Semantic Markup for Secure Survivable Enterprise Applications Anya Kim

Semantic Markup for Secure Survivable Enterprise Applications Anya Kim, Amit Khashnobish, Jim Luo, Bruce Montrose, Myong Kang US Naval Research Laboratory Code 5542 Washington, DC Introduction • Service-oriented architectures – Relies on the ability to communicate relevant security information in a machine-understandable manner • Resources are protected by security mechanisms – Can act as barriers to access • Interoperability requires semantic markup of resources with security-related metadata – Enable dynamic discovery and invocation of services in a secure and trusted environment Security in SOA Specification & Matchmaking Current Standard Enterprise Application Level Our Contribution Augment with security-related markup in the context of the application Add semantic markup and query capabilities Semantic description of security-related concepts using ontologies T2 T1 T3 T5 T4 BPEL Infrastructure D1 D3 D4 Web-service Level UDDI WSDL D2 Security Specifications in SOA • More complex than functional descriptions – Security Requirements and Capabilities – Matchmaking is different Service Consumer Service Provider Security Requirements Security Capabilities Security Requirements Security Capabilities NRL Security Ontology • Ontologies provide fine-grained semantic description and discovery • Used at all levels of SOA for security specification Password minLength Certificate Cookie name value path X.509Certificate version serialNumber issuer notBefore notAfter Organizational ontology Date/time ontology Infrastructure level • Industry standard UDDI repositories cannot store ontology information • OWL2UDDI – Provide capabilities for ontology-based service description and discovery in UDDI using client-side modules Web Services Level and Enterprise Application Level • Web Services Level – Describe security capabilities and requirements using NRL Security Ontology – GUI to browse ontologies, specify security, and discover services • Enterprise Application Level – Created a simple GUI that represents data flow among tasks to specify security requirements: – Capturing mission software logic that spans multiple organizations and multiple applications – Consider security requirements in the context of mission software – Bridge the gap between operational community and security community Beyond the Paper Goal: functional & security descriptions P1 P3 Search criteria P2 Compose Mission Logic (Business Logic) P4 Service selector 3 Check status 2 Service Registry 1 List of potential services Invoke the best service QoS Security Status Web Service Questions?