Get documents about "Bringing Semantic Security to Semantic Web Services
Document Sample
Bringing Semantic
Security to Semantic
Web Services
B. Ramamurthy
8/10/2010 1
Introduction
Humans can read web pages and understand them,
but their inherent meaning is not shown in a way
that allows their interpretation by a computer
(program).
One way to enable machine-to-machine exchange
and automated processing is to provide the
information in such as way that computers can
understand it.
This is precisely the objective of the semantic web.
The next generation of the Web will combine
existing Web technologies with knowledge
representation formalisms.
8/10/2010 2
Semantic Web Services
dynamic
Semantic
Web
Web
Services
Services
static
Semantic
WWW
Web
8/10/2010 3
RDF, OWL, WSDL-S
RDF is a standard for creating descriptions of
information. RDF is for simple semantics.
OWL provides a language for defining
structured web-based ontologies which
allows a richer integration and interoperability
of data among communities and domains.
WSDL-S establishes a mapping between
WSDL descriptions and ontological concepts.
8/10/2010 4
WSDL-S Example
Semantics can be added to operations,
messages, preconditions and efforts
xmlns:sm= http://dme.uma.pt/jcardoso/StudentMng.owl#
<interface name = “StudentmanagmentUMA”>
<operation name = “RegisterStudent” >
<action element = sm:RegisterStudent” />
..
<input messageLabel = “ID” element = “sm:studentID” />
<output messageLabel = “student” element = “sm:StudentInfo” />
..
</interface>
8/10/2010 5
Authoring Tool for WSDL-S
To create, represent, and manipulate WSDL-
S documents WSDL4J can be used.
WSDL4J provides Java APIs for WSDL
parsing and generation.
WSDL4J supports extensibility elements
providing an easy mechanism to add new
extensions.
8/10/2010 6
Web Services Security
Background
Standards are proposed or accepted regarding
authentication, encryption, and identity
management.
RSA encryption, XML signatures , SAML – Security
Assertion Markup Language
There are 5 fundamental areas to consider:
Message level protection, Message privacy,
parameter checking, authentication, and
authorization.
This is application layer security (not network layer
security).
8/10/2010 7
Application of RSA
Lets say a person in Atlanta wants to send a
message M to a person in Buffalo:
Atlanta encrypts message using Buffalo’s public
key B E(M,B)
Only Buffalo can read it using it private key b:
E(b, E(M,B)) M
In other words for any public/private key pair
determined as previously shown, the encrypting
function holds two properties:
E(p, E(M,P)) M
E(P, E(M,p)) M
8/10/2010 8
How can you authenticate
“sender”?
In real life you will use signatures: we will look at
concept of digital signatures next.
Instead of sending just a simple message, Atlanta
will send a signed message signed by Atlanta’s
private key:
E(B,E(M,a))
Buffalo will first decrypt using its private key and use
Atlanta’s public key to decrypt the signed message:
E(b, E(B,E(M,a)) E(M,a)
E(A,E(M,a)) M
8/10/2010 9
Digital Signatures
Strong digital signatures are essential requirements
of a secure system. These are needed to verify that
a document is:
Authentic : source
Not forged : not fake
Non-repudiable : The signer cannot credibly deny
that the document was signed by them.
8/10/2010 10
Digest Functions
Are functions generated to serve a
signatures. Also called secure hash
functions.
It is message dependent.
Only the Digest is encrypted using the private
key.
8/10/2010 11
Alice’s bank account
certificate
:
1. Certificate type Account number
2. Name : Alice
3. Account : 6262626
:
4. Certifying authority Bob’s Bank
5. Signature : {Digest(field 2 + field 3)}KBpriv
8/10/2010 12
Digital signatures with public keys
M signed doc
Signing
H(M) h E(K pri , h) {h} Kpri
128 bits M
{h} Kpri h'
D(Kpub ,{h})
Verif y ing M h = h'?
H(doc) h
8/10/2010 13
Message Privacy
Deals with confidentiality of messages.
Message header has token and signature.
Typically WS are chained together to form a
complex service.
In this situation we need end-to-end encryption
schemes. Scheme such as SSL will not suffice.
Solution: XML encryption allows for encryption of
any combination of the message body, header,
attachments, and sub-structures.
8/10/2010 14
XML Signature
Service requestor encrypts the message and
the signature information in the header it may
specify in the header that it used providers
public key.
Private key of the provider is then used
decrypt the XML request.
XML Encryption allows for multiple keys to be
used for encrypting different sections thus
allowing intermediaries to access parts of the
message.
8/10/2010 15
Message level Protection
Message level protection has to with message
integrity. How do assure that the message has not
been modified?
This is done by creating a message digest.
Digest is a cryptographic checksum of an octet
stream which is created using an algorithm, say,
SHA-1 algorithm.
Provider gets the message, its digest as signature
and type of algorithm used to create the digest. It
creates the digest and compares with the one from
the sender and verifies the integrity of the
messages.
8/10/2010 16
Message validity
Message validity is ensuring that the contents
of a message are appropriate to the service
and that they are well formed.
You check the types used and operations
used are valid.
SQL injection is a common malicious code.
Typical identification method is to look for “;’
(semicolon) that allows for SQL commands to
follow.
8/10/2010 17
Authentication
Authentication is verifying that the requester
is who he/she claims to be.
In a typically closed environment: user name
/ password
If the sender previously unknown: send
credential to verify oneself.
Trusted authorities issues certificates that
can be used as credential. (Verified by
Verisign)
8/10/2010 18
Authorization
In any organization, data located may have levels of
sensitivity. Ex: grades and student personal
information in a university: Infosource at UB.
Authorization is granting of rights which includes the
granting of access based on access rights.
This typically takes place after authentication.
Three most common access control
implementations:
Access matrix
Access Control List (ACL)
Role Based Access Control (RBAC)
8/10/2010 19
Access Matrix
A general model of access control as exercised by a
file or database management system is that of an
access matrix.
Basic elements of the model are:
Subject: An entity capable of accessing objects. The
concept of subject equates that of a process.
Object: Anything to which access is controlled. Ex: files,
programs, segments of memory.
Access right: The way in which an object is accesses by
the subject. Examples: read, write, and execute.
8/10/2010 20
Access Matrix (contd.)
File 1 File 2 File 3 File 4 Acct1 Acct2 Printer1
Own Own Inquiry
userA R, W Credit
R, W
R Own W R Inquiry Inquiry
userB P
Debit Credit
R, W
Own Inquiry
userC R,W R Debit
R, W
8/10/2010 21
Access Matrix Details
Row index corresponds to subjects and
column index the objects.
Entries in the cell represent the access
privileges/rights.
In practice, access matrix is quite sparse and
is implemented as either access control lists
(ACLs) or capability tickets.
8/10/2010 22
ACLs
Access matrix can be decomposed by columns,
yielding access control lists.
For each object access control list lists the users
and their permitted access rights.
The access control list may also have a default or
public entry to covers subjects that are not explicitly
listed in the list.
Elements of the list may include individual as well
group of users.
8/10/2010 23
WS Security
Access Control Scheme
name/password
access token associated with each process object
indicating privileges associated with a user
security descriptor
access control list
used to compare with access control list for object
8/10/2010 24
Access Token (per
user/subject)
Security ID (SID)
Group SIDs
Privileges
Default Owner
Default ACL
8/10/2010 25
Security Descriptor (per
Object)
Flags
Owner
System Access Control List
(SACL)
Discretionary Access Control
List (DACL)
8/10/2010 26
Access Control List
ACL Header
ACE Header
Access Mask
SID
ACE Header
Access Mask
SID
.
.
.
8/10/2010 27
Access Mask
Delete
Read Control
Write DAC
Write Owner
Generic Synchronize
Access Types
Standard Specific Access Types
Access Types
Access System Security
Maximum allowed
Generic All
Generic Execute
Generic Write
Generic Read
8/10/2010 28
Access Control Using ACLs
When a process attempts to access an object, the
object manager in security executive reads the SID
and group SIDs from the access token and scans
down the object’s DACL.
If a match is found in SID, then the corresponding
ACE Access Mask provides the access rights
available to the process.
8/10/2010 29
RBAC
In 2004 the National Institute of Standards and
Technology (NIST) published a standard for defining
the features of the Role Based Access Control
(RBAC).
Two parts: (i) Reference model and (ii) System and
Administrative functions.
Reference model: objects, operations, permissions,
roles and users (in-band artifacts)
Administrative model: system functionality,
administrative operations and reviews.
8/10/2010 30
RBAC Details
RBAC starts with Permission sets.
Permission express a privilege to access a
resource.
Examples of permission: “create a file”, “access
grades information” (ublearns)
Next steps is defines Roles and assigning
permissions to Roles.
Examples of roles: “Physician”, “Reviewer”
Scenario driven approach is typically used to
connect roles to permissions.
Upper level ontology in SWS should map Users,
Roles, Groups etc. to the ontology.
8/10/2010 31
