1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at...
-
Upload
cristian-dovel -
Category
Documents
-
view
214 -
download
0
Transcript of 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at...
![Page 1: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/1.jpg)
1
Web Service Security Through A Guard
Roxanne YeeHome Institution: University of Hawaiʻi at Mānoa
Internship Site: Akimeka, LLCMentor: Marc LefebvreAdvisor: Todd Lawson
![Page 2: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/2.jpg)
2
Presentation Overview
Project Hierarchy and Motivation Background and Terminology
Guard Web Service Security
My Specific Part Test Bench An Example Questions
![Page 3: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/3.jpg)
3
Information Assurance (IA) Group
Cross Domain Solutions (CDS) Group
GWSG (Global Web Services Gateway) Project
Service Oriented Architecture (SOA) Test Lab
Customers National Security Agency (NSA)
Defense Information Systems Agency (DISA)
![Page 4: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/4.jpg)
4
GWSG Project Motivation
Goal
To enhance the capabilities of a user on a classified network to gain immediate access to data available on an unclassified network
UnclassifiedDatabase
ClassifiedNetwork User
![Page 5: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/5.jpg)
5
GWSG Project Motivation
One Method Currently Used To Access Data
UnclassifiedDatabase
ClassifiedDatabase
ClassifiedNetwork
User(Soldier)
Sneaker-net
![Page 6: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/6.jpg)
6
GWSG Project Motivation
Disadvantages to Current Methods Redundancies of Data Time Costly
Replication Transportation
Need For Data Synchronization Frequent Updates
No Guarantee of Data Availability Extra Manpower by Man-In-The-Loop
![Page 7: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/7.jpg)
7
GWSG Project Motivation
New Cross Domain Solution (CDS) Web Services Technology
UnclassifiedDatabase
ClassifiedNetwork
User(Soldier)
Guard
![Page 8: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/8.jpg)
8
SOA Test Lab Component
Goal
Evaluate Guards Specified by NSA and DISA
Compare capability and effectiveness to process
message formats used by web services today
Provide the best guard solution given a specific
situation in which the guard would be applied
![Page 9: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/9.jpg)
9
My Part In The SOA Test Lab
Research and Document How To Implement
Web Service Security Controlled and Predictable Environment
Test Web Service
Findings To Be Used In SOA Test Lab Foundation
Template
![Page 10: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/10.jpg)
10
WSS, SOAP, and HTTP
WSS or WS-Security (Web Service Security)
OASIS (Organization for the Advancement of Structured
Information Standards)
Applied to SOAP Messages
SOAP (Simple Object Access Protocol)
Message Format
HTTP (Hypertext Transfer Protocol)
Transport Protocol
![Page 11: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/11.jpg)
11
The Project: Test Bench
Client and Server on same computer
Communicate through localhost interface
Client(soapUI)
Server(Axis2)
* SOAP Request and SOAP Response
![Page 12: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/12.jpg)
12
The Project: Open-Source Software
Server Side
Tomcat 6.0.16
Axis2 1.4
Rampart 1.4
Client Side
soapUI 2.0.2
![Page 13: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/13.jpg)
13
The Project: Test Bench
Client and Server on same computer
Communicate through localhost interface
Client(soapUI)
Server(Axis2)
* SOAP Request with WSS
![Page 14: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/14.jpg)
14
soapUI Outgoing Configuration
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Interface Used to Apply WSS to Request To Server
![Page 15: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/15.jpg)
15
A SOAP Message Request w/o WSS
<soap: Envelope xmlns:soap=“http//sample01.policy.samples.rampart.apache.org” xmlns:sam=“http://www.w3.org/2003/05/soap-envelope”>
<soap:Header/>
<soap:Body>
<sam:echo>
<!--Optional:-->
<sam:param0>Hello?</sam:param0>
</sam:echo>
</soap:Body>
</soap:Envelope>
Usu
al R
equ
est
so
apU
I S
end
s w
/o W
SS
![Page 16: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/16.jpg)
16
A SOAP Message Request Header with WSS
<soap:Header> <wsse:Security soap:mustUnderstand=“true”
xmlns:wsse=“http://…secext-1.0.xsd”> <wsse:UsernameToken wsu:Id=“UsernameToken-
22786527” xmlns:wsu:=“http://…utility-1.0.xsd”>
<wsse:Username>alice</wsse:Username> <wsse:PasswordType=“http://... wss-username-
token- profile-1.0#PasswordText”>bobPW</wsse:Password>
</wsse:UsernameToken> </wsse:Security></soap:Header>
Ad
ditio
nal
WS
S In
form
atio
na
l A
ppl
ied
To
Usu
al R
equ
est
so
apU
I
![Page 17: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/17.jpg)
17
The Project: Test Bench
Client and Server on same computer
Communicate through localhost interface
Client(soapUI)
Server(Axis2)
* SOAP Response with WSS
![Page 18: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/18.jpg)
18
services.xml Without Rampart
<?xml version="1.0" encoding="UTF-8"?>
<service>
<operation name="echo">
<messageReceiver class=
"org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</operation>
<parameter name="ServiceClass" locked="false">
org.apache.rampart.samples.policy.sample01.SimpleService
</parameter>
<module ref="addressing" />
<!-- RAMPART CONFIGURATION MAY OCCUR HERE -->
</service>
Usu
al C
onf
igu
ratio
n S
che
me
Fo
r A
Se
rvic
e o
n T
he
Se
rve
r
![Page 19: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/19.jpg)
19
services.xml with Rampart
<module ref="rampart" /><wsp:Policy wsu:Id="UT" xmlns:wsu="http://…”
xmlns:wsp="http://…"><wsp:ExactlyOne><wsp:All> <sp:SupportingTokens xmlns:sp="http://…/securitypolicy"> <wsp:Policy><sp:UsernameToken sp:IncludeToken=
"http://…/IncludeToken/AlwaysToRecipient"/></wsp:Policy>
</sp:SupportingTokens> <ramp:RampartConfig xmlns:ramp="http://…>
<ramp:user>username</ramp:user><ramp:passwordCallbackClass>
org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig></wsp:All></wsp:ExactlyOne></wsp:Policy>
Ad
ditio
nal
Co
de T
o T
ell
Ra
mp
art
Wh
at T
ype
of W
SS
To
Exp
ect
![Page 20: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/20.jpg)
20
The Project: Test Bench
Client and Server on same computer
Communicate through localhost interface
Client(soapUI)
Server(Axis2)
* SOAP Messages with WSS
![Page 21: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/21.jpg)
21
The Project: Ultimate Purpose
Client(soapUI)
Server(Axis2)
* SOAP over HTTP with WSS
* Proprietary Format over Proprietary Protocol
localhost
Classified Unclassified
GuardXML
FirewallXML
Firewall
![Page 22: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/22.jpg)
22
WSS Mechanisms Attempted
User Name Token Username and Password
Timestamp Time to Live
Encryption Confidentiality
Signature Integrity and Authentication
![Page 23: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/23.jpg)
23
An Example: Test Web Service
Client Server
“Hi!”
“Hi!”
![Page 24: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/24.jpg)
24
An Example: Valid User Name Token
Client Server
Echo
CorrectUsername
AndPassword
![Page 25: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/25.jpg)
25
An Example: Invalid User Name Token
Client Server
IncorrectUsername
And/OrPassword
Error
![Page 26: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/26.jpg)
26
An Example: Test Results
Username Password ResultCorrect Correct Echo
Incorrect Incorrect Error
Blank Blank Error
Correct Incorrect Error
Correct Blank Error
Incorrect Correct Error
Incorrect Blank Error
Blank Correct Error
Blank Incorrect Error
![Page 27: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/27.jpg)
27
Actual SOA Test Lab Setup
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
![Page 28: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/28.jpg)
28
Acknowledgements
VP OperationsMatt Granger
Program ManagerTodd Lawson
MentorMarc Lefebvre
GWSGBryan BerkowitzCasey McGinty
Scott OshitaChristopher ParisDerek Terawaki
Helpful CoworkersConrado CortezDeanna Garcia
Mark Mizubayashi
Former CubiclematesEllen FederoffKelly Ledford
And Everyone Else Who Made Me Feel Welcome!
![Page 29: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/29.jpg)
29
AcknowledgementsMaui Akamai Internship Program
Funding
Center for Adaptive Optics (CfAO)National Science Foundation
and Technology Center Grant (#AST-987683)
Akamai Workforce InitiativeNational Science Foundation
Grant and Air Force Office of Scientific Research Grant (#AST-0710699)
University of Hawaiʻi Grant
Program StaffLisa HunterLani LeBron
Scott SeagrovesLynne Raschke
Short Course InstructorsDave Harrington
Ryan MontgomeryIsar Mostafanezhad
Mark PittsSarah Sonnet
And Everyone Else Who Contributed To This Valuable Experience!
![Page 30: 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.](https://reader035.fdocuments.us/reader035/viewer/2022062511/551ab200550346b2288b4acb/html5/thumbnails/30.jpg)
30
Thank you!
Any Questions?