Behavioral attestation for web services (BA4WS)

Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments. However, such dynamic collaborations require a highly secure environment at each respective business partner site. Existing web services standards address the issue of security only on the service provider platform. The partner platforms to which sensitive information is released have till now been neglected. Remote Attestation is a relatively new field of research which enables an authorized party to verify that a trusted environment actually exists on a partner platform. To incorporate this novel concept in to the web services realm, a new mechanism called WS-Attestation has been proposed. This mechanism provides a structural paradigm upon which more fine-grained solutions can be built. In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services level. We propose a new type of XACML policy called XACML behavior policy, which defines the expected behavior of a partner platform. Existing web service standards are used to incorporate remote attestation at the web services level and a prototype is presented, which implements XACML behavior policy using low-level attestation techniques.

[1]  Mark O'Neill,et al.  Web Services Security , 2003 .

[2]  Ahmad-Reza Sadeghi,et al.  Property-based attestation for computing platforms: caring about properties, not mechanisms , 2004, NSPW '04.

[3]  Jean-Pierre Seifert,et al.  Model-based behavioral attestation , 2008, SACMAT '08.

[4]  Jean-Pierre Seifert,et al.  Usage control platformization via trustworthy SELinux , 2008, ASIACCS '08.

[5]  Bob Atkinson Web Services Security (WS-Security) , 2003 .

[6]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[7]  Elaine Shi,et al.  BIND: a fine-grained attestation service for secure distributed systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[8]  Nataraj Nagaratnam,et al.  Web Services Security ( WS-Security ) Version 1 . 0 05 April 2002 , 2002 .

[9]  Siani Pearson,et al.  Trusted Computing Platforms: TCPA Technology in Context , 2002 .

[10]  David Caplan,et al.  SELinux by Example: Using Security Enhanced Linux (Prentice Hall Open Source Software Development Series) , 2006 .

[11]  Tim Ebringer,et al.  ws-Attestation: Enabling Trusted Computing on Web Services , 2007, Test and Analysis of Web Services.

[12]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[13]  Vijay Varadharajan,et al.  Trust management for trusted computing platforms in web services , 2007, STC '07.

[14]  Leendert van Doorn,et al.  Take control of TCPA , 2003 .

[15]  Trent Jaeger,et al.  PRIMA: policy-reduced integrity measurement architecture , 2006, SACMAT '06.

[16]  Jean-Pierre Seifert,et al.  A Model-Driven Framework for Trusted Computing Based Systems , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[17]  Dennis G. Kafura,et al.  First experiences using XACML for access control in distributed systems , 2003, XMLSEC '03.

[18]  Giovanni Della-Libera,et al.  Web Services Trust Language (WS-Trust) , 2002 .