Service-oriented Assurance

Transcription

1 Service-oriented Assurance Michael Waidner IBM Zurich Research, Security and Privacy Joint with Günter Karjoth, Matthias Schunter and Birgit Pfitzmann Riva San Vitale March 2006 Euro-Atlantic Symposium on Critical Information Infrastructure Assurance

2 IBM Research: 8 Labs, 3000 Researchers Almanden Established: 1986 Employees: 500 Watson Established: 1961 Employees: 1750 Zurich Established: 1955 Employees: 300 Beijing Established: 1995 Employees: 90 Austin Established: 1995 Employees: 40 Haifa Established: 1972 Employees: 500 Dehli Established: 1998 Employees: 60 Tokyo Established: 1982 Employees: Service-oriented Assurance Riva San Vitale March 23 rd, 2006

3 Security and Privacy Research Watson Secure Service Delivery SOA & Web Services Sec Language Security Cryptography & Privacy Biometrics & Surveillance Identity & Compli. Mgmt Secure Virtualization OS/Linux Security Wireless Security Secure HW Intrusion Defense Ethical Hacking Zurich Compliance Mgmt Crypto-based Security Identity Mgmt & Privacy Enterprise Key Mgmt Secure Identity Secure Trade Lane Security Event Mgmt Trusted Computing Beijing Compliance Almaden Digital Rights Mgmt Privacy & Data Mgmt Austin Haifa Storage Security Delhi Tokyo Compliance Web Services XACML/XML Worldwide ~110 researchers, 25+ in Zurich 3 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

4 1. Service-oriented Architecture (SOA) 2. Service-oriented Assurance (SOAS) 3. Conclusion 4 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

5 1. Service-oriented Architecture (SOA) 2. Service-oriented Assurance (SOAS) 3. Conclusion 5 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

6 Trend: Virtual Enterprises Trust Trust 5 Cross-Industry Value Coalition 4 Industry-Centric Value Web 3 Value Chain Visibility Legend Core Business 1 Isolated Operations 2 Select Trusted Partners Collaboration Collaboration Subsidiary Customer Partner/Channel Supplier/Outsourcer 6 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

7 Technical Basis: Service-Oriented Architecture Build Distributed Systems Based on Service Specifications Dynamically Across Multiple Domains 7 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

8 Service-Oriented Architecture Service Requestor Service Locator Service Broker Distributed system described through allowed interactions, i.e., services, between components. Service interfaces are published and discoverable. Service Provider Provider and requestor agree on type and quality of service through service level agreements (SLA). Source: David Booth et. al.: Web Services Architecture; W3C Working Draft 8 August Service-oriented Assurance Riva San Vitale March 23 rd, 2006

9 Web Services Security WS-Secure Conversation WS-Policy WS-Federation WS-Trust WS-Security WS-Authorization WS-Privacy SOAP Foundation Describes security mechanisms and policies 9 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

10 Open Problem: How to Justify Trust in Service? Service Requestor Service Locator Service Broker Service Provider Service-oriented Assurance SOAS enables products & services to express the offered degree of security as well as to assess the security of its components. Does it really work? 10 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

11 1. Service-oriented Architecture (SOA) 2. Service-oriented Assurance (SOAS) 3. Conclusion 11 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

12 Service Level Agreements (SLA) with Assurance Domain Comp SLA / Policy specifies properties and guarantees, including responsibilities, procedures, recourse Service (protocol) conveys evidence Comp SOAS Comp Comp SOAS Produces evidence (measurements, logs, signatures) articulate assurance assess assurance Comparison selection Service Service requestor can can make make a price/risk trade-off. Composition propagation Entity Entity can can derive derive its its own own assurances based based on on sub-service assurances. 12 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

13 Example: Integrity & Isolation Assurance for Medical Databases Property MediCare s database operations are strongly isolated from (other) business processes. Data integrity is preserved. Evidence Statements about the database and the operating system (product manufacturer) Statements about the administration of the database (MediCare) Statements about running an industry-standard antivirus program Recourse Isolation checks are performed by a third party. (decision procedure) Compliance tool regularly verifies that virus checker is operational and runs according to specified policy. (decision procedure) In case MediCare violates the stated assurance, the contract is immediately terminated. MediCare will be liable for any damage caused. (compensation) 13 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

14 Taxonomy for Service Oriented Assurance 14 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

15 Negotiation & Monitoring 15 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

16 1. Service-oriented Architecture (SOA) 2. Service-oriented Assurance (SOAS) 3. Conclusion 16 Service-oriented Assurance Riva San Vitale March 23 rd, 2006

17 Status and Research Challenges SOAS enables components to provide well-specified security guarantees, which can be monitored and validated Classification of assurances (security properties & evidence) Comparison Taxonomy of security properties Formalization (non-functional properties, ontology) Comparison (security metrics) Composition (side-effects) Implementing assurances via low-level checking Prototype implementation Assurance refinement From business goals to security properties 17 Service-oriented Assurance Riva San Vitale March 23 rd, 2006