Bringing Semantic Security to Semantic Web Services

1
Bringing Semantic Security to Semantic Web
Services

• B. Ramamurthy

2
Introduction

• Humans can read web pages and understand them,
  but their inherent meaning is not shown in a way
  that allows their interpretation by a computer
  (program).
• One way to enable machine-to-machine exchange and
  automated processing is to provide the
  information in such as way that computers can
  understand it.
• This is precisely the objective of the semantic
  web.
• The next generation of the Web will combine
  existing Web technologies with knowledge
  representation formalisms.

3
Semantic Web Services
Web Services
Semantic Web Services
dynamic
WWW
Semantic Web
static
4
RDF, OWL, WSDL-S

• RDF is a standard for creating descriptions of
  information. RDF is for simple semantics.
• OWL provides a language for defining structured
  web-based ontologies which allows a richer
  integration and interoperability of data among
  communities and domains.
• WSDL-S establishes a mapping between WSDL
  descriptions and ontological concepts.

5
WSDL-S Example

• Semantics can be added to operations, messages,
  preconditions and efforts
• xmlnssm http//dme.uma.pt/jcardoso/StudentMng.ow
  l
• ltinterface name StudentmanagmentUMAgt
• ltoperation name RegisterStudent gt
• ltaction element smRegisterStudent /gt
• ..
• ltinput messageLabel ID element
  smstudentID /gt
• ltoutput messageLabel student element
  smStudentInfo /gt
• ..
• lt/interfacegt

6
Authoring Tool for WSDL-S

• To create, represent, and manipulate WSDL-S
  documents WSDL4J can be used.
• WSDL4J provides Java APIs for WSDL parsing and
  generation.
• WSDL4J supports extensibility elements providing
  an easy mechanism to add new extensions.

7
Web Services Security Background

• Standards are proposed or accepted regarding
  authentication, encryption, and identity
  management.
• RSA encryption, XML signatures , SAML Security
  Assertion Markup Language
• There are 5 fundamental areas to consider
  Message level protection, Message privacy,
  parameter checking, authentication, and
  authorization.
• This is application layer security (not network
  layer security).

8
Application of RSA

• Lets say a person in Atlanta wants to send a
  message M to a person in Buffalo
• Atlanta encrypts message using Buffalos public
  key B ? E(M,B)
• Only Buffalo can read it using it private key b
  E(b, E(M,B)) ? M
• In other words for any public/private key pair
  determined as previously shown, the encrypting
  function holds two properties
• E(p, E(M,P)) ? M
• E(P, E(M,p)) ? M

9
How can you authenticate sender?

• In real life you will use signatures we will
  look at concept of digital signatures next.
• Instead of sending just a simple message, Atlanta
  will send a signed message signed by Atlantas
  private key
• E(B,E(M,a))
• Buffalo will first decrypt using its private key
  and use Atlantas public key to decrypt the
  signed message
• E(b, E(B,E(M,a)) ? E(M,a)
• E(A,E(M,a)) ? M

10
Digital Signatures

• Strong digital signatures are essential
  requirements of a secure system. These are needed
  to verify that a document is
• Authentic source
• Not forged not fake
• Non-repudiable The signer cannot credibly deny
  that the document was signed by them.

11
Digest Functions

• Are functions generated to serve a signatures.
  Also called secure hash functions.
• It is message dependent.
• Only the Digest is encrypted using the private
  key.

12
Alices bank account certificate
1.
Certificate type

Account number
2.
Name

Alice
3.
Account

6262626
4.
Certifying authority

Bobs Bank
5.
Signature

Digest(field 2 field 3)
KBpriv
13
Digital signatures with public keys
14
Message Privacy

• Deals with confidentiality of messages.
• Message header has token and signature.
• Typically WS are chained together to form a
  complex service.
• In this situation we need end-to-end encryption
  schemes. Scheme such as SSL will not suffice.
• Solution XML encryption allows for encryption of
  any combination of the message body, header,
  attachments, and sub-structures.

15
XML Signature

• Service requestor encrypts the message and the
  signature information in the header it may
  specify in the header that it used providers
  public key.
• Private key of the provider is then used decrypt
  the XML request.
• XML Encryption allows for multiple keys to be
  used for encrypting different sections thus
  allowing intermediaries to access parts of the
  message.

16
Message level Protection

• Message level protection has to with message
  integrity. How do assure that the message has not
  been modified?
• This is done by creating a message digest.
• Digest is a cryptographic checksum of an octet
  stream which is created using an algorithm, say,
  SHA-1 algorithm.
• Provider gets the message, its digest as
  signature and type of algorithm used to create
  the digest. It creates the digest and compares
  with the one from the sender and verifies the
  integrity of the messages.

17
Message validity

• Message validity is ensuring that the contents of
  a message are appropriate to the service and that
  they are well formed.
• You check the types used and operations used are
  valid.
• SQL injection is a common malicious code. Typical
  identification method is to look for
  (semicolon) that allows for SQL commands to
  follow.

18
Authentication

• Authentication is verifying that the requester is
  who he/she claims to be.
• In a typically closed environment user name /
  password
• If the sender previously unknown send credential
  to verify oneself.
• Trusted authorities issues certificates that can
  be used as credential. (Verified by Verisign)

19
Authorization

• In any organization, data located may have levels
  of sensitivity. Ex grades and student personal
  information in a university Infosource at UB.
• Authorization is granting of rights which
  includes the granting of access based on access
  rights.
• This typically takes place after authentication.
• Three most common access control implementations
• Access matrix
• Access Control List (ACL)
• Role Based Access Control (RBAC)

20
Access Matrix

• A general model of access control as exercised by
  a file or database management system is that of
  an access matrix.
• Basic elements of the model are
• Subject An entity capable of accessing objects.
  The concept of subject equates that of a process.
• Object Anything to which access is controlled.
  Ex files, programs, segments of memory.
• Access right The way in which an object is
  accesses by the subject. Examples read, write,
  and execute.

21
Access Matrix (contd.)
File 1
File 2
File 3 File 4 Acct1 Acct2 Printer1
Own R, W
Own R, W
Inquiry Credit
userA
Inquiry Credit
Own R, W
Inquiry Debit
R
W
R
P
userB
Inquiry Debit
Own R, W
R,W
R
userC
22
Access Matrix Details

• Row index corresponds to subjects and column
  index the objects.
• Entries in the cell represent the access
  privileges/rights.
• In practice, access matrix is quite sparse and is
  implemented as either access control lists (ACLs)
  or capability tickets.

23
ACLs

• Access matrix can be decomposed by columns,
  yielding access control lists.
• For each object access control list lists the
  users and their permitted access rights.
• The access control list may also have a default
  or public entry to covers subjects that are not
  explicitly listed in the list.
• Elements of the list may include individual as
  well group of users.

24
WS Security

• Access Control Scheme
• name/password
• access token associated with each process object
  indicating privileges associated with a user
• security descriptor
• access control list
• used to compare with access control list for
  object

25
Access Token (per user/subject)
Security ID (SID)
Group SIDs
Privileges
Default Owner
Default ACL
26
Security Descriptor (per Object)
Flags
Owner
System Access Control List (SACL)
Discretionary Access Control List (DACL)
27
Access Control List
ACL Header
ACE Header
Access Mask
SID
ACE Header
Access Mask
SID
. . .
28
Access Mask
Delete
Read Control
Write DAC
Write Owner
Generic Access Types
Synchronize
Standard Access Types
Specific Access Types
Access System Security
Maximum allowed
Generic All
Generic Execute
Generic Write
Generic Read
29
Access Control Using ACLs

• When a process attempts to access an object, the
  object manager in security executive reads the
  SID and group SIDs from the access token and
  scans down the objects DACL.
• If a match is found in SID, then the
  corresponding ACE Access Mask provides the access
  rights available to the process.

30
RBAC

• In 2004 the National Institute of Standards and
  Technology (NIST) published a standard for
  defining the features of the Role Based Access
  Control (RBAC).
• Two parts (i) Reference model and (ii) System
  and Administrative functions.
• Reference model objects, operations,
  permissions, roles and users (in-band artifacts)
• Administrative model system functionality,
  administrative operations and reviews.

31
RBAC Details

• RBAC starts with Permission sets.
• Permission express a privilege to access a
  resource.
• Examples of permission create a file, access
  grades information (ublearns)
• Next steps is defines Roles and assigning
  permissions to Roles.
• Examples of roles Physician, Reviewer
• Scenario driven approach is typically used to
  connect roles to permissions.
• Upper level ontology in SWS should map Users,
  Roles, Groups etc. to the ontology.