Abstract
With the emergence of Web Services-based collaborative systems, new issues arise, in particular those related to security. In this context, Web Service access control should be studied, specified and enforced. This work proposes a new access control framework for Inter-Organizational Web Services: “PolyOr- BAC”. On the one hand, the authors extend OrBAC (Organization-Based Access Control Model) to specify rules for intra- as well as inter-organization access control; on the other hand, they enforce these rules by applying access control mechanisms dedicated to Web Services. Furthermore, the authors propose a runtime model checker for the interactions between collaborating organizations, to verify their compliance with previously signed contracts. In this respect, not only their security framework handles secure local and remote accesses, but also deals with competition and mutual suspicion between organizations, controls the Web Service workflows and audits the different interactions. In particular, every deviation from the signed contracts triggers an alarm, the concerned parties are notified, and audits can be used as evidence for a judge to sanction the party responsible for the deviation.
Top1. Introduction
Web Services (WS) are increasingly gaining acceptance as a framework for facilitating application-to-application interactions within and across enterprises. In fact, WS facilitate the interoperability by providing abstractions as well as technologies for exposing enterprise applications as services and make them accessible through standardized interfaces (XML (World Wide Web Consortium [W3C], 2004), WSDL (W3C, 2006b), SOAP (W3C,2003)).
However, while much progress has been made toward providing interoperability, there is still a lot to do at the security level. In particular, a well-founded security study should identify who has access to what, when and in which conditions. The Common Criteria define an “organizational security policy” as: a set of security rules, procedures, or guidelines imposed (or presumed to be imposed) now and/or in the future by an actual or hypothetical organization in the operational environment (Common Criteria for Information Technology Security Evaluation, 2006a). Such an organizational security policy usually relies on an access control policy (Common Criteria for Information Technology Security Evaluation, 2006b). An access control model is often used to rigorously specify and reason on the access control policy (e.g., to verify its consistency). However, the model does not specify how the security policy is enforced. The enforcement is realized by technical security mechanisms, such as credentials, cryptographic transformations (e.g., signature, encryption), access control lists (ACL), firewall rules, etc.
Moreover, in the context of an AAA architecture, not only it is important to specify and enforce Authentication and Authorization, but it is also necessary to achieve an efficient Accounting. This is extremely important in the WS context, in particular to prove infractions and to clearly identify the responsibilities in case of dispute or abuses.
Our major aim in this chapter is to define a global framework (access control model and mechanisms) for secure WS. In our study, we give a major attention and we progressively try to satisfy the following requirements:
Key Terms in this Chapter
Model Checking: is a formal verification technique that compares the implementation of a design to a set of user-specified properties. It determines whether a set of properties hold true for the given implementation of a design.
Integrity: is the absence of improper system state alterations. It implies that data is modified only by authorized users and only in an authorized manner.
Collaboration: refers to all processes wherein people (or machines, or applications) work together - applying both to the work of individuals as well as larger collectives and societies.
Security Mechanisms: are techniques used to implement the authentication and authorization, e.g., credentials, capacities, cryptographic transformations such as signature and encryption, access control lists (ACL).
Availability: is the readiness for correct service when needed by authorized users.
Security Model: rigorously defines a security policy. Generally, a security model is a “formal system” used to specify and reason on the security policy (i.e., it is used as a basis for formal specification proofs). It is thus intended to abstract the security policy and handle its complexity; represent the secure states of a system as well as the way in which the system may evolve, verify the consistency of the security policy, detect and resolve possible conflicts.
Confidentiality: is the absence of unauthorized disclosure of information or functions. It implies that information is readable only to authorized users.
Security: studies problems, methods and solutions related to the three security properties: availability, confidentiality, and integrity.
Interoperability: is the ability of products, systems, or business processes to work together to accomplish a common task.
Security Policy: is the set of laws, rules, and practices that regulate how an organization manages, protects, and distributes sensitive information. Basically, a security policy is specified through: the security objectives that must be satisfied (expressed in terms of confidentiality, integrity and availability) and the security rules expressing how the system may evolve in a secure way (who has access to what and in which conditions).