Japan-Austria Joint Workshop on “ICT” October 18-19 2010, Tokyo, Japan SECTET SECTET ‐ Model driven Security of Service Oriented Systems y y based on Security ‐ as ‐ a ‐ Service Basel Katt , Ruth Breu, Mukhtiar Memon and Michael Hafner Research Group Quality Engineering University of Innsbruck University of Innsbruck
Quality Engineering Selected Projects Slide2
Quality Engineering Laura Bassi Lab Quality Engineering Laura Bassi Lab Living Models for Collaborative Systems Industry Partners Slide3
Agenda • Motivation Service Oriented Systems Service Oriented Systems Challenges Healthcare Scenario • • SECTET : Model based configuration of Service Oriented Systems Model Driven Security (MDS) Security as a Service (SeAAS) Architecture Conclusion • Slide4
Service Oriented Systems • Independent partners offer and call services • Collaboration across enterprises and systems Collaboration across enterprises and systems • New generation of cooperative applications Electronic health record, traffic management, energy trading, etc. , g , gy g, Slide5
Challenges • Collaborative systems based on SOA Dynamically composed language and technology independent Dynamically composed, language and technology independent Agile and dynamically evolving systems Standards only address basic security requirements y y q • Solve these requirements at a low technical level • Security enforcement at the service end points Places significant processing burden on service nodes Renders maintenance and management cumbersome Slide6
Goals • The gap between domain experts and software engineers • • Maintainability and configurabl ity“ of security services Maintainability and configurabl„ity“ of security services Ability to re ‐ configure after deployment due to requirement changes or mechanisms‘ updates Support of multiple security architectures for each requirement • Enforcement Enforcing complex security requirements Consistent enforcement of security policies in enterprise ‐ level solutions Performance Performance • • Security services involve performance costly functions Slide7
Example – Distributed Electronic Health Record (EHR) Health Network Tyrol Health Network Tyrol Slide8
Example – Healthcare Scenario • EHR represents a consolidated virtual medical record Distributed across various care providers Distributed across various care providers 1 Patient Electronic A Public Healthcare Records General Health Record 2 Provider Practitioner 3 Diagnosis Virtual Electronic Patient Health Record Records 4 Referral 3 rd Party 3 Party Institution Patient Electronic Medical Record 5 Patient Patient B Records Radiography Private Healthcare Specialist Provider Provider Slide9
Example – Healthcare Scenario • Inter ‐ organizational workflows Services that can be offered or Services that can be offered or called by each partner Functional interaction between different stakeholders (roles) diff k h ld ( l ) • Security requirements Non ‐ repudiation and Non repudiation and authentication Slide10
SECTET – Model ‐ Based Configuration of Service Oriented Systems Security Requirements Business Security Policies 1. MDS: (UML Diagrams) Models configure services g of a security architecture 2. SeAAS: Security architecture is based on security as a service paradigm p g Slide11
SECTET Methodology – Model Driven Security (MDS) Traditional MDS approach SECTET MDS approach Slide12
SECTET Model Driven Security Process • Two procedures are considered in SECTET MDS considered in SECTET MDS Define abstract security policy approach Architectural pattern refinement define/select abstract archietctural pattern define platform Independent policy model Security policy model transformations transformations transform to platform specific pattern transform to platform specific policy • Two artifacts are generated Security policy configuration generate process configuration generate policy configuration Security service process configuration deploy configurations Slide13
Model Driven Security (MDS) – Benefits • Integrate security concerns in the early stage of system development • • Enrich functional models with security extensions that represent Enrich functional models with security extensions that represent abstract security policies • Generate declarative security policies and process configurations Generate declarative security policies and process configurations • Separate tasks between: domain experts, security experts and the system administration • Support multiple security patterns for each requirement • Enhance management and configurabilty of the architecture Slide14
Security Enhanced Functional Models <<domainRole>> RadiographySepcialist <<domainRole>> <<domainRole>> Patient PrimaryPhysician <<domainRole>> <<partnerRole>> * 1 PathologyLab PathologyLab RadiographySepcialist RadiographySepcialist <<domainRole>> <<partnerRole>> 1 * PrimaryPhysician Clinic Role Model <<document>> PatientMedicalRecord 1 <<document>> <<document>> <<document>> Radiography Prescription Referral Document Model <<interface>> MedicalSystem + CreatePMR + ReferToSpecialist() + ViewPMR + UpdatePMR Interface Model Interface Model Slide15
Abstract Security Models Layer Abstract Authentication Policy Security Architectural Security Policy Patterns Model Model Platform Specific Instant Architecture Security Policy Slide16
Model Deriven Security – Architectural Patterns Security Pattern Refinement Example: Authentication 1) Platform -independent refinem ent to security architectural pattern 2) Platform -specific refinem ent to target architecture Slide17
Model Deriven Security – Security Policies Slide18
Runtime Platform – Model Transformations Security Policy Platform-specific Source Models Models Pattern architecture Transformation Templates <wsp:Policy xmlns:wsp="http:// …. /policy" <wsp:ExactlyOne> <bpws:process exitOnStandardFault="yes" name="NRP" > <sp:AsymmetricBinding> <bpws:partnerLinks> <sp:InitiatorToken> <bpws:partnerLink myRole="nro" p p y <sp:X509Token sp:IncludeToken " <sp:X509Token sp:IncludeToken= .../AlwaysToRecipient > /AlwaysToRecipient"> name="localNROLink" <sp:WssX509V3Token10 /> partnerLinkType="tns:NRProcess"/> </sp:InitiatorToken> </bpws:partnerLinks> Generated <sp:RecipientToken> .. <bpws:invoke Code <sp:AlgorithmSuite> operation="requestNRO" <sp:TripleDesRsa15 /> partnerLink="remoteNROLink" p ... portType="tns:NRO" <sp:IncludeTimestamp /> inputVariable="evidenceRequest"/> </sp:SignedEncryptedSupportingTokens> <sp:SignedElements> <bpws:receive <sp:XPath xmlns:env=".../">//env:Body/*[1]</sp:XPath> operation="receiveNRO" .. partnerLink="localNRRLink" <sp:ContentEncryptedElements> portType="tns:NRR" variable="receiveEvidence"> p yp <sp:XPath xmlns:env=" <sp:XPath xmlns:env= ...e/ >//env:Body/*[1]</sp:XPath> e/">//env:Body/*[1]</sp:XPath> </bpws:sequence> </sp:ContentEncryptedElements> </bpws:process> </wsp:ExactlyOne> </wsp:Policy> Slide19
SECTET Methodology – SeAAS Reference Architecture Service Ser ice Enterprise Service E i S i Endpoints Bus (ESB) • Features: Response Dedicated shared services in a security domain security domain Request Decoupled from service endpoints SeAAS security compositions engine SeAAS Component Out of bound protocol execution Out ‐ of ‐ bound protocol execution SeAAS Engine SeAAS Engine Policy Repository Message oriented integration with ESB Security Services WS based Standards WS ‐ based Standards Primitive Security Services Token Validation Time Request Encryption Stamping Service Service Benefits • Authentication Signature Key Service Service Service Service Repository Better performance Token Validation Response Easy deployment/management Compliance Authorization Service Service Configurable security components Configurable security components Security y Non Non Logging Monitoring Repudiation Service Security service composition Service Service Loosely coupled components Extendable architecture Extendable architecture Slide20
Recommend
More recommend