04/18/23 1

Bringing Semantic Security to Semantic

Web Services

B. Ramamurthy

04/18/23 2

Introduction Humans can read web pages and understand them,

but their inherent meaning is not shown in a way that allows their interpretation by a computer (program).

One way to enable machine-to-machine exchange and automated processing is to provide the information in such as way that computers can understand it.

This is precisely the objective of the semantic web. The next generation of the Web will combine

existing Web technologies with knowledge representation formalisms.

04/18/23 3

Semantic Web Services

Web Services

WWWSemantic

Web

SemanticWeb

Servicesdyna

mic

stat

ic

04/18/23 4

RDF, OWL, WSDL-S

RDF is a standard for creating descriptions of information. RDF is for simple semantics.

OWL provides a language for defining structured web-based ontologies which allows a richer integration and interoperability of data among communities and domains.

WSDL-S establishes a mapping between WSDL descriptions and ontological concepts.

04/18/23 5

WSDL-S Example

Semantics can be added to operations, messages, preconditions and efforts

xmlns:sm= http://dme.uma.pt/jcardoso/StudentMng.owl#

<interface name = “StudentmanagmentUMA”>

<operation name = “RegisterStudent” >

<action element = sm:RegisterStudent” />

..

<input messageLabel = “ID” element = “sm:studentID” />

<output messageLabel = “student” element = “sm:StudentInfo” />

..

</interface>

04/18/23 6

Authoring Tool for WSDL-S

To create, represent, and manipulate WSDL-S documents WSDL4J can be used.

WSDL4J provides Java APIs for WSDL parsing and generation.

WSDL4J supports extensibility elements providing an easy mechanism to add new extensions.

04/18/23 7

Web Services Security Background

Standards are proposed or accepted regarding authentication, encryption, and identity management.

RSA encryption, XML signatures , SAML – Security Assertion Markup Language

There are 5 fundamental areas to consider: Message level protection, Message privacy, parameter checking, authentication, and authorization.

This is application layer security (not network layer security).

04/18/23 8

Application of RSA

Lets say a person in Atlanta wants to send a message M to a person in Buffalo:

Atlanta encrypts message using Buffalo’s public key B E(M,B)

Only Buffalo can read it using it private key b: E(b, E(M,B)) M

In other words for any public/private key pair determined as previously shown, the encrypting function holds two properties: E(p, E(M,P)) M E(P, E(M,p)) M

04/18/23 9

How can you authenticate “sender”?

In real life you will use signatures: we will look at concept of digital signatures next.

Instead of sending just a simple message, Atlanta will send a signed message signed by Atlanta’s private key: E(B,E(M,a))

Buffalo will first decrypt using its private key and use Atlanta’s public key to decrypt the signed message: E(b, E(B,E(M,a)) E(M,a) E(A,E(M,a)) M

04/18/23 10

Digital Signatures

Strong digital signatures are essential requirements of a secure system. These are needed to verify that a document is:

Authentic : source Not forged : not fake Non-repudiable : The signer cannot credibly deny

that the document was signed by them.

04/18/23 11

Digest Functions

Are functions generated to serve a signatures. Also called secure hash functions.

It is message dependent. Only the Digest is encrypted using the private

key.

04/18/23 12

Alice’s bank account certificate

1. Certificate type: Account number2. Name: Alice3. Account: 62626264. Certifying authority: Bob’s Bank5. Signature: {Digest(field 2 + field 3)}KBpriv

04/18/23 13

Digital signatures with public keys

{h}Kpri

M

Signing

Verifying

E(Kpri , h)

128 bits

H(M) h

M

hH(doc)

D(Kpub ,{h}) {h}Kpri h'

h = h'?

M

signed doc

04/18/23 14

Message Privacy

Deals with confidentiality of messages. Message header has token and signature. Typically WS are chained together to form a

complex service. In this situation we need end-to-end encryption

schemes. Scheme such as SSL will not suffice. Solution: XML encryption allows for encryption of

any combination of the message body, header, attachments, and sub-structures.

04/18/23 15

XML Signature

Service requestor encrypts the message and the signature information in the header it may specify in the header that it used providers public key.

Private key of the provider is then used decrypt the XML request.

XML Encryption allows for multiple keys to be used for encrypting different sections thus allowing intermediaries to access parts of the message.

04/18/23 16

Message level Protection Message level protection has to with message

integrity. How do assure that the message has not been modified?

This is done by creating a message digest. Digest is a cryptographic checksum of an octet

stream which is created using an algorithm, say, SHA-1 algorithm.

Provider gets the message, its digest as signature and type of algorithm used to create the digest. It creates the digest and compares with the one from the sender and verifies the integrity of the messages.

04/18/23 17

Message validity

Message validity is ensuring that the contents of a message are appropriate to the service and that they are well formed.

You check the types used and operations used are valid.

SQL injection is a common malicious code. Typical identification method is to look for “;’ (semicolon) that allows for SQL commands to follow.

04/18/23 18

Authentication

Authentication is verifying that the requester is who he/she claims to be.

In a typically closed environment: user name / password

If the sender previously unknown: send credential to verify oneself.

Trusted authorities issues certificates that can be used as credential. (Verified by Verisign)

04/18/23 19

Authorization

In any organization, data located may have levels of sensitivity. Ex: grades and student personal information in a university: Infosource at UB.

Authorization is granting of rights which includes the granting of access based on access rights.

This typically takes place after authentication. Three most common access control

implementations: Access matrix Access Control List (ACL) Role Based Access Control (RBAC)

04/18/23 20

Access Matrix A general model of access control as exercised by a

file or database management system is that of an access matrix.

Basic elements of the model are: Subject: An entity capable of accessing objects. The

concept of subject equates that of a process. Object: Anything to which access is controlled. Ex: files,

programs, segments of memory. Access right: The way in which an object is accesses by

the subject. Examples: read, write, and execute.

04/18/23 21

Access Matrix (contd.)

userA

userB

userC

File 1 File 2File 3 File 4 Acct1 Acct2 Printer1

OwnR, W

Own

R, WOwn

R, W Own

R, W

R

R,W R

W R

InquiryCredit

Inquiry

Credit

InquiryDebit

InquiryDebit

P

04/18/23 22

Access Matrix Details

Row index corresponds to subjects and column index the objects.

Entries in the cell represent the access privileges/rights.

In practice, access matrix is quite sparse and is implemented as either access control lists (ACLs) or capability tickets.

04/18/23 23

ACLs

Access matrix can be decomposed by columns, yielding access control lists.

For each object access control list lists the users and their permitted access rights.

The access control list may also have a default or public entry to covers subjects that are not explicitly listed in the list.

Elements of the list may include individual as well group of users.

04/18/23 24

WS Security

Access Control Scheme name/password access token associated with each process object

indicating privileges associated with a user security descriptor

access control list used to compare with access control list for object

04/18/23 25

Access Token (per user/subject)

Security ID (SID)

Group SIDs

Privileges

Default Owner

Default ACL

04/18/23 26

Security Descriptor (per Object)

Flags

Owner

System Access Control List(SACL)

Discretionary Access ControlList (DACL)

04/18/23 27

Access Control List

ACL Header

ACE Header

Access Mask

SID

ACE Header

Access Mask

SID

.

.

.

04/18/23 28

Access Mask

Generic AllGeneric ExecuteGeneric WriteGeneric Read

Access System Security

Maximum allowed

DeleteRead Control

Write DACWrite OwnerSynchronizeGeneric

Access Types

StandardAccess Types

Specific Access Types

04/18/23 29

Access Control Using ACLs

When a process attempts to access an object, the object manager in security executive reads the SID and group SIDs from the access token and scans down the object’s DACL.

If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process.

04/18/23 30

RBAC

In 2004 the National Institute of Standards and Technology (NIST) published a standard for defining the features of the Role Based Access Control (RBAC).

Two parts: (i) Reference model and (ii) System and Administrative functions.

Reference model: objects, operations, permissions, roles and users (in-band artifacts)

Administrative model: system functionality, administrative operations and reviews.

04/18/23 31

RBAC Details RBAC starts with Permission sets. Permission express a privilege to access a

resource. Examples of permission: “create a file”, “access

grades information” (ublearns) Next steps is defines Roles and assigning

permissions to Roles. Examples of roles: “Physician”, “Reviewer” Scenario driven approach is typically used to

connect roles to permissions. Upper level ontology in SWS should map Users,

Roles, Groups etc. to the ontology.