Issue No. 02 - April-June (2008 vol. 1)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSC.2008.10
Jinpeng Wei , Georgia Institute of Technology, Atlanta
Lenin Singaravelu , VMware Inc.
Calton Pu , Georgia Institute of Technology, Atlanta
Current web service platforms (WSPs) often perform all web services-related processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to security-sensitive information, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new information flow architecture that decomposes current WSPs into a small trusted T-WSP to handle security-sensitive data and a large, legacy untrusted U-WSP that provides the normal WSP functionality. To achieve end-to-end security, the application code is also decomposed into a small trusted part and the remaining untrusted code. The trusted part encapsulates all accesses to security-sensitive data through a Secure Functional Interface (SFI). To ease the migration of legacy applications to ISO-WSP, we developed tools to translate direct manipulations of security-sensitive data by the untrusted part into SFI invocations. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request. We also show that existing applications can be migrated to run on ISO-WSP with a few tens of lines of new and modified code.
Web services, Security, TCBs
L. Singaravelu, C. Pu and J. Wei, "A Secure Information Flow Architecture for Web Service Platforms," in IEEE Transactions on Services Computing, vol. 1, no. , pp. 75-87, 2008.