The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - April-June (2008 vol.1)
pp: 75-87
Lenin Singaravelu , VMware Inc.
Jinpeng Wei , Georgia Institute of Technology, Atlanta
ABSTRACT
Current web service platforms (WSPs) often perform all web services-related processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to security-sensitive information, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new information flow architecture that decomposes current WSPs into a small trusted T-WSP to handle security-sensitive data and a large, legacy untrusted U-WSP that provides the normal WSP functionality. To achieve end-to-end security, the application code is also decomposed into a small trusted part and the remaining untrusted code. The trusted part encapsulates all accesses to security-sensitive data through a Secure Functional Interface (SFI). To ease the migration of legacy applications to ISO-WSP, we developed tools to translate direct manipulations of security-sensitive data by the untrusted part into SFI invocations. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request. We also show that existing applications can be migrated to run on ISO-WSP with a few tens of lines of new and modified code.
INDEX TERMS
Web services, Security, TCBs
CITATION
Lenin Singaravelu, Jinpeng Wei, "A Secure Information Flow Architecture for Web Service Platforms", IEEE Transactions on Services Computing, vol.1, no. 2, pp. 75-87, April-June 2008, doi:10.1109/TSC.2008.10
REFERENCES
[1] Apache WSS4J, http://ws.apache.orgwss4j/, 2008.
[2] Axis2 Architecture Guide, http://ws.apache.org/axis2/1_0Axis2 ArchitectureGuide.html , 2008.
[3] D.E. Bell and L.J. La Padula, Secure Computer Systems: Unified Exposition and MULTICS Interpretation. MITRE Corp., 1976.
[4] The Castor Project, http:/www.castor.org/, 2008.
[5] JavaNCSS, http://www.kclee.de/clemens/javajavancss /, 2008.
[6] Microsoft. Web Services Specifications, http://msdn2.microsoft. com/en-us/webservices aa740689.aspx, 2008.
[7] OASIS Web Services Security (WSS) TC, http://www.oasis-open. org/committeeswss /, 2008.
[8] RUBiS, http://rubis.objectweb.orgindex.html, 2008.
[9] Secunia, IBM WebSphere Application Server 5.x—Vulnerability Report, http://secunia.com/product/2614?task=advisories , 2008.
[10] Secunia, Microsoft, .NET Framework 1.x—Vulnerability Report, http://secunia.com/product/667?task=advisories , 2008.
[11] Trusted Computing Group, https://www.trustedcomputing group.orghome , 2008.
[12] W3C, Web Services Architecture, http://www.w3.org/TRws-arch, 2008.
[13] XMLBench Document Model Benchmark, http://www.sosnoski. com/opensrcxmlbench /, 2008.
[14] D. Brumley and D.X. Song, “Privtrans: Automatically Partitioning Programs for Privilege Separation,” Proc. 13th USENIX Security Symp. (Security '04), Aug. 2004.
[15] M. Clarke, G.S. Blair, G. Coulson, and N. Parlavantzas, “An Efficient Component Model for the Construction of Adaptive Middleware,” Proc. IFIP/ACM Int'l Conf. Distributed Systems and Open Distributed Processing (Middleware '01), pp. 160-178, 2001.
[16] P. Efstathopoulos et al., “Labels and Event Processes in the Asbestos Operating System,” Proc. 20th ACM Symp. Operating Systems Principles (SOSP '05), 2005.
[17] M. Eichberg and M. Mezini, “Alice: Modularization of Middleware Using Aspect-Oriented Programming,” Proc. Fourth Int'l Workshop Software Eng. and Middleware (SEM '04), pp. 47-63, 2004.
[18] D. Engler, D. Chen, S. Hallem, A. Chou, and B. Chelf, “Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code,” Proc. 18th ACM Symp. Operating Systems Principles (SOSP '01), Oct. 2001.
[19] M. Hohmuth, M. Peter, H. Härtig, and J. Shapiro, “Reducing TCB Size by Using Untrusted Components—Small Kernels versus Virtual Machine Monitors,” Proc. 11th Workshop ACM SIGOPS European Workshop (EW), 2004.
[20] S.M. Kim and M.C. Rosu, “A Survey of Public Web Services,” Proc. 13th Int'l World Wide Web Conference Alternate Track Papers and Posters (WWW Alt. '04), pp. 312-313, May 2004.
[21] J. Kong, K. Schwan, and P. Widener, “Protected Data Paths: Delivering Sensitive Data via Untrusted Proxies,” Proc. Fourth Int'l Conf. Privacy, Security and Trust (PST '06), Oct. 2006.
[22] T.J. McCabe, “A Complexity Measure,” IEEE Trans. Software Eng., vol. SE-2, no. 4, pp. 308-320, Dec. 1976.
[23] N. Nagappan, T. Ball, and A. Zeller, “Mining Metrics to Predict Component Failures,” Proc. 28th Int'l Conf. Software Eng. (ICSE '06), Nov. 2006.
[24] S. Perera et al., “Axis2, Middleware for Next Generation Web Services,” Proc. IEEE Int'l Conf. Web Services (ICWS '06), pp. 833-840, Sept. 2006.
[25] A. Sabelfeld and A.C. Myers, “Language-Based Information-Flow Security,” IEEE J. Selected Areas in Comm., vol. 21, no. 1, pp. 5-19, Jan. 2003.
[26] R. Sailer, X. Zhang, T. Jaeger, and L.V. Doorn, “Design and Implementation of a TCG-Based Integrity Measurement Architecture,” Proc. 13th USENIX Security Symp. (Security '04), pp. 223-238, 2004.
[27] J.H. Saltzer and M.D. Schroeder, “The Protection of Information in Computer Systems,” Proc. IEEE, vol. 63, no. 9, pp. 1278-1308, Sept. 1975.
[28] L. Singaravelu, C. Pu, H. Haertig, and C. Helmuth, “Reducing TCB Complexity for Security-Sensitive Applications: Three Case Studies,” Proc. First ACM SIGOPS/EuroSys European Conf. Computer Systems (EuroSys '06), Apr. 2006.
[29] Z. Song, S. Lee, and R. Masuoka, “Trusted Web Service,” Proc. Second Workshop Advances in Trusted Computing (WATC), 2006.
[30] N. Venkatasubramanian et al., “Design and Implementation of a Composable Reflective Middleware Framework,” Proc. 21st Int'l Conf. Distributed Computing Systems (ICDCS '01), Apr. 2001.
[31] D. Wagner, J. Foster, E. Brewer, and A. Aiken, “A First Step towards Automated Detection of Buffer Overrun Vulnerabilities,” Proc. ISOC Network and Distributed System Security Symp. (NDSS), 2000.
[32] W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack, “HYDRA: The Kernel of a Multiprocessor Operating System,” Comm. ACM, vol. 17, no. 6, pp. 337-345, June 1974.
[33] S. Yoshihama, T. Ebringer, M. Nakamura, S. Munetoh, and H. Maruyama, “WS-Attestation: Efficient and Fine-Grained Remote Attestation on Web Services,” Proc. IEEE Third Int'l Conf. Web Services (ICWS '05), pp. 743-750, 2005.
[34] C. Zhang and H.-A. Jacobsen, “Refactoring Middleware with Aspects,” IEEE Trans. Parallel and Distributed Systems, vol. 14, no. 11, pp. 1058-1073, 2003.
[35] C. Zhang and H.-A. Jacobsen, “Resolving Feature Convolution with Horizontal Decomposition in Middleware,” Proc. 19th Ann. ACM SIGPLAN Conf. Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA '04), pp. 188-205, 2004.
23 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool