Web Services Security Specifying Conflict of Interest Assertions in by tfe97690

VIEWS: 5 PAGES: 45

									Web Services Security: Specifying Conflict of
Interest Assertions in Web Services Policy for
Matchmaking Process




Patrick C. K. Hung
Commonwealth Scientific & Industrial Research Organization
Canberra, Australia
Email: Patrick.Hung@csiro.au
Motivation

             Previous industrial
             experience of e-
             procurement system in
             North America –
             Customers’
             requirements and
             feedbacks

             Security and privacy
             studies for p-health –
             Health Data Integration
             (HDI) project at CSIRO
Motivation (cont.)
Motivation (cont.)




Adapted from: FONTANA, J. 2002. Top Web Services Worry: Security. NetworkWorldFusion,
January 2002, http://www.nwfusion.com/news/2002/0121webservices.html.
Overview

1.   Introduction
2.   Related Work
3.   Conflict of Interest and Chinese Wall Security Policy
4.   Specifying Conflict of Interest Assertions in WS-Policy
5.   Prototype Implementation
6.   Future Research
7.   Conclusion
Introduction

A Web service is defined as an autonomous unit of application
logic that provides either some business functionalities or
information to other applications through an Internet
connection.

Same as Internet/Web Agents???

Web services are based on a set of standards:
   – Simple Object Access Protocol (SOAP)
   – Web Services Description Language (WSDL)
   – Universal Description, Discovery and Integration (UDDI)
Ref: www.w3c.org and www.uddi.org
Introduction (cont.)




Adapted from Mohen, C. (2002). “Tutorial: Application Servers and Associated Technologies,”
ACM SIGMOD International Conference on Management of Data (SIGMOD'02), Madison, USA, June 2002.
Introduction (cont.)

The Web services market is expected to grow to USD$28
billion in sales in the coming three years.
Ref: HOLLAND, P. 2002. Building Web Services From Existing Application. eAI Journal,
September 2002, 45-47.


Early adopters of Web services may include several industries
that involve a set of diverse trading partners working closely
together in a highly competitive market:
     – Insurance Services
     – Financial Services
     – High-tech Services
Ref: RATNASINGAM, P. 2002. The Importance of Technology Trust in Web Services Security.
Information Management & Computer Security, vol. 10, no. 5, 255-260.
Introduction (cont.)

A major drawback of traditional business-to-business (B2B)
applications is that setting up an additional connection with
another trading partner is costly and time consuming.

The benefits of adopting Web services:
   – Faster time to production
   – Convergence of disparate business functionalities
   – A significant reduction in total cost of development
   – Easy to deploy business applications for trading partners
Ref: RATNASINGAM, P. 2002. The Importance of Technology Trust in Web Services Security.
Information Management & Computer Security, vol. 10, no. 5, 255-260.
Introduction (cont.)

Emerging B2B applications increase the need for sharing and
coordinating the use of Web services for different business
processes in a loosely coupled execution environment.

A business process contains a set of activities which represent
both business tasks and interactions between Web services.

In the past few years, business process or workflow proposals
relevant to Web services are proposed and discussed in the
business and academic world.
Ref: www.w3c.org
Introduction (cont.)

All of the proposed XML languages are based on WSDL
service descriptions with extension elements:
     – Web Services Flow Language (WSFL) and Web
        Services Endpoint Language (WSEL)
     – XLANG
     – Business Process Execution Language for Web
        Services (BPEL4WS)
     – ebXML
     – More…
Introduction (cont.)
Introduction (cont.)
Introduction (cont.)
Introduction (cont.)
Introduction (cont.)

Matchmaking - an appropriate Web service is assigned to
execute an activity by a service locator.

Delegation – Web services may also delegate some sub-
activities that are decomposed from the assigned activities to
other Web services.

Use the service directory (i.e., UDDI) to find the most
appropriate Web service that can provide the operations to
satisfy the activity’s requirements.

Service locators (brokers) are needed!
Introduction (cont.)

                                                                                                                                                                                               W e b S e r v ic e
                                                                                                                                                                                                a t H o s p it a l
                                                                                                                                                                                                      1 .1
  W e b S e r v ic e
   a t N a tio n a l                              R e t r ie v e                                        R e tr ie v e
    B u re a u o f                             C e n s u s D a ta                                     H e a lt h D a t a
    S t a tis tic s
                                                                                                                                                               W e b S e r v ic e
                                                                                                                                                                 a t H e a lt h
                                                                                                                                                               D a ta C e n te r
                                                                                                                                                                in S ta t e 1



                                      N u m b e r o f s m o k e rs                                    N u m b e r o f p e o p le
                                                                                                        d ie d o f c a n c e r
                                                                                                                                                                                               W e b S e r v ic e
                                                                                                                                                                                                a t H o s p it a l
                                                                                                                                                                                                     1 .M

  W e b S e r v ic e                                                                                                                W e b S e r v ic e
   a t N a tio n a l                                                                                                                         at
    C e n te r o f                                                             D a ta A n a ly s is                                    N a t io n a l
       H e a lt h                                                                                                                  H e a lt h C e n t e r
    S t a tis tic s

                                                                                                                                                                                               W e b S e r v ic e
                                                                                                                                                                                                a t H o s p it a l
                                                                                                                                                                                                     N .1


                                                          C u s to m iz e d T a b le s


                                                                                                                                                              W e b S e r v ic e
                                                                                                                                                                a t H e a lth
                                                                                                                                                              D a ta C e n te r
                                                                                                                                                               in S ta t e N

  W e b S e r v ic e
                                                                                   P u b lis h
   a t N a tio n a l
                                                                                   R e p o rts
  M e d ia P r e s s

                                                                                                                                                                                               W e b S e r v ic e
                                                                                                                                                                                                a t H o s p it a l
                                                                                                                                                                                                     N .M




                                      F lo w M o d e l (P r e v e n t iv e C a n c e r S t u d y P r o c e s s )                    D e le g a tio n M o d e l ( N a tio n a l H e a lt h C e n t e r )

                                                                                                                                                                                    M a t c h m a k in g M o d e l
                   m a tc h m a k e                            d e le g a t e



A Matchmaking, Delegation and Flow Model
Introduction (cont.)

Web services architectures are built on an insecure,
unmonitored and shared environment, which is open to events
such as security threats.

The open architecture of Web services makes it available to
many parties, who may have competing interests and goals.

WSDL and UDDI do not discuss any approach to detecting
conflicts, dissatisfaction and mistrust among trading partners.
Related Work

Security Assertions Markup Language (SAML) is used to
define authentication and authorization decisions in Web
services. Web services providers submit SAML tokens to
security servers for making security decisions. SAML is an
XML-based framework for exchanging security credentials in
the form of assertions about subjects.
Ref: OASIS. 2002. SAML 1.0 Specification Set: Committee Specifications.


eXtensible rights Markup Language (XrML) assists the owners
of Web services to specify the rights of authorized users or
parties and to identify the terms and conditions under which
those rights may be exercised by those authorized users or
parties.
Ref: CONTENTGUARD. 2001. eXtensible rights Markup Language (XrML), Version 2.0.
Related Work (cont.)




Adapted from: IBM CORPORATION. 2002. Security in a Web Services World: A Proposed
Architecture and Roadmap, White Paper, Version 1.0.
http://www-106.ibm.com/developerworks/library/ws-secroad/
Related Work (cont.)

WS-Security describes enhancements to SOAP messaging to
provide quality of protection through message integrity,
message confidentiality and single message authentication.
Ref: Web Services Security (WS-Security):
http://www-106.ibm.com/developerworks/webservices/library/ws-secure/


WS-Policy provides a grammar for expressing Web services
policies. The WS-Policy includes a set of security policy
assertions related to supporting the WS-Security specification
defined in WS-SecurityPolicy.
Ref: IBM CORPORATION. 2002. Security in a Web Services World: A Proposed
Architecture and Roadmap, White Paper, Version 1.0.
http://www-106.ibm.com/developerworks/library/ws-secroad/
Related Work (cont.)

WS-Authorization defines how Web services manage authorization data
and policies.

eXtensible Access Control Markup Language (XACML) defines the fine-
grained authorization and entitlement policies between subjects and
resources.

WS-Trust defines methods for issuing and exchanging security tokens for
establishing the presence of trust relationships.

WS-SecureConversation defines a security context based on security
tokens for secure communication.
Ref: IBM CORPORATION. 2002. Security in a Web Services World: A Proposed Architecture
and Roadmap, White Paper, Version 1.0.
http://www-106.ibm.com/developerworks/library/ws-secroad/
Conflict of Interest and Chinese Wall
Security Policy
By convention, security threats are usually thought to come
from outsiders.

In many cases, however, security problems arise in a well-
control environment from authorized insiders.

This means that a secure environment must not only ensure
that Web services are trusted but must also deal with other
security concerns such as conflict of interest.
Conflict of Interest and Chinese Wall
Security Policy (cont.)
Webster’s Dictionary defines “conflict of interest” as a conflict
between the private interests and the official responsibilities of
a person in a position of trust.

In bargaining games, conflict of interest is a property of the
preferences of the participants and the structure of the
situation in which they find themselves.

Conflict of Interest: CIR or CoI?
Conflict of Interest and Chinese Wall
Security Policy (cont.)
In the example of a loan application process in a financial
institution, the loan applicant should not hold a position of
authority, such as manager, in the financial institution which
approves his own application.

This is clearly an illustration of role/user conflict of interest
between the self-interest of the applicant and the correct
responsibilities of the manager, which is to approve loan
applications only if they satisfy the criteria.
Conflict of Interest and Chinese Wall
Security Policy (cont.)
A security policy is a set of rules and practices that specify or
regulate how a system or organization provides security
services to protected resources.

A security assertion is typically defined in the context of
security policy.

Risk analysis identifies security threats in a business process
and forms a set of security assertions, which refer to rules and
practices to regulate how sensitive or activity information is
managed and protected within a loosely coupled Web services
execution environment.
Conflict of Interest and Chinese Wall
Security Policy (cont.)
Chinese wall security policy is a real-world security policy in
the commercial sector.
Ref: BREWER, DAVID F. C. AND MICHAEL J. NASH. 1989. Chinese Wall Security Policy.
Proceedings of the Symposium on Security and Privacy, 206-214.


The major objective of the Chinese wall security policy is to
prevent information flows which cause conflict of interest for
individual consultants.

The Chinese wall security policy contains a set of access
control rules such that no person can ever access data on the
wrong side of the wall.
Conflict of Interest and Chinese Wall
Security Policy (cont.)
Organization information is stored in datasets.

Initially, each consultant has the potential to access any
dataset.

Once a consultant has access to a dataset of a particular
organization, that consultant is not allowed access to datasets
of any other competing organization.

In the context of a matchmaking process, the set of
activities/Web services can be represented by the set of
objects/subjects respectively.
Conflict of Interest and Chinese Wall
Security Policy (cont.)
                                      T h e S e t o f O b je c ts - O




                C o n flic t o f In te r e s t                 C o n flic t o f In te r e s t
                        C la s s 1               . . . . . .           C la s s N




    O b je c t 1 .1 . . . O b je c t 1 .M        . . . . . .     O b je c t N .1 . . . O b je c t N .M

The Conceptual Model of Chinese Wall Security Policy
Conflict of Interest and Chinese Wall
Security Policy (cont.)
Conflict of interest information may be valid only over a certain
period of time, so that after some point there is no conflict.

We should permit the specification of a session (timeframe) for
the conflicting objects.

Service locators are required to ensure that the commercial
secrets of clients do not leak via Web services execution.

We apply the Chinese wall security policy to deal with this
security requirement.
Specifying Conflict of Interest Assertions
in WS-Policy

                    R e tr ie v e                                      R e tr ie v e
   W eb                                                                                              W eb
                P a tie n t H e a lth                              P a tie n t H e a lth
 S e r v ic e                                                                                      S e r v ic e
                  R e c o rd s a t                                   R e c o rd s a t
      A                                                                                                 B
                   H o s p ita l 1                                    H o s p ita l 2




                 P a t ie n t H e a lth                                 P a tie n t H e a lth
                 R e c o r d s w it h                                   R e c o r d s w ith
                S o c ia l S e c u r ity                               S o c ia l S e c u r it y
                      Num ber                                                N um ber




                                               In te g r a te                                        W eb
                                           P a tie n t H e a lth                                   S e r v ic e
                                               R e c o rd s                                             C
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)
We can create a conflict of interest class for these three
conflicting activities:
    – Class1 = {“Retrieve Patient Health Records at Hospital
       1,” “Retrieve Patient Health Records at Hospital 2,”
       “Integrate Patient Health Records”}.

This means that no Web service can execute more than one
activity from the Class1.
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)
                                          T h e S e t o f O b je c ts - O




                 C o n flic t o f In te r e s t                    C o n flic t o f In te r e s t
                         C la s s 1               . . . . . .              C la s s N




     Retrieve        Retrieve
  Patient c t 1 Patient . O b
                                    Integrate
  O b j e Health . 1 . . Health j e c t 1 . M
                                 Patient Health
                                                  . . . . . .        O b je c t N .1 . . . O b je c t N .M
    Records at      Records at
                                    Records
    Hospital 1      Hospital 2
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)
The biggest obstacle facing the adoption of Web services is the
development and standardization of the semantics required to allow
different services to communicate with each other.

A Web service security model must support protocol-independent,
declarative security policies that the service locator can enforce in order to
securely assign activities to Web services.

This approach is to define them in WS-Policy and then associate them
through an external binding to the service locators.

WS-PolicyAttachment defines how to attach these policies to Web services
or other subjects such as service locators.
Ref: IBM CORPORATION. 2002. Security in a Web Services World: A Proposed Architecture
and Roadmap, White Paper, Version 1.0. http://www-106.ibm.com/developerworks/library/ws-
secroad/
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)




Step 1: Specify CIR Classes in WS-Policy
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)




Step 2: Attach it to service locators by WS-PolicyAttachment
Specifying Conflict of Interest Assertions
in WS-Policy (cont.)
Note that this policy expression also constrains delegation
models at those appropriate Web services.

In this example, this means that no Web service in any
delegation model can execute two or more sub-activities
decomposed from more than two conflicting activities in the
Class1.
Prototype Implementation

We are currently implementing a prototype Web service for:
   – parsing conflict of interest classes from WS-Policy
   – interacting with a simulated service locator
   – detecting whether a matchmaking pattern exists conflict
     of interest for service locators

Using C# on .Net Framework…

Plan to demonstrate it in the First International Conference on
Web Services (ICWS'03), Monte Carlo Resort, Las Vegas,
Nevada, June 23 - 26, 2003.
Prototype Implementation (cont.)
Prototype Implementation (cont.)
Prototype Implementation (cont.)
Future Research – WS-Relationship

By “hierarchical structure and relationship” we mean the association
between web services, such as whether two Web services reside on the
same machine, in the same division or under the same enterprise system of
an organization.

Apply in the context of Web services matchmaking process to prevent a
covert channel!

WS-Federation describes how to manage and broker the trust relationships
in a heterogeneous federated environment including support for federated
identities. Bind with the Web Services Inspection Language (WSIL) that
complements UDDI by making it easier to discover available services on
Web sites not listed in the UDDI registries.
Future Research – WS-Relationship
(cont.)
Objective:
    – Combine the previous idea of Web Services
      Relationship Language (WSRL) from IBM and create a
      new language called WS-Relationship in the context of
      Web services matchmaking process.

Future work:
    – Writing a paper called “Specification of WS-
      Relationship.”

Parties involved: Dr. Liang-Jie Zhang with other researchers at
the IBM T. J. Watson Research Center and myself.
Conclusion

Some interesting recommendations from Larry Perlstein - “Web Services
Standards: De Facto, De Jure or Defunct?” U.S. Symposium/ITxpo, 2002.

Recommendations
    – Do not wait until everything is finalized. Start now with SOAP and
      WSDL. Track other standards as appropriate.
    – Do not let security concerns hold up Web services development…
      SSL and SAML will suffice for now.
    – Participate in standards development activities where you have a
      vested interest in the outcome or to stay abreast of developments.
    – Do not expect Web services to transform your business; use Web
      services to transform your processes.
Thank You Very Much!

								
To top