1 / 66

Web Data and Application Security Kodali, Farkas and Wijesekera

Web Data and Application Security Kodali, Farkas and Wijesekera. Reading. Word Wide Web Consortium, http://www.w3.org/ Organization for the Advancement of Structure Information Standards, http://www.oasis-open.org/home/index.php

lacy
Download Presentation

Web Data and Application Security Kodali, Farkas and Wijesekera

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Data and Application Security Kodali, Farkas and Wijesekera

  2. Reading • Word Wide Web Consortium, http://www.w3.org/ • Organization for the Advancement of Structure Information Standards, http://www.oasis-open.org/home/index.php • Web Services Interoperability Organization, http://www.ws-i.org/ • Workshop on Secure Web Services, http://sws06.univ-pau.fr/ • Semantic Web Security, http://www.cse.sc.edu/research/isl/SSW/index.shtml

  3. Web Evolution • Past: Human usage • HTTP • Static Web pages (HTML) • Current: Human and some automated usage • Interactive Web pages • Web Services (WSDL, SOAP, SAML) • Semantic Web (RDF, OWL, RuleML, Web databases) • XML technology (data exchange, data representation) • Future: Semantic Web Services

  4. Semantic Web From: T.B. Lee

  5. Web Services “…a software system designed to support interoperable machine-to-machine interaction over a network.” W3C From: Wikipedia

  6. WS Components • SOAP: An XML-based, extensible message envelope format, with "bindings" to underlying protocols • WSDL: An XML format that allows service interfaces to be described, along with the details of their bindings to specific protocols. • UDDI: A protocol for publishing and discovering metadata about Web services, to enable applications to find Web services, either at design time or runtime. • WS-Security: Defines how to use XML Encryption and XML Signature in SOAP to secure message exchanges.

  7. SOAP • Simple Object Access Protocol: a protocol for exchanging XML-based messages over computer network, normally using HTTP (from W3C) • Foundation layer of the Web services stack • Different types of messaging patterns: • Remote Procedure Call (RPC) – most popular • Service-Oriented Architecture (SOA) • RESTful Web Services • SOAP Envelop

  8. UDDI • Universal Description, Discovery, and Integration: a platform-independent, XML-based registry for businesses worldwide to list themselves on the Internet (from OASIS) • Support: • businesses to publish service listings • discover each other • define how the services or software applications interact over the Internet • Components: • White Pages — address, contact, and known identifiers • Yellow Pages — industrial categorizations based on standard taxonomies • Green Pages — technical information about services exposed by the business

  9. WS-Security • WS-Security (Web Services Security): a communications protocol providing a means for applying security to Web Services • From: originally by IBM, Microsoft, and VeriSign, the protocol is now officially called WSS and developed via committee in Oasis-Open • Defines how integrity and confidentiality can be enforced on Web Services messaging • Use of SAML and Kerberos, and certificate formats • Incorporates security features in the header of a SOAP message, working in the application layer (different from TLS-based security)

  10. WS Policy • WS-Policy: a specification that allows web services to use XML to advertise their policies (on security, Quality of Service, etc.) and for web service consumers to specify their policy requirements

  11. W3C Standard Maturation • Working Draft (WD): published for review by "the community" • Candidate Recommendation (CR): a version of the standard that is more firm than the WD • Proposed Recommendation (PR): the version of the standard that has passed the prior two levels • W3C Recommendation (REC): most mature stage of development • Later Revisions: updated by separately-published Errata

  12. WS Security Outline • Security on the Web • Data Security • Metadata Security • Application Security • Future Directions

  13. Outline • Security on the Web • Data Security • Access Control Models for Semi-Structured Data • Syntactic XML • Secure XML Views • XML UpdatesXML association object • XML and Semantics • SMIL • Inference Control • MetadataSecurity • Application Security • Future Directions

  14. Limitation of Research • Syntax-based • No association protection • Limited handling of updates • No data or application semantics • No inference control

  15. Outline • Security on the Web • Data Security • Access Control Models for Semi-Structured Data • Syntactic XML • Secure XML Views • XML UpdatesXML association object • XML and Semantics • SMIL • Inference Control • MetadataSecurity • Application Security • Future Directions

  16. Secure XML Views - Example medicalFiles <medicalFiles> UC <countyRec> S <patient> S <name>John Smith </name> UC <phone>111-2222</phone> S </patient> <physician>Jim Dale </physician> UC </countyRec> <milBaseRec> TS <patient> S <name>Harry Green</name> UC <phone>333-4444</phone> S </patient> <physician>Joe White </physician> UC <milTag>MT78</milTag> TS </milBaseRec> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White milTag MT78 patient patient name John Smith phone 111-2222 name Harry Green phone 333-4444 View over UC data

  17. Secure XML Views - Example cont. medicalFiles <medicalFiles> <countyRec> <patient> <name>John Smith</name> </patient> <physician>Jim Dale</physician> </countyRec> <milBaseRec> <patient> <name>Harry Green</name> </patient> <physician>Joe White</physician> </milBaseRec> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White patient patient name John Smith name Harry Green View over UC data

  18. Secure XML Views - Example cont. medicalFiles <medicalFiles> <tag01> <tag02> <name>John Smith</name> </tag02> <physician>Jim Dale</physician> </tag01> <tag03> <tag02> <name>Harry Green</name> </tag02> <physician>Joe White</physician> </tag03> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White patient patient name John Smith name Harry Green View over UC data

  19. Secure XML Views - Example cont. medicalFiles <medicalFiles> UC <countyRec> S <patient> S <name>John Smith</name> UC </patient> <physician>Jim Dale</physician> UC </countyRec> <milBaseRec> TS <patient> S <name>Harry Green</name> UC </patient> <physician>Joe White</physician> UC </milBaseRec> </medicalFiles> countyRec milBaseRec physician Jim Dale physician Joe White patient patient name John Smith name Harry Green View over UC data

  20. Secure XML Views - Example cont. medicalFiles <medicalFiles> <name>John Smith</name> <physician>Jim Dale</physician> <name>Harry Green</name> <physician>Joe White</physician> </medicalFiles> physician Jim Dale name John Smith physician Joe White name Harry Green View over UC data

  21. Secure XML Views - Solution • Multi-Plane DTD Graph (MPG) • Minimal Semantic Conflict Graph (association preservation) • Cover story • Transformation rules

  22. Multi-Plane DTD Graph <milBaseRec> D,medicalFiles UC <milTag> TopSecret S TS D, countyRec D, milBaseRec <countyRec> UC S TS D, physician <patient> D, patient D, milTag Secret <phone> UC S D, name D, phone <physician> <name> <medicalFiles> Unclassified MPG = DTD graph over multiple security planes

  23. Transformation - Example <milBaseRec> MPG <milTag> TS MSCG <countyRec> <patient> name phone S <phone> physician <medicalFiles> Security Space Secret UC <physician> <name>

  24. Transformation - Example <milBaseRec> <milTag> TS <countyRec> <patient> name S <phone> physician <emrgRec> <medicalFiles> MSCG UC <physician> <name> SP MPG

  25. Transformation - Example <milBaseRec> <milTag> TS <countyRec> <patient> S <phone>  <emrgRec> <medicalFiles> MSCG UC <physician> <name> SP MPG

  26. Transformation - Example <milBaseRec> <milTag> TS medicalFiles <countyRec> <patient> emergencyRec S <phone> physician <emrgRec> name <medicalFiles> UC <physician> <name> SP Data Structure MPG

  27. Outline • Security on the Web • Data Security • Access Control Models for Semi-Structured Data • Syntactic XML • Secure XML Views • XML Updates XML association object • XML and Semantics • SMIL • Inference Control • MetadataSecurity • Application Security • Future Directions

  28. Report P Title P Data P Date P Temperature ? P Images S Water Resources S Concrete Location S Civil Area S TS Defense Sector Delete - Example

  29. Delete Operations • Delete entire sub-tree under a deleted node • Most widely used approach • Problem: blind write • Delete only the viewable nodes • Problem: fragmentation of XML tree • Reject the delete • Problem: covert channel

  30. Different Solution – Deleted Label Basic Idea • A unique domain “Del” for deleted nodes • Change security classification of deleted node (o, {do  Del}) • Perform after delete operation • Change security clearance of users, where s = (s, {ds}) > (o, {do}) to ( (s, {ds}) , (o, {do  Del}) ) • Can be preprocessed • Use BLP axioms

  31. Report P Title P Data P Date P Temperature P Images (S,{Del}) Concrete Location (S,{Del}) Defense Sector TS Example - Top Secret View Subject clearances: (TS, {})  { (TS, {}) , (S, {Del}), (P, {Del}) } (S, {})  { (S, {}), (P, {Del}) } (P, {})  { (P, {}) }

  32. MedicalDb SSN Patient * Name Name Patient Phone Phone Birthdate Race * Diagnosis Date Patient Physician Prescription Comments Birthdate Allergies * Race Allergen Diagnosis Date Comments Node Association - Example DTD of Patient Health Record

  33. Object - Association level classification Node level classification + - + + + + Layered Access Control

  34. t1 t2 t3 t4 Simple Security Object o  ti :(ti) = (o)

  35. t1 t2 t3 t4 Association Security Object o  ti : (ti) < (o)

  36. // r d a b c v1 v1 Query Pattern FOR $x in //r LET $y := $x/d, $z := $x/a RETURN <answer> {$z/c} </answer> WHERE { $z/b==$y} Query Pattern

  37. Pattern Automata • Pattern Automata X = { S, Q, q0 , Qf , d } • S = E  A  { pcdata, //} • d is a transition function • Q = {q0 , … , qn} • Qf Q, (q0 Ï Qf) • Valid transitions on d are of the following form: s(qi, … ,qj)  qk • If d does not contain a valid transition rule, the default new state is q0

  38. // a b c Pattern Automata - Example • = { a, b, c, //} Q = {q0, qa, qb, qc} Qf = {qa} d= { b( )  qb , c( )  qc , a(qb,qc)  qa , *(qa)  qa } Association object Pattern Automata

  39. Outline • Security on the Web • Data Security • Access Control Models for Semi-Structured Data • Syntactic XML • Secure XML Views • XML UpdatesXML association object • XML and Semantics • SMIL • Inference Control • MetadataSecurity • Application Security • Future Directions

  40. Parallel Operator “PAR” VIDEO AUDIO AUDIO Sequential Operator “SEQ” VIDEO and AUDIO together VIDEO AUDIO VIDEO VIDEO after END of AUDIO Switch Operator “switch” VIDEO SILENCE If Condition A= TRUE, then only VIDEO AUDIO SILENCE If Condition B= TRUE, then only AUDIO SMIL

  41. SMIL vs. XML • In both, document = tree • BUT XML has NO intended semantics, SMIL specify runtime behavior • QoS (timeliness and continuity) specified using synchronization constructs <par>, <seq>, <excl> and others. • No Security for SMIL <smil> <seq> <par> <audio src=“http://www.example.org/Audio1.rm”> <video src=“http://www.example.org/Video1.rm”> </par> <par> <audio src=“http://www.example.org/Audio2.rm”> <video src=“http://www.example.org/Video2.rm”> </par> </seq> </smil> <smil> <seq> <par> <par> Video2 Video1 Audio1 Audio2

  42. t t+7 t+14 SEQ Audio 1 Audio 2 Audio 1 Audio 2 Video 1 Video 2 A1 A2 t t+7 t+14 SEQ Audio 1 Audio 2 Video 1 Video 2 Video 1 Video 2 V1 V2 PAR PAR t t+7 t+14 SEQ SEQ Audio 1 Audio 2 Audio 1 Audio 2 Video 1 Video 2 Video 1 Video 2 V1 V2 A1 A2 Object Identity in SMIL - I

  43. t t+7 t+14 SEQ Audio 1 Audio 2 Audio 1 Video 1 Video 2 Video 2 A1 V2 t t+7 t+14 SEQ Audio 2 Audio 1 Audio 2 Video 1 Video 1 Video 2 A2 V1 Audio 1 PAR Audio 2 Video 1 Video 2 PAR t t+7 t+14 SEQ SEQ Audio 1 Audio 2 Video 1 Video 2 V1 A2 A1 V2 Object Identity in SMIL - II

  44. t t+7 t+14 PAR Audio 1 Audio 2 Audio 1 Video 1 Video 2 Video 1 A1 V1 t t+7 t+14 PAR Audio 2 Audio 1 Audio 2 Video 2 Video 1 Video 2 V2 A2 Audio 1 SEQ Audio 2 Video 1 Video 2 SEQ t t+7 t+14 PAR PAR Audio 1 Audio 2 Video 1 Video 2 A2 V2 V1 A1 Object Identity in SMIL - III

  45. SMIL Normal Form SMIL Normal Form (smilNF) is of the form <seq> <par> C_1,1(s) C_1,2 (s) C_1,3 (s) .. C_1,n (s)</par> <par> ……………………..………………<par> <par> C_ m,1(s) C_m,2(s) C_ m,3 (s)..C_m,n (s)</par> </seq> where C i,j are audio or video, image or text media intervals.

  46. A1 A2 A3 B1 B2 B3 C1 C2 C3 D1 D2 D3 Normalization Algorithm SEQ SEQ 1 2 3 A1 A2 A3 A <PAR> <PAR> <PAR> B1 B2 B3 B <PAR> C1 C2 C3 C A1 B1 D1 C1 A3 B3 D3 C3 D1 D2 D3 D A2 B2 D2 C2 Representation 1 SEQ SEQ 1 2 3 A B <PAR> <PAR> <PAR> <PAR> C A1 C3 D B2 C2 D2 Representation 2

  47. <SEQ> <SEQ> <SEQ> <PAR> <PAR> (r1)<PAR> <PAR> <PAR> <PAR> (Empty) V1 A2 V2 A1 (r3)V1 (r1)A2 (r2)V2 A1 V1 A2 Metadata in SMIL - RBAC Example A1 RBAC metadata decorated SMIL Normal Form SMIL Normal Form Permitted view for Role 1

  48. Outline • Security on the Web • Data Security • Access Control Models for Semi-Structured Data • Syntactic XML • Secure XML Views • XML UpdatesXML association object • XML and Semantics • SMIL • Inference Control • MetadataSecurity • Application Security • Future Directions

  49. The Inference Problem General Purpose Database: Non-confidential data + Metadata Undesired Inferences Semantic Web: Non-confidential data + Metadata (data and application semantics) + Computational Power + Connectivity  Undesired Inferences

  50. Air show address fort address fort Association Graph • Association similarity measure • Distance of each node from the association root • Difference of the distance of the nodes from the association root • Complexity of the sub-trees originating at nodes • Example: XML document: Association Graph: Public Public, AC

More Related