A Secure Information Flow Architecture for Web Services

Current Web service platforms (WSPs) often perform all Web services-related processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to security-sensitive information such as credit card numbers, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new information flow architecture that decomposes current WSPs into two parts executing in separate protection domains: (1) a small trusted T-WSP to handle security-sensitive data, and (2) a large, legacy untrusted U-WSP that provides the normal WSP functionality, but uses the T-WSP for security-sensitive data handling. By restricting security-sensitive data access to T-WSP, ISO-WSP reduces the software complexity of trusted code, thereby improving the testability of ISO-WSP. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request.

[1]  Karsten Schwan,et al.  Protected data paths: delivering sensitive data via untrusted proxies , 2006, PST.

[2]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[3]  Trent Jaeger,et al.  Design and Implementation of a TCG-based Integrity Measurement Architecture , 2004, USENIX Security Symposium.

[4]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[5]  Nalini Venkatasubramanian,et al.  Design and implementation of a composable reflective middleware framework , 2001, Proceedings 21st International Conference on Distributed Computing Systems.

[6]  David M. Booth,et al.  Web Services Architecture , 2004 .

[7]  David Brumley,et al.  Privtrans: Automatically Partitioning Programs for Privilege Separation , 2004, USENIX Security Symposium.

[8]  Calton Pu,et al.  A Secure Middleware Architecture for Web Services , 2007 .

[9]  Hermann Härtig,et al.  Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors , 2004, EW 11.

[10]  G. M. Siddesh,et al.  Reliable Data Replication Middleware for Next Generation Web Services , 2010 .

[11]  Andrew C. Myers,et al.  JFlow: practical mostly-static information flow control , 1999, POPL '99.

[12]  André van der Hoek,et al.  Software Engineering and Middleware , 2002, Lecture Notes in Computer Science.

[13]  Calton Pu,et al.  Reducing TCB complexity for security-sensitive applications: three case studies , 2006, EuroSys.

[14]  Peter Senker,et al.  Working with expert systems: Three case studies , 2005, AI & SOCIETY.

[15]  Srinath Perera,et al.  Axis2, Middleware for Next Generation Web Services , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[16]  Hans-Arno Jacobsen,et al.  Resolving feature convolution in middleware systems , 2004, OOPSLA.

[17]  Gordon S. Blair,et al.  An Efficient Component Model for the Construction of Adaptive Middleware , 2001, Middleware.

[18]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[19]  Michael Eichberg,et al.  Alice: Modularization of Middleware Using Aspect-Oriented Programming , 2004, SEM.

[20]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[21]  Tim Ebringer,et al.  WS-attestation: efficient and fine-grained remote attestation on Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[22]  Hans-Arno Jacobsen,et al.  Refactoring Middleware with Aspects , 2003, IEEE Trans. Parallel Distributed Syst..

[23]  William A. Wulf,et al.  HYDRA , 1974, Commun. ACM.

[24]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[25]  Marcel-Catalin Rosu,et al.  A survey of public web services , 2004, WWW Alt. '04.

[26]  Andreas Zeller,et al.  Mining metrics to predict component failures , 2006, ICSE.