Академический Документы
Профессиональный Документы
Культура Документы
net/publication/220985468
CITATIONS READS
12 84
3 authors:
David S. Allison
The University of Western Ontario
20 PUBLICATIONS 184 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Hany F. El Yamany on 05 August 2014.
654
Figure 2. A portion of the SOA Security Framework.
The proposed authorization structure is mainly easily maintained and modified without impacting other
constructed based on the definition of Attribute Role- services. All the services are loosely-coupled, where
Based Access Control (ARBAC) which has been each service executes its functionalities independently,
suggested to work mostly with Web Services [11]. This but maintain relations and exchanges messages with
ARBAC approach is a hybrid of the Role-Based Access other security services thus guaranteeing a much more
Control (RBAC) [12] and Attribute-Based Access secure environment for the service provider. Finally, the
Control (ABAC) [13] techniques. The AS also security services are designed to be abstracted services
encapsulates an intelligent mining core. This intelligent by hiding their logic and structure from the outside
core uses the centralized attributes-roles registry within world.
the AS to semi-dynamically assign the access control 2. The suggested SOA security services are easily
roles to a new user or object when added to an SOA discoverable and reusable. This means that those
environment. services can be navigated among the trusted SOA
The Privacy Service (PS) [10]: A group of rules and enterprises individually or collectively in order to
principles such as the Collection Limitation Principle and perform the task that is required of them.
the Purpose Specification Principle have been introduced 3. The security services are capable of protecting and
towards building a fine-grained privacy metadata. The securing a huge number of services offered by the
main principles are based on the fair information practices service provider [7].
developed by the Organization for Economic Co-
operation and Development (OECD) [14]. The suggested 3. The QoSS Metadata
rules are working with the principles in order to reach a
satisfied privacy plan that keeps the service provider and The following subsections demonstrate the full
consumer confident about their data safety. structure of the QoSS metadata and the suggested levels
The Service of Quality of Security Service (SQoSS): of QoSS that bridge the gap between the security
The SQoSS is generally responsible for creating a QoSS requirements of the service provider and consumer.
agreement that will be established as a policy to organize
the interaction between the service provider and 3.1 The QoSS Metadata Structure
consumer in terms of the features exposed in the
authentication, authorization and privacy services. The In this research, we propose a novel QoSS metadata
SQoSS offers several levels of QoSS to grant the security for SOA as we have added to the traditional
requirements for the service provider and consumer authentication specifications, created more attributes
together. The following sections describe in detail the describing the authorization and introduced a complete
SQoSS structure as well as the embedded operations. description for the privacy principles. The QoSS metadata
Designing and encapsulating the logic of SOA security will be encapsulated inside an agreement running as an
aspects in services have several benefits, which are: enforced policy between the service provider and
1. The suggested SOA security services maintain the consumer. To the best of our knowledge, the privacy
same characteristics of SOA. For example, each service principles have never been discussed in terms of QoSS.
is autonomous, controlling its logic and behavior so it is Also, some attributes of the QoSS metadata have been
655
constructed based on the suggested hypothesizes in our proposed QoSS metadata for SOA. Table 1 provides a
proposed SOA security framework. The metadata is fully full description for each element involved in the
described in Extensible Markup Language (XML) format suggested QoSS metadata for SOA.
which makes it easy to encapsulate in a service for secure
SOA. Figure 3 depicts the high level structure of the
656
over the amount of access to each other’s data. This attributes. The personal category can include the
problem can be solved by the inclusion of privacy in the attributes belonging to him/her as a person such as email,
QoSS and the creation of an agreement of privacy rights. address and date of birth. Meanwhile, the private category
It is of importance to note that the suggested QoSS contains information related to his/her financial data such
metadata is flexible. The elements are editable and their as social insurance number (SIN), credit card number and
values can be changed. As an example, the service bank account number. Finally, the public data contains
provider might not like to show the structure of the simple data that can be revealed publically with no
security services he/she runs, such as predicting web reservations, such as first name, last name and the
attacks or the management of authorization roles. In this consumer city. Determining which category is more
case, he/she can eliminate the elements related to that critical than the others depends on the perspective of the
information. In this paper we also classify the technique service provider or consumer.
element in the authorization section, as shown in Table 1. The service consumer is free to select any level from
This classification is based on who can define the the available four levels that are related to the three SOA
required authorization techniques that the provider should security aspects: Authentication, Authorization and
consider to manage the access rights. The service Privacy. However, the consumer selection should not
provider can change the value of the technique element conflict with the service provider security policy. This
and define another authorization technique. For example, may require that both sides go through a long and
RBAC [12] which is introduced as a value of the complicated negotiation process to establish an agreement
technique element in Table 1 may be replaced by the satisfying the security requirements of both sides. The
proposed access control technique in the work suggested agreement will be structured in XML format and saved at
by Damiani et al. [15]. the location of the service provider. The consumer can
also review this agreement and update it where possible
3.2 The QoSS Metadata Levels as needed.
An example representing the conflict that may occur
We have defined 4 different levels for each section of between the service provider and consumer is
the QoSS metadata: High, Moderate, Low and Guest. demonstrated when the service consumer selects a low
authentication level and a high authorization level in
order to be able to access the objects with a Class A
degree. The security policy created by the service
provider may refuse the consumer policy because the
objects with Class A require the consumer to be
authenticated with the available certificates in the high or
moderate authentication levels. In another example, the
consumer may choose a high or moderate authorization
level while at the same time selecting a high or moderate
privacy level. The contradiction is that the requested
authorization levels cannot work with the requested
privacy levels. The high or moderate authorization levels
mean that the consumer authorized the service provider to
collect the attributes he/she needs as the defined access
control technique in those levels are Attribute-Role Based
Access Control (ARBAC) and Attribute Based Access
Control (ABAC). On the other hand, the high and
moderate privacy levels mean that the consumer is the
Figure 4. The QoSS Metadata Levels side who determines the attributes that the service
provider should collect which creates a contradiction to
Figure 4 shows that each element in the QoSS what was previously stated by the selected authorization
metadata has a different value according to the suggested levels.
four levels. Also, as previously explained, the suggested
QoSS metadata is much more flexible and editable. As an
example to demonstrate this flexibility, the service 4. The Service of Quality of Security Service
provider and consumer may prefer another definition for (SQoSS)
the Data Category element inside the privacy section. It
may be classified into several categories such as personal, The suggested QoSS metadata needs to be placed
private and public with the regard to the service consumer inside an SOA application or component in order to gain
657
the benefits described in Section 2. Since our proposed (HTTP). An example of a request SOAP message is
SOA security framework works at the service layer, the shown in Figure 6.
QoSS metadata will be encapsulated inside an
autonomous service to manage the security requirements
between the service provider and consumer. The main
functionality beyond building the Service of Quality
Security Service (SQoSS) is producing a QoSS agreement
establishing the security requirements that the service
provider and consumer should follow. The security
services working inside the proposed SOA security
framework such as the Authentication and Security, and
Authorization Services, will organize their activities in
authenticating and authorizing the consumers based on
that QoSS agreement. Figure 5 demonstrates a portion of Figure 6. A request SOAP message.
the WSDL file of the SQoSS.
The shown request SOAP message is the initial
message that the service consumer sends to access the
SQoSS. The service consumer would be authenticated
first by a Username/Password token and authorized
second by his/her city, for example. After the QoSS
agreement is established, the service consumer must be
authenticated and authorized according to the listed QoSS
agreement items.
658
3. The service provider automatically adds any authors Mohamed et al [6], Wang et al [16] and Wang
authenticated consumer to the authorization role [17] have proposed QoSS solutions starting from a
that gives the privilege to access the SQoSS. policy-based approach and moving into encapsulating the
4. To obtain access to the SQoSS, the consumer QoSS policies inside a Quality Service. They have also
should provide the correct Username/Password defined the authorization aspect in their recent work [6].
token and the attributes he/she has previously However, they have only mentioned one authorization
provided. term, which was the possible types of the deployed access
5. Once the consumer has been granted access, control technique, such as RBAC. Moreover, they did not
he/she can evaluate and review the general take into their considerations privacy terms, as we have
QoSS configuration. This general configuration proposed in this research.
is derived from the QoSS metadata. The Larrucea and Alonso [18] have presented a modeling
consumer can then build the QoSS levels he/she framework based on the Eclipse platform for modeling
requires. Figure 7 shows the interface of the and designing security aspects in SOA. The suggested
SQoSS, including the authentication, security model is based mainly on the authentication
authorization and privacy levels where the left elements such as integrity and confidentiality, in addition
side shows the general QoSS metadata whereas to the availability in terms of authorization. This proposed
the right side shows the QoSS contact with the approach is applied on the message level and as a result
selected levels. cannot be reused or published as we have suggested in
6. The consumer submits his/her QoSS levels this work. Again, neither detailed authorization nor
he/she has selected. The SQoSS reviews the privacy has been discussed.
submitted levels for conflicts and returns Fung et al. [19] have studied the QoS management in
feedback if any are found. If no conflicts are Web Services composition. They have proposed a SOAP
found, a QoSS agreement is established and tracking model for supporting QoS end-to-end
saved. A notification message will then be sent management in the context of Web Services Business
to the consumer. The notification is also shown Process Execution Language (WSBPEL) and Service-
in the uppermost left of the screen in Figure 7. Level Agreement (SLA).
7. A negotiation process may be run between the Tian et al. [20] have proposed approaches for
service consumer and provider until both parties monitoring the QoS for Web Services. It offers the WS-
arrive at an agreement. The service consumer QoS monitor to help users check the compliance of the
can review the QoSS agreement items anytime service offer and to identify inappropriate definitions of
he/she would like. The QoSS agreement will be QoS requirements such as reliability and availability.
run as an enforced policy to manage the However, the Security in their works [19, 20] was just a
interactions between the two parties. Details of small part of their discussions on QoS for SOA. This
the agreement negotiation are beyond the scope limited view of security produces a lack of robust and
of this paper. coherent approaches for solving the real security
concerns. Moreover, the privacy terms have not been
discussed as well.
Finally, the QoSS term has been studied earlier in the
article presented by Irvine and Levin [3]. The authors
have examined the QoSS in distributed systems in
general. They presented a discussion and examples of
user-specified security variables such as the strength of a
cryptographic algorithm and the length of a cryptographic
key. Later, the QoSS definition was extended to include
other items such as the service provider and consumer
negotiations such as in the works proposed by Xia and
Hu[21] and Chen et al [22]. However, neither of those
Figure 7. A snapshot of the SQoSS Interface. works has discussed the QoSS terms as a policy
controlling the interactions between the service provider
and consumer in an SOA environment.
6. Related Work
Enormous works for QoSS for SOA have been
7. Summary and Future Work
developed by Boeing Phantom Works with their ideas
and results published in several papers [6, 16, 17]. The In this work, we have proposed a Quality of Security
Service (QoSS) metadata for SOA including several
659
elements representing the three main security SOA [10] D. S. Allison, H. F. EL Yamany, and M. A. M. Capretz, "A
aspects: Authentication, Authorization and Privacy. This Fine-Grained Privacy Structure for Service-Oriented
QoSS metadata is flexible and editable and is divided into Architecture", to appear in the Proc. of the 33rd IEEE
four basic levels: High, Moderate, Low and Guest. These International Computer Software and Applications Conference
(COMPSAC’09), Seattle, USA, July 2009.
levels allow the varied security requirements of the [11] M. Liu, H. Guo and J. Su, "An attribute and role based
service provider and consumer to be satisfied. The QoSS access control model for Web services", in the Proc. of
metadata has also been encapsulated inside an abstracted International Conference on Machine Learning and Cybernetics,
and reusable service. This helps the service provider Volume 2, 18-21 August 2005, pp. 1302–1306.
publish its QoSS configuration as well as help the [12] R. S. Sandhu, E. J. Coyne, H. L. Feinstein and C. E.
consumer find a suitable QoSS. The Service of QoSS also Youman, "Role-Based Access Control Models", IEEE
assists in establishing an agreed upon QoSS agreement Computer, Vol. 29, No. 2, February 1996, pp. 38-47.
between the service provider and consumer that will act [13] H. Shen and F. Hong, "An Attribute-based Access Control
as an enforced policy to manage the interactions between Model for Web Services", in the Proc. of the Seventh
International Conference on Parallel and Distributed
the two sides.
Computing, Applications and Technologies (PDCAT’06),
Our future work includes studying other aspects of December 2006, pp. 74-79.
SOA security such as auditing, and consequently [14] OECD Guidelines on the Protection of Privacy and
extending the proposed QoSS metadata by adding the Transborder Flows of Personal Data,
auditing features including the non-repudiation items http://www.oecd.org/document/18/0,3343,en_2649_34255_181
such as the consumers requests proofs. We also need to 5186_1_1_1_1,00.html. Last seen: April 2008.
examine the proposed QoSS metadata to check if it is [15] E. Damiani, S. D. di Vimercati, S. Paraboschi, P. Samarati,
possible to allow the consumer to select hybrid security "Fine Grained Access Control for SOAP E-Services", in the
elements from two different QoSS levels without creating Proc. of 10th International Conference on World Wide Web,
ACM, Hong Kong, May 2001, pp. 504-513.
conflicts with the service provider security policies.
[16] G. Wang, A. Chen, C. Wang, C. Fung, and S. Uczekaj,
"Integrated Quality of Service (QoS) Management in Service-
8. References Oriented Enterprise Architectures", in the Proc. of the 8th IEEE
Intl Enterprise Distributed Object Computing Conference
[1] D. Krafizg, K. Banke, and D. Slama, Enterprise SOA – (EDOC’04), California, USA, September 2004, pp. 21-32.
Service Oriented Architecture Best Practices, Pearson [17] C. Wang, G. Wang, A. Chen, H. Wang, Y. Pierce, C. Fung,
Education, Inc., USA, 2005. and S. Uczekaj, "A Policy-Based Approach for QoS
[2] E. Newcomer and G. Lomow, Understanding SOA with Specification and Enforcement in Distributed Service-Oriented
Web Services, Pearson Education, Inc., USA, 2005. Architecture", in the Proc. of the 5th IEEE International
[3] C. Irvine and T. Levin, "Quality of Security Service", in the Conference on Services Computing ( SCC’05), Florida, USA,
Proc. of 2000 workshop on New security paradigms, ACM July 2005, pp. 307-310.
press, New York, USA, 2001, pp. 91-99. [18] X. Larrucea and R. Alonso, "ISOAS: Through an
[4] M. Papazoglou, P. Traverso, S. Dustdar, F. Leymann, independent SOA Security specification", in the Proc. of the 7th
"Service-Oriented Computing: State of the Art and Research IEEE International Conference on Composition-Based Software
Challenges", IEEE Computer, Vol. 40, No. 11, November 2007, Systems (ICCBSS’08), Madrid, Spain, February 2008, pp. 92-
pp. 38-45. 100.
[5] S. Ran, "A Model for Web Services Discovery With QoS", [19] C. K. Fung, P. C.K. Hung, G. Wang, R. C. Linger, and G.
ACM SIGecom Exchanges, Vol. 4, Issue 1, Spring 2003, pp. 1- H. Walton, "A Study of Service Composition with QoS
10. Management", in the Proc. of the IEEE International Conference
[6] A. Mohamed, A. Chen, G. Wang, C. Wang, and R. Santiago, on Web Services ( ICWS’05), Florida, USA, July 2005, pp. 717-
"A Multi-Layer Security Enabled Quality of Service (QoS) 724.
Management Architecture", in the Proc. of the 11th IEEE [20] M. Tian, A. Gramn, H. Ritter, and J. Schiller, "Efficient
International Enterprise Distributed Object Computing Selection and Monitoring of QoS-aware Web services with the
Conference (EDOC’07), Maryland, USA, October 2007, pp. WS-QoS Framework", in the Proc. of the IEEE/WIC/ACM
423-434. International Conference on Web Intelligence (WI’04), Beijing,
[7] R. Kanneganti and P. Chodavarapu, SOA Security, Manning China, pp. 152-158.
Publications Co., January 2008. [21] Z. Y. Xia and Y. A. Hu, "Extending RSVP for Quality of
[8] H. F. EL Yamany, M. A. M. Capretz, "Use of Data Mining Security Service", IEEE Internet Computing, 2006, Vol. 10, No.
to Enhance Security for SOA", in the Proc. of the Third IEEE 2, pp. 51-57.
International Conference on Convergence and hybrid [22] J. Chen, X. Wang, and L. He, "An Architecture for
Information Technology (ICCIT’08), Busan, Korea, November Differentiated Security Service", in the Proc. of IEEE
2008, Vol. 1, pp. 551-558. International Symposium on Electronic Commerce and Security
[9] H. F. EL Yamany, M. A. M. Capretz, "An Authorization (ISECS’09), China, August 2008, pp. 301-304.
Model for Web Services within SOA", in the Proc. of the 3rd
IEEE International Conference on Digital Management
(ICDIM’08), London, UK, November 2008, pp. 75-80.
660