Document Sample
572 Powered By Docstoc
					 An overview of Web Services and Grid Security research
      activities at the BT Security Research Centre
                                             Theo Dimitrakos
                                      BT Security Research Centre
                          Adastral Park, Martlesham Heath, Ipswich, Suffolk, IP5 3RE, UK

            Abstract: In this paper we provide an overview of the research activities that are being planned in
             area of Web Services and Grid Security at the Security Research Centre of British Telecom. The
            focus of the paper is on summarising specific research challenges whose achievement we consider
               as important milestones in the evolution of web services and Grid security, and on reporting
               experience from analysing and experimenting with WS-* specifications that appear to offer a
                                     suitable base-line for addressing these challenges.

    Leveraging on the convergence of Grid and Web services technologies we anticipate the emergence
of new business and scientific computing paradigms that are based on dynamic Virtual Organisations
(VO). VOs span across the organisational boundaries and enable the enactment of collaborate processes
that integrate services, resources and knowledge in order to perform tasks that VO partners could not
undertake on their own. Such a dynamic and complex structure opens several challenging problems
related to the VO security, including the following:
- VO participants provide services that are integrated upon-demand into a custom-made solution;
     using limited resources, they may offer several different services in the context of the same VO
     and/or offer the same service to several VOs; the main interest of each Organisation – that persists
     across its participation in VOs – is (in the longer term) to optimise its utility.
- Relationships between VO participants are bound to some form of agreement (that may include but
     not be restricted to SLA) against which their performance is being assessed.
- Each Organisation defines its own (typically public) security policy dictating the way that consumers
     can access the services and resources that this Organisation contributes to the VO. It also defines its
     own (typically private) security policy providing the rules upon which security decisions about
     controlling the use of its assets are made at run-time. Of course, these policies need to be consistent
     to the agreements that constrain the relationships between VO members. However, an Organisation
     may intentionally violate an agreement and suffer the penalties defined for such violation in order to
     serve its business objective (e.g. to maximise profit, or to operate on limited resources without
     violating agreements of greater importance.)
- Security policy roles aggregating access rights and obligations are defined not only for users but also
     for service instances. These roles are distinct but explicitly associated with the business roles that a
     service assumes during the enactment of a collaborative activity in the context of executing a
     composite application service. Consequently, the rights and obligations of a service instance are not
     fixed in its profile but specific to the context of each collaborative activity that it contributes to, and
     they may change depending on the state of that activity.

General Technical Requirements
The above impose a set of technical requirements that drive the need for new integrated security
- Distinct and possibly independent security contexts are created and managed for the various
    Organisations that contribute services and/or resources to a VO.
- Each Organisation has its own (public) security policies about how the services it hosts can be
    accessed and its own (private) security policies about how secure communication (i.e. transport-level
    and message-level security) is enforced and how access is controlled.
- For each collaborative activity that contributes to the execution of a composite application, a distinct
    security context is created to enable interactions among the participating services; message
    exchanges among services are enabled only if such a security context is present. The presence of
    such a security context defines a logical Group of service instances that are allowed to interact for
    enacting the collaborative activity.
-   For each such Group, a dedicated administrative service is created for coordinating the distribution
    of the security context that is associated with this Group. This administrative service also
    coordinates the distribution of commonly recognised security attributes, which encapsulate the
    role(s) that a service instance may assume within that security context. Such roles abstract the rights
    and obligations that have been foreseen for securely enacting the corresponding collaborative
-   The membership and security attribute distribution in such a Group may change dynamically during
    the enactment of a collaborative activity depending on the state of this activity.
-   Each Organisation makes security decision and enforces security actions based on the specific
    security context within which the user access and service-to-service interactions take place, the
    security attributes possessed by each interacting service and the security policies of the sites
    managed by the Organisation.
-   In order to optimise time-to-deploy new services application specific service instances deployed in a
    site should not be directly involved in actions relating to the distribution of security context, the
    security policy decision making and the enforcement of security related actions. Security actions are
    performed by a set of message interceptors, policy decision and policy enforcement points, which
    are provided by the infrastructure and administered by the Organisation supported by a dedicated
    service (provided by the infrastructure) for coordinating interactions between the administrative
    services of different Organisations when needed (e.g. for validating security claims, updating Group
    membership, revoking security attributes, etc.).

General Approach and Specific Activities
Research on integrated security architectures and experimentation with novel solution prototypes that
aim to enable secure integration of services and resources across Enterprise/Organisational boundaries is
essential for future growth, as BT is transforming itself from a Telco to a global IT and networking
services company and aspires to meet our vision in becoming the world leader in network-centric ICT
solutions. The research activities in the area of Web Services and Grid Security aim to facilitate such
growth by investigating technology choices, by producing interoperable security profiles, based on the
convergence of Grid computing and emerging web services security standards, and by developing system
designs and validating them through prototypes that can serve as a showcase of the following key
1. Federating security/administrative domains. In relation to this aspect we aim to integrate and
    advance implementations of “next-generation” web services protocols for enabling the “just-in-time”
    federation of distinct and autonomous security / administrative domains that is limited to the
    duration of a business activity. This in turn provides the foundation for establishing transactional
    conversations between services (and users) distributed across different trust/administrative realms
    that contribute to this business activity.
2. Autonomic security policy management and enforcement. In relation to this aspect, we aim to
    investigate techniques and technology for automating security policy management for service
    provision and to prototype a solution that enables, on the one hand, the automatic deployment of
    policies across different security domains, and, on the other hand, the automatic adaptation of which
    security policy is active and of the security enforcement configuration in response to changes in the
    environment (including the state of the business activity within which services may transact).
3. Securing Service Composition. In relation to this aspect, we aim to investigate methods and
    technology for integrating security management and web services business process enactment in
    order to establish an environment where process-driven integration of services across
    Enterprise/Organisational boundaries can be realised.
4. Securing WS-Management & Manageable Security. The focus of this aspect is to investigate
    extensions of emerging WS management protocols in order to ensure, on the one hand, that the
    remote management of network and enterprise resources by dedicated web services is secured, and
    on the other hand, that an appropriate virtualisation of operating-platform-specific security
    enforcement mechanisms is achieved, therefore, enabling services making security policy decisions
    to control security enforcement mechanisms over diverse execution environments.
5. Dynamic Security Perimeters. In relation to this aspect we aim to offer a new perspective to research
    towards “deperimeterization” by investigating how the configuration of content-sensitive security
    firewalls and of application-level security enforcement points can be coordinated and adapted in real
    time in order to create a virtualised “dynamic security perimeter” that is based on an aggregation of
    perimeter manageable security enforcement points across different enterprises.
Further to the above, as a part of this activity and in conjunction with external collaborative projects we
aim to build a Virtual Organization testbed where we re-create the environment where two or more
Enterprises selectively federate their trust/administrative realms to accommodate a process-driven service
composition. The testbed will be built up using implementations of the most promising WS-* extensions
and (where appropriate) incorporate elements developed within Grid computing communities.

Related Technologies
In preparation of this research activity, and in the context of both internal and collaborative projects (e.g.
the EU integrated project TrustCoM we have been experimenting with a number
of different WS-* technologies. In this talk and associated paper we will report our experiences with such
experimentation and our view about how WS-* can be integrated and extended to meet the above
objectives. The following table summarises an analysis and comparison between a number of web
services specifications that has been conducted in the context of the EU collaborative project TrustCoM.
In this presentation we will offer a walkthrough of how some of these specifications can be used in
practice in order to help achieve the technical goals set by the abovementioned activities.
Note: read table by column !

                                                        Core WS, Messaging, Grid, Semantic We                                                                                                                                                                                                           Policies and Security                                                                                                                                                                    Business processing
                                                                                                                                                                                    Semantic Web - OW




                                                                                                                                                                                                                       Username tokens

                                                                                                                                                                                                                                         XrML/REL tokens

                                                                                                                                                                                                                                                                                       SAML protocols



                                                                                                                                                                                                                                                                                                                                                                                                                                                                             ebXML CPPA

                                                                                                                                                                                                                                                                         SAML tokens
                                                                                                                                                                                                        X.509 tokens

                                                                                                                                                                      WSRF family









   Core WS, Messaging,

    Grid, Semantic Web

                                WSRF family
                                Semantic Web - OWL-S
                                X.509 certificates
                                Username tokens
                                XrML/REL tokens
                                SAML tokens
        Policies and Security

                                SAML protocols
                                ebXML CPPA
        Business processing


                                <column> overlaps, is incompatible with, cannot depend upon, or cannot support <row>
                                <column> does not conflict with, is orthogonal to, composable with, or independent of <row>
                                <column> supports or uses <row>, if right profile used, or are inter-dependent
                                <column> depends upon, or provides extensions to <row>

  Figure 1: Web Services Integration Matrix produced in the context of the EU project TrustCoM

In this talk we will provide an overview of ongoing research and advanced
development activities at BT Security Research Centre in the area of Web Services and
Grid Security. After summarising specific research challenges whose achievement we
consider as important milestones in the evolution of web services and Grid security, we
will summarise results from analysing emerging WS-* technologies and explain which
particular combination of technologies can be used as a baseline for the experimental
research activities summarised at the overview.

Description: grid computing security