Making a Federal Case out of Web Services Security

SOA in Action Blog

« For Insurance, Business Intelligence is the Killer SOA App | Main | SOA Without the Middleware? »

August 31, 2007

Making a Federal Case out of Web Services Security

The US Government, which knows a thing or two about security, has just issued a guide to Web services security, entitled NIST Special Publication 800-95, “Guide to Secure Web Services.” (The full PDF of the guide is available for download from the National Institute for Standards and Technology here.)

The guide, written with the help of consultants from Booz Allen Hamilton, points to the following issues plague Web services security:

o Confidentiality and integrity of data that is transmitted via Web services protocols in service-to-service transactions, including data that traverses intermediary services

o Functional integrity of the Web services that requires the establishment of trust between services on a transaction-by-transaction basis

o Availability in the face of denial of service attacks that exploit vulnerabilities unique to Web service technologies, especially targeting core services, such as discovery service, on which other services rely.

o SOAs are dynamic and can seldom be fully constrained to the physical boundaries of a single network.

o SOAP is transmitted over HyperText Transfer Protocol (HTTP), which is allowed to flow without restriction through most firewalls.

o Transport Layer Security (TLS), which is used to authenticate and encrypt Web-based messages, is inadequate for protecting SOAP messages because it is designed to operate between two endpoints. TLS cannot accommodate Web services' inherent ability to forward messages to multiple other Web services simultaneously.

The NIST guide makes the following recommendations for ensuring the security of Web services transactions:

Replicate Data and Services to Improve Availability. Since Web services are susceptible to DoS attacks, it is important to replicate data and applications in a robust manner. Replication and redundancy can ensure access to critical data in the event of a fault. It will also enable the system to react in a coordinated way to deal with disruptions.

Use Logging of Transactions to Improve Non-repudiation and Accountability. Non-repudiation and accountability require logging mechanisms involved in the entire Web service transaction. As of early 2007, there are few implemented logging standards that can be used across an entire SOA. In particular, the level of logging provided by various UDDI registries, identity providers, and individual Web services varies greatly. Where the provided information is not sufficient to maintain accountability and non-repudiation, it may be necessary to introduce additional software or services into the SOA to support these security requirements.

Use Threat Modeling and Secure Software Design Techniques to Protect from Attacks. The objective of secure software design techniques is to ensure that the design and implementation of Web services software does not contain defects that can be exploited. Threat modeling can find security strengths and weaknesses, discover vulnerabilities and provide feedback into the security life cycle of the application. Software security testing should include security-oriented code reviews and penetration testing.

Use Performance Analysis and Simulation Techniques for End to End Quality of Service and Quality of Protection. Queuing networks and simulation techniques have long played critical roles in designing, developing and managing complex information systems. Similar techniques can be used for quality assured and highly available Web services. Enterprise systems with several business partners must complete business processes in a timely manner to meet real time market conditions. The dynamic and compositional nature of Web services makes end-to-end QoS management a major challenge for service-oriented distributed systems.

Digitally Sign UDDI Entries to Verify the Author of Registered Entries. UDDI registries openly provide details about the purpose of a Web service as well as how to access it. Should an attacker compromise a UDDI entry, it would be possible for requesters to bind to a malicious provider. Therefore, it is important to digitally sign UDDI entries so as to verify the publisher of these entries.

Enhance Existing Security Mechanisms and Infrastructure. Web services rely on many existing Internet protocols and often coexist with other network applications on an organization’s network. As such, many Web service security standards, tools, and techniques require that traditional security mechanisms, such as firewalls, intrusion detection systems (IDS), and secured operating systems, are in effect before implementation or deployment of Web services applications.

Posted by joemckendrick in Management | Digg This | Add to del.icio.us