This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
A Secure Information Flow Architecture for Web Service Platforms
April-June 2008 (vol. 1 no. 2)
pp. 75-87
Jinpeng Wei, Georgia Institute of Technology, Atlanta
Lenin Singaravelu, VMware Inc.
Calton Pu, Georgia Institute of Technology, Atlanta
Current web service platforms (WSPs) often perform all web services-related processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to security-sensitive information, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new information flow architecture that decomposes current WSPs into a small trusted T-WSP to handle security-sensitive data and a large, legacy untrusted U-WSP that provides the normal WSP functionality. To achieve end-to-end security, the application code is also decomposed into a small trusted part and the remaining untrusted code. The trusted part encapsulates all accesses to security-sensitive data through a Secure Functional Interface (SFI). To ease the migration of legacy applications to ISO-WSP, we developed tools to translate direct manipulations of security-sensitive data by the untrusted part into SFI invocations. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request. We also show that existing applications can be migrated to run on ISO-WSP with a few tens of lines of new and modified code.

[1] Apache WSS4J, http://ws.apache.orgwss4j/, 2008.
[2] Axis2 Architecture Guide, http://ws.apache.org/axis2/1_0Axis2 ArchitectureGuide.html , 2008.
[3] D.E. Bell and L.J. La Padula, Secure Computer Systems: Unified Exposition and MULTICS Interpretation. MITRE Corp., 1976.
[4] The Castor Project, http:/www.castor.org/, 2008.
[5] JavaNCSS, http://www.kclee.de/clemens/javajavancss /, 2008.
[6] Microsoft. Web Services Specifications, http://msdn2.microsoft. com/en-us/webservices aa740689.aspx, 2008.
[7] OASIS Web Services Security (WSS) TC, http://www.oasis-open. org/committeeswss /, 2008.
[8] RUBiS, http://rubis.objectweb.orgindex.html, 2008.
[9] Secunia, IBM WebSphere Application Server 5.x—Vulnerability Report, http://secunia.com/product/2614?task=advisories , 2008.
[10] Secunia, Microsoft, .NET Framework 1.x—Vulnerability Report, http://secunia.com/product/667?task=advisories , 2008.
[11] Trusted Computing Group, https://www.trustedcomputing group.orghome , 2008.
[12] W3C, Web Services Architecture, http://www.w3.org/TRws-arch, 2008.
[13] XMLBench Document Model Benchmark, http://www.sosnoski. com/opensrcxmlbench /, 2008.
[14] D. Brumley and D.X. Song, “Privtrans: Automatically Partitioning Programs for Privilege Separation,” Proc. 13th USENIX Security Symp. (Security '04), Aug. 2004.
[15] M. Clarke, G.S. Blair, G. Coulson, and N. Parlavantzas, “An Efficient Component Model for the Construction of Adaptive Middleware,” Proc. IFIP/ACM Int'l Conf. Distributed Systems and Open Distributed Processing (Middleware '01), pp. 160-178, 2001.
[16] P. Efstathopoulos et al., “Labels and Event Processes in the Asbestos Operating System,” Proc. 20th ACM Symp. Operating Systems Principles (SOSP '05), 2005.
[17] M. Eichberg and M. Mezini, “Alice: Modularization of Middleware Using Aspect-Oriented Programming,” Proc. Fourth Int'l Workshop Software Eng. and Middleware (SEM '04), pp. 47-63, 2004.
[18] D. Engler, D. Chen, S. Hallem, A. Chou, and B. Chelf, “Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code,” Proc. 18th ACM Symp. Operating Systems Principles (SOSP '01), Oct. 2001.
[19] M. Hohmuth, M. Peter, H. Härtig, and J. Shapiro, “Reducing TCB Size by Using Untrusted Components—Small Kernels versus Virtual Machine Monitors,” Proc. 11th Workshop ACM SIGOPS European Workshop (EW), 2004.
[20] S.M. Kim and M.C. Rosu, “A Survey of Public Web Services,” Proc. 13th Int'l World Wide Web Conference Alternate Track Papers and Posters (WWW Alt. '04), pp. 312-313, May 2004.
[21] J. Kong, K. Schwan, and P. Widener, “Protected Data Paths: Delivering Sensitive Data via Untrusted Proxies,” Proc. Fourth Int'l Conf. Privacy, Security and Trust (PST '06), Oct. 2006.
[22] T.J. McCabe, “A Complexity Measure,” IEEE Trans. Software Eng., vol. SE-2, no. 4, pp. 308-320, Dec. 1976.
[23] N. Nagappan, T. Ball, and A. Zeller, “Mining Metrics to Predict Component Failures,” Proc. 28th Int'l Conf. Software Eng. (ICSE '06), Nov. 2006.
[24] S. Perera et al., “Axis2, Middleware for Next Generation Web Services,” Proc. IEEE Int'l Conf. Web Services (ICWS '06), pp. 833-840, Sept. 2006.
[25] A. Sabelfeld and A.C. Myers, “Language-Based Information-Flow Security,” IEEE J. Selected Areas in Comm., vol. 21, no. 1, pp. 5-19, Jan. 2003.
[26] R. Sailer, X. Zhang, T. Jaeger, and L.V. Doorn, “Design and Implementation of a TCG-Based Integrity Measurement Architecture,” Proc. 13th USENIX Security Symp. (Security '04), pp. 223-238, 2004.
[27] J.H. Saltzer and M.D. Schroeder, “The Protection of Information in Computer Systems,” Proc. IEEE, vol. 63, no. 9, pp. 1278-1308, Sept. 1975.
[28] L. Singaravelu, C. Pu, H. Haertig, and C. Helmuth, “Reducing TCB Complexity for Security-Sensitive Applications: Three Case Studies,” Proc. First ACM SIGOPS/EuroSys European Conf. Computer Systems (EuroSys '06), Apr. 2006.
[29] Z. Song, S. Lee, and R. Masuoka, “Trusted Web Service,” Proc. Second Workshop Advances in Trusted Computing (WATC), 2006.
[30] N. Venkatasubramanian et al., “Design and Implementation of a Composable Reflective Middleware Framework,” Proc. 21st Int'l Conf. Distributed Computing Systems (ICDCS '01), Apr. 2001.
[31] D. Wagner, J. Foster, E. Brewer, and A. Aiken, “A First Step towards Automated Detection of Buffer Overrun Vulnerabilities,” Proc. ISOC Network and Distributed System Security Symp. (NDSS), 2000.
[32] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack, “HYDRA: The Kernel of a Multiprocessor Operating System,” Comm. ACM, vol. 17, no. 6, pp. 337-345, June 1974.
[33] S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, and H. Maruyama, “WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services,” Proc. IEEE Third Int'l Conf. Web Services (ICWS '05), pp. 743-750, 2005.
[34] C. Zhang and H.-A. Jacobsen, “Refactoring Middleware with Aspects,” IEEE Trans. Parallel and Distributed Systems, vol. 14, no. 11, pp. 1058-1073, 2003.
[35] C. Zhang and H.-A. Jacobsen, “Resolving Feature Convolution with Horizontal Decomposition in Middleware,” Proc. 19th Ann. ACM SIGPLAN Conf. Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA '04), pp. 188-205, 2004.

Index Terms:
Web services, Security, TCBs
Citation:
Jinpeng Wei, Lenin Singaravelu, Calton Pu, "A Secure Information Flow Architecture for Web Service Platforms," IEEE Transactions on Services Computing, vol. 1, no. 2, pp. 75-87, April-June 2008, doi:10.1109/TSC.2008.10
Usage of this product signifies your acceptance of the Terms of Use.