Service-oriented Assurance - CIMAP · Service-oriented Assurance Michael Waidner ... Broker Service...
Transcript of Service-oriented Assurance - CIMAP · Service-oriented Assurance Michael Waidner ... Broker Service...
IBM Research, Zurich Research Lab
© 2006 IBM CorporationRiva San Vitale | March 2006 | Euro-Atlantic Symposium on Critical Information Infrastructure Assurance
Service-oriented Assurance
Michael WaidnerIBM Zurich Research, Security and PrivacyJoint with Günter Karjoth, Matthias Schunter and Birgit Pfitzmann
IBM Research, Zurich Research Lab
© 2006 IBM Corporation2 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
IBM Research: 8 Labs, 3000 Researchers
Austin
Established: 1995Employees: 40
Tokyo
Established: 1982Employees: 200
Watson
Established: 1961Employees: 1750
Beijing
Established: 1995Employees: 90
Almanden
Established: 1986Employees: 500
Haifa
Established: 1972Employees: 500
Dehli
Established: 1998Employees: 60
Zurich
Established: 1955Employees: 300
IBM Research, Zurich Research Lab
© 2006 IBM Corporation3 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Security and Privacy Research
Beijing• Compliance
Almaden• Digital Rights Mgmt• Privacy & Data Mgmt
Haifa• Storage Security
Delhi
Austin
Tokyo• Compliance• Web Services• XACML/XML
Watson• Secure Service Delivery• SOA & Web Services Sec• Language Security• Cryptography & Privacy• Biometrics & Surveillance• Identity & Compli. Mgmt
Zurich
• Compliance Mgmt• Crypto-based Security• Identity Mgmt & Privacy• Enterprise Key Mgmt
• Secure Identity• Secure Trade Lane• Security Event Mgmt• Trusted Computing
Worldwide ~110 researchers,25+ in Zurich
• Secure Virtualization• OS/Linux Security• Wireless Security• Secure HW• Intrusion Defense• Ethical Hacking
IBM Research, Zurich Research Lab
© 2006 IBM Corporation4 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
2.
Conclusion3.
1. Service-oriented Architecture (SOA)
Service-oriented Assurance (SOAS)
IBM Research, Zurich Research Lab
© 2006 IBM Corporation5 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
2.
Conclusion3.
1. Service-oriented Architecture (SOA)
Service-oriented Assurance (SOAS)
IBM Research, Zurich Research Lab
© 2006 IBM Corporation6 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Trend: Virtual Enterprises
Collaboration
Trus
t
Isolated Operations
Select ‘Trusted Partners’
Value Chain Visibility
Industry-Centric Value Web
Cross-Industry Value Coalition
Partner/Channel
Supplier/Outsourcer
Customer
Subsidiary
Core Business
Partner/Channel
Supplier/Outsourcer
Customer
Subsidiary
Core Business
LegendLegend
11
22
33
44
55
Trus
t
Collaboration
IBM Research, Zurich Research Lab
© 2006 IBM Corporation7 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Build Distributed SystemsBased on Service SpecificationsDynamicallyAcross Multiple Domains
Technical Basis: Service-Oriented Architecture
IBM Research, Zurich Research Lab
© 2006 IBM Corporation8 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Service-Oriented Architecture
Distributed system described through allowed interactions, i.e., services,between components.
Service interfaces are published and discoverable.
Provider and requestor agree on type and quality of service through service level agreements (SLA).
Service Requestor
Service Broker
Service Locator
Service Provider
Source: David Booth et. al.: Web Services Architecture; W3C Working Draft 8 August 2003.
IBM Research, Zurich Research Lab
© 2006 IBM Corporation9 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Web Services Security
SOAP Foundation
WS-Security
WS-Policy
WS-SecureConversation
WS-Trust WS-Privacy
WS-Federation WS-Authorization
Describes security mechanisms and policies
IBM Research, Zurich Research Lab
© 2006 IBM Corporation10 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Open Problem: How to Justify Trust in Service?
Service Requestor
Service Broker
Service Locator
Service Provider
Does it really work?
→ Service-orientedAssurance
SOAS enables products & services to expressthe offered degree of security as well as to assess the security of its components.
IBM Research, Zurich Research Lab
© 2006 IBM Corporation11 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
2.
Conclusion3.
1. Service-oriented Architecture (SOA)
Service-oriented Assurance (SOAS)
IBM Research, Zurich Research Lab
© 2006 IBM Corporation12 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Service Level Agreements (SLA) with Assurance
Comparison selection Service requestor can make a price/risk trade-off.
Composition propagationEntity can derive its own assurances based on sub-service assurances.
Comparison selection Service requestor can make a price/risk trade-off.
Composition propagationEntity can derive its own assurances based on sub-service assurances.
Domain
Comp Comp
CompComp …SOAS SOAS
SLA / Policy specifies properties and guarantees, including responsibilities, procedures, recourse
Service (protocol) conveys evidence
Produces evidence(measurements, logs,
signatures)articulate assurance
assess assurance
IBM Research, Zurich Research Lab
© 2006 IBM Corporation13 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Example: Integrity & Isolation Assurance for Medical Databases
Evidence– Statements about the database and the operating system (product manufacturer)– Statements about the administration of the database (MediCare)– Statements about running an industry-standard antivirus program
Property– MediCare’s database operations are strongly isolated from (other) business processes.– Data integrity is preserved.
Recourse– Isolation checks are performed by a third party. (decision procedure)– Compliance tool regularly verifies that virus checker is operational and runs according to
specified policy. (decision procedure)– In case MediCare violates the stated assurance, the contract is immediately terminated.
MediCare will be liable for any damage caused. (compensation)
IBM Research, Zurich Research Lab
© 2006 IBM Corporation14 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Taxonomy for Service Oriented Assurance
IBM Research, Zurich Research Lab
© 2006 IBM Corporation15 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Negotiation & Monitoring
IBM Research, Zurich Research Lab
© 2006 IBM Corporation16 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
2.
Conclusion3.
1. Service-oriented Architecture (SOA)
Service-oriented Assurance (SOAS)
IBM Research, Zurich Research Lab
© 2006 IBM Corporation17 Service-oriented Assurance | Riva San Vitale | March 23rd, 2006
Status and Research Challenges
SOAS enables components to provide well-specified security guarantees, which can be monitored and validated
– Classification of assurances (security properties & evidence)
– Comparison
Taxonomy of security properties– Formalization (non-functional properties, ontology)– Comparison (security metrics)– Composition (side-effects)
Implementing assurances via low-level checking– Prototype implementation
Assurance refinement– From business goals to security properties