAR to JAR Expressiveness method grouped into method permissions Subjects grouped by plain roles No role hierarchy JSR 115: J2EE Authorization Contract for Containers -- APIs for plugging authorization engines

roles and permissions in EJB

Accountability in EJB Implementation-specific

Outline Part I: Security What are security mechanisms? Part II: Middleware and Web services What are middleware and Web services? What s special about middleware and Web services security? Part III: Security in middleware and Web services What are common architectures for security mechanisms in most middleware and Web service technologies? What are the differences among security mechanisms of COM+ and EJB? Part IV: Conclusions Summary Where to go from here?

Summary Security Objectives: CIA Means o Protection Authorization, Accountability, Availability o Assurance Middleware & Web services Software layer between OS and application to provide transparencies Security-related issues: scaling, granularity, naming Security in Middleware & Web services Common features/elements Technology/product specific

Where To Go From Here? JavaPolis Access control architectures: EJBs versus COM+ Erwin Geirnaert: Hacking J2EE servers Secure agility/agile security Secure application development course http://www.secure-application-development.com http://www.secappdev.com Books B. Hartman, D. J. Flinn, K. Beznosov, and S. Kawamoto, chapter 7, Mastering Web Services Security, New York: John Wiley & Sons, Inc., 2003. E. Roman, S. Ambler, and T. Jewell, Mastering Enterprise JavaBeans, Second ed: Wiley Computer Publishing, 2002. B. Hartman, D. J. Flinn, and K. Beznosov, Enterprise Security With EJB and CORBA. New York: John Wiley & Sons, Inc., 2001. Security Engineering by Ross Anderson

If You Only Remember Three Things Build security in from the beginning Push security out of the applications Design for change

Reserved slides

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information