SECURING COMPOSITE WEB SERVICES

1
SECURING COMPOSITE WEB SERVICES

• Prathima Rao

2
Objective

• The main objective of this work is to provide a
  flexible language framework for expressing
  security policies for composite web services.

3
Composite Web Service

• A combination of available web services that
  expresses a business process. For example,
• A FreightMixer is a composite web service that
  interacts with various shipping providers (also
  web services) to provide end-to-end freight
  service for its customers.
• Business Process Execution Language (BPEL)1
• language used to build a composite WS. The
  process of constructing a composite WS is often
  referred to as orchestration.

4
Security of WS

• Task level security
• Concerns issues like message authentication,
  authorization, integrity, etc.
• WS-Security, WS-Policy are standards for
  specifying these task level requirements.
• Process level security
• Concerns with business rules specific to a
  particular application domain. For example in
  the case of FreightMixer service, it may be
  necessary to ensure that an item being shipped to
  country X is not banned in that country.

5
Related Work

• AO4BPEL2
• Aspect-oriented extensions to BPEL
• XACML3
• Access-control policy language with
  request/response language
• Ponder4
• Declarative object-oriented policy language for
  large distributed systems
• Rei5, KaOS6
• Ontology based semantic policy frameworks.

6
Related Work

• Polymer7
• Java based domain specific language for
  specifying and enforcing security policies.
• Provides a Policy class which contains
• An effect free query method that determines how
  to react to a security sensitive active by
  providing suggestions.
• A security state
• Methods to update security state.
• Can be regarded as an implementation of an edit
  automata.

7
Case Study Vacation Planner

• Composite web service that acts as a travel
  agent.

8
Case Study Vacation Planner

• Each of the web services has a set of methods and
  policies. A BPEL fragment for VP is shown below

9
Case Study Vacation PlannerSecurity
requirements

• Airline web service
• Authenticated and encrypted messages
• Hotel web service
• Authentication and integrity of all transactions
• All customers need to have a valid passport no.
• Vacation Planner composite web service
• Authentication and integrity of all transactions
• Ensure that no customer needs to reveal his
  passport no.
• Ensure that there are no timing conflicts in the
  booking of the various services.

10
Proposed SolutionExtensions to BPEL

• The idea is incorporate the Policy class proposed
  in the Polymer work into BPEL.
• The activities participating in the BPEL
  compositions are security sensitive actions.
• The query method monitors each activity and
  offers suggestions like insert new code, replace
  activity etc. For example code can be inserted to
  check for conflicts.
• Suggestions allow semantically meaningful
  compositions of security policies. For example
  two policies cannot replace the same activity.

11
Extensions to BPEL

• The set of suggestions can be extended to enable
  more domain specific conflict detections.
• With the Policy extension both task level and
  process level security requirements for VP can be
  specified.
• A Conflict class which be further extended for a
  particular domain can also be incorporated.

12
Extensions to BPEL

• An example of the BPEL code with extended
  Policy
• class is given below

13
Extensions to BPEL
14
Future Work

• Static Typing
• A flexible type system to ensure that run-time no
  security policy violations can occur and that no
  conflicts in policies will arise.
• Criteria based composition of web services
• Compose web services based on some user specified
  criteria. For example, compose services so as
  minimize the amount personal information that
  needs to be divulged.
• Fault tolerance
• What must happen when some service suddenly
  aborts ? Dynamic reconfiguration and conflict
  checking of security policies.

15
Contributions

• Proposes enhancements to BPEL that
• Enables centralized and modular enforcement of
  security policies for composite web services.
• Provides a language framework that enables
  semantically meaningful composition of security
  policies and also specification of conflict
  detection code.
• Outlines new research directions in the domain of
  composite web services.

16
References

• F. Curbera et.al. Web services business process
  execution language version 2.0. In OASIS, Dec
  2004.
• A. Char et.al. Aspect-oriented web service
  composition with ao4bpel. In European Conference
  On Web Services(ECOWS), 2004.
• Xacml 2.0 - oasis standard. 2004.
• N. Damianou et.al. Ponder a language for
  specifying security and management policies for
  distributed systems. Technical report, Imperial
  College, Oct 2000.
• L. Kagal et.al. Ponder A policy language for
  pervasive computing environment. In Policy
  Workshop on Policies for Distributed Systems and
  Networks.,2004
• A. Uszok et. al. Kaos policy and domain services
  Toward a description logic approach to policy
  representation, deconiction, and enforcement. In
  Policy Workshop on Policies for Distributed
  Systems and Networks., 2003.
• L. Bauer et.al. Composing security policies with
  polymer. In Programming Languages Design And
  Implementation(PLDI), 2005.