DIMACS Workshop on Security of Web Services and E-Commerce

Dates: May 5 - 6, 2005
DIMACS Center, CoRE Building, Rutgers University, Piscataway, NJ

Organizers:
Brian LaMacchia, Microsoft, bal@microsoft.com
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.

Abstracts:


Elisa Bertino (Purdue University, USA), A. C. Squicciarini (University of Milano, Italy) and L. Martino (University of Milano, Italy)

Title: A Negotiation-based Access Control Model for Web Services

The emerging Web service technology has enabled the development of Internet-based applications that integrate distributed and heterogeneous systems and processes which are often owned by different organizations. However, while Web services are rapidly becoming a fundamental paradigm for the development of complex Web applications, several security issues still need to be addressed. Among the various open issues concerning security, an important one is represented by the development of suitable access control models able to restrict access to Web services to authorized users. In this talk we present an innovative access control model for Web services, characterized by a number of key features, including identity attributes and service negotiation capabilities. We formally present the policy language formalisms and the protocol for carrying on negotiations by specifying the types of messages to be exchanged and their contents. We also discuss the architecture of a prototype we are currently implementing. As part of this work we have also developed an approach for mapping policies expressed in our language onto the WS-policy standard which provides a standardized grammar fore expressing Web services policies. We also outline open research issues.


Li-Chiou Chen (Pace University, USA)

Title: Identifying Malicious Web Requests through Changes in Locality and Temporal Sequence

Malicious web accesses have caused a substantial security problem for maintaining web services. By exploiting the vulnerabilities of a web server, malicious user agents[1] can either gain control of the web server or compromise the performance of the web service. For example, Internet worms propagate themselves by exploiting buffer overflow vulnerabilities in web server software. Malicious web-bots exploit CGI scripts to access password information. Patching software is not always effective in deterring these malicious attempts since exploits of new vulnerabilities can be invented even before patches are ready and distributed.

To address this problem, we propose a light-weight detector to identify and respond against malicious web requests. The detector will be able to work with web servers in analyzing and responding to ongoing web requests. Upon the receipt of a web request, the detector will parse the request, extract patterns based on the changes in locality[2] and temporal sequence[3] of the request, and determine a response based on the patterns and a set of predefined access policy. Using methodology from link analysis and temporal sequence analysis, this approach compares a web request with previous requests from the same user agent (usually represented by a distinct IP address) and calculates the changes in destination servers and web objects that this user agent has requested during a short period of time. Our assumption is that malicious user agents exhibit distinct patterns in locality and temporal sequence from legitimate ones. Our preliminary goal is to identify new web-bot probing behavior and intensive web requests, such as attempts caused by worms or denial of service attacks.

This research is still an ongoing work. In this workshop, we will discuss the current analytical method in identifying locality patterns and temporal sequences. We will also show preliminary results and discuss future plans in testing and implementing this method. We have conducted analyses based on a set of web traces collected from six web servers of an academic web site. The preliminary results have showed that our method can effectively identify new web-bot access behavior.

[1] User agent refers to the program that sends web requests, such as browsers or web-bots.
[2] Locality means from where the web request is sent, such as the source IP address, and which web server is requested, such as the destination IP address.
[3] Temporal sequence refers to the order of requested objects during a given period of time.


Yingying Chen, Constantin Serban, Wenxuan Zhang and Naftaly Minsky (Rutgers University, USA)

Title: Towards Decentralized and Secure Electronic Marketplace

For commerce (electronic or traditional) to be effective, there must be a degree of trust between buyers and sellers. In traditional commerce, this kind of trust is based on such things as societal laws and customs, and on the intuition people tend to develop about each other during interpersonal interactions. The trustworthiness of these factors is based, to a large extent, on the geographical proximity between buyers and sellers. But this proximity is lost in e-commerce.

In conventional electronic marketplaces the trust among participants is supported by a central server that imposes certain rules of engagement on all transactions. But such centralized marketplaces have serious drawbacks, among them: lack of scalability, and high cost.

This talk will propose a concept of decentralized electronic marketplace which would allow buyers and sellers to engage in commercial transactions, subject to an explicitly stated set of rules of engagement, called the law of this marketplace-which they can trust to be observed by their trading partners. This trust is due to a decentralized, and thus scalable, mechanism that enforces the stated law of such a marketplace.


Jong Hyuk Choi (IBM T. J. Watson Research Center, USA), Sang Seok Lim (IBM T. J. Watson Research Center, USA) and Kurt D. Zeilenga (Linux Technology Center, USA)

Title: On-line Certificate Validation via LDAP Component Matching

The ubiquity of Web Services in e-Business applications will drive new requirements for PKI (Public Key Infrastructure) beyond those of the current generation Internet applications. In particular, it becomes essential to be able to disseminate information on the validity of certificates in a timelier and more scalable manner because of the increased need for new security applications such as Web Services Security and because of the increasing level of threats and their effects. This presentation will address our proposal of providing on-line certificate validation over LDAP (Lightweight Directory Access Protocol). The proposed mechanism enables checking for the presence of a certificate in a sequence of revoked certificates contained in a CRL by using the LDAP component matching mechanism. In component matching, DER (Distinguished Encoding Rules) encoded CRL attributes are decoded into the internal ASN.1 representation for matching against a GSER (Generic String Encoding Rules) encoded assertion value for the portion of the CRL located by the component reference in the component search filter. In order to provide a proof on the authenticity and integrity of the LDAP search result, the ASN.1 value of a CRL is represented as an authenticated dictionary similar to the Certificate Revocation Tree (CRT). The proposed mechanism facilitates a number of advantages over the previous approaches like OCSP (Online Certificate Status Protocol): 1) it renders improved security because it does not require additional trusted entities such as trusted LDAP servers and trusted OCSP responders; 2) it promises scalability since it does not require responses to be signed as in OCSP; 3) it can interoperate well with the existing CRL certificate revocation framework; and 4) it does not need support for additional protocols for on-line certificate validation because it uses the same LDAP which is the main access method to download CRLs. This presentation describes the operation of the proposed on-line revocation mechanism focusing on its applications in the Web Services and XML Security.


Jong Youl Choi (Indiana University, USA), Markus Jakobsson (Indiana University, USA) and Philippe Golle (Palo Alto Research Center, USA)

Title: Tamper-Evident Digital Signatures: Protecting Certification Authorities Against Malware

We define deterministic variants of the Schnorr and DSA signature schemes. These variants eliminate from the signing protocol the randomness that can be exploited as a covert channel to leak bits of the private signing key. Our approach is to let the signer use secret pseudo-random values that are deterministic, in lieu of true randomness. The signer proves that each signature was correctly generated with respect to a commitment to a secret value. An honest verifier, which we call an "observer", checks these proofs and raises an alarm if it detects an incorrect proof. We call our signature schemes tamper-evident since any deviation from the protocol is immediately detectable.

While we replace standard pseudo-random numbers by provably consistent pseudo-random numbers, we are not weakening the underlying signature schemes, given that the selected values are still infeasible to predict or derive for a party other than the signer, without knowledge of the state of the pseudo-random generator.

Tamper-evident variants of Schnorr and DSA signatures offer a new line of defense against malware infections in certification authorities. At the cost of a small increase in computational and communication overhead, they produce tamper-evident signatures that are guaranteed free of covert channels.


Jason Crampton (Royal Holloway, University of London, UK)

Title: XACML and role-based access control

XACML 2.0 was recently approved as an OASIS standard and the role-based access control (RBAC) profile of XACML is at the approved committee draft stage. The RBAC profile provides a way of expressing RBAC policies using XACML and defines four generic XACML policies. We believe that the profile is rather rigid and does not accurately or adequately reflect the RBAC model, thereby limiting its utility and applicability. We propose a new suite of RBAC policies expressed in XACML that are faithful to the original RBAC model and hence provide greater flexibility than the existing profile. We also outline a method for specifying and enforcing separation of duty policies using XACML.


Thomas DeMartini (ContentGuard, USA)

Title: Use of REL Tokens for Higher-order Operations

This presentation will discuss what a rights expression is and how it is used as a token within web services security for authentication, integrity protection, and confidentiality. It will then describe how REL Tokens can be further used for authorization supporting trust managed, delegated, and federated authorization.


Cédric Fournet (Microsoft Research -- Cambridge, UK)

Title: Verification Tools for Web Services Security

We consider the problem of verifying cryptographic security protocols for XML web services. The security standard WS-Security specifies a range of XML security tokens, such as username tokens, public-key certificates, and digital signatures, amounting to a flexible vocabulary for expressing protocols.

To describe the syntax of these tokens, we extend the usual XML data model with symbolic representations of cryptographic values. We use predicates to describe the semantics of security tokens and of sample protocols distributed with the Microsoft WSE implementation of WS-Security. By embedding our data model within the applied pi calculus, we formulate security properties with respect to a standard Dolev-Yao threat model. We then automatically check these properties using protocol verifiers. To the best of our knowledge, this is the first approach to the verification of security protocols based on a faithful account of the XML wire format.

Building on top of WS-Security, new specifications describe, for instance, session-management protocols (WS-Trust, WS-SecureConversation) and a declarative configuration language for selecting security mechanisms (WS-SecurityPolicy). Accordingly, we extend the scope of our formal semantics and develop automatic tools that can automatically analyze web services deployments and check whether they achieve their declared security goals.


Phillip Hallam-Baker (Verisign, USA)

Title: Web Services Architecture and the Old World

The Web Services Architecture and standards such as SOAP, WSDL and WS-Security have quickly become established as the platform of choice for design of new standards based protocols. As protocol designers become familiar with principles such as protocol and service descriptions certain features of the new Web Services Architecture are beginning to be applied in ongoing effort to re-engineer legacy protocols such as SMTP to meet the important security challenges of SPAM and Internet crime. The Sender-ID proposal for email authentication establishes a security policy framework similar in concept albeit more constrained in scope than WS-SecurityPolicy. The Domain Keys and Identified Internet Mail proposals for email signing adopt a layered approach that is similar in structure to WS-Security.

This development creates the opportunities for designers of Web Services based protocols to observe and gain experience from the operation of these architectural elements on an extended scale. In particular the Web Services architecture still faces significant deployment challenges if it is to become a genuinely mainstream technology and replace and transform traditional models of business communication on the same scale that the Web has replaced and transformed publishing. A more intriguing prospect is that adding features of the Web Services architecture to traditional protocols such as SMTP may provide an opportunity to create 'Web Services Lite', a technology which allows a lower cost entry point into the Web Services world for individuals small businesses that need to connect to corporations that are building out Web Services based supply chains but do not have the resources to deploy one of their own.


Eldar Kleiner and A.W. Roscoe (Oxford University Computing Laboratory, UK)

Title: On the relation between Web Services Security and traditional protocols

We previously claimed that in the Dolev-Yao model the syntax of the SOAP message has relatively little effect on the security of the protocol. Therefore an abstracted view of the protocol, taken that it encapsulates all the security elements, provides an accurate model. We suggested a mapping function from SOAP messages to Casper input and demonstrated how using this we could use Casper and the FDR refinement checker to find two attacks on WS-Security protocols proposed by Oasis.

In this talk we prove a few properties of the latter function and confirm our last claim. We then demonstrate how we used those properties together with the Data Independent technique to provide general proofs of correctness and to find flaws of proposed WS-Security protocols.


Eugene Kuznetsov (DataPower Technology, Inc., USA)

Title: Analysis of aspects of XML & WS-* that make hardware optimizations harder or easier

Based on experience of building high-speed XML-aware network hardware, especially XML firewalls & WS-Security gateways, this talk will provide an introduction to how features of both mature and emerging XML Web services standards impact the ability to perform hardware acceleration. Some areas that will be covered include the impact of XPath, XML Schema, canonicalization, streamability, SOAP processing model and cryptographic operations. Several standardization decisions that made hardware acceleration easier will be contrasted with ones that made it -- or will make it -- much more difficult or less profitable. The impact of interaction with external systems, especially in usecases involving access control or session keys.


John Linn (RSA Laboratories, USA)

Title: Active Intermediaries in Web Service and E-Commerce Environments

Today's emerging web service and e-commerce environments provide varied examples of a trend with significant impact on security architectures and assumptions: the interposition of active intermediaries (which may or may not act as peers to particular protocols, and which may be fully trusted, partly trusted, or untrusted) on paths between communicating peers. Traditionally, security protocol design practice has often sought to insulate traffic against intermediaries, treating them as attackers, but this premise is inconsistent with use of intermediaries by design to provide desired communications and/or security functions. When multiple active entities are involved with security-related aspects of a communication, it becomes more complex to evaluate the overall properties and semantics that are achieved.

Some noteworthy cases include multi-hop SOAP processing scenarios, firewalls, proxies, and content distribution components like those being considered in the IETF Open Pluggable Edge Services (OPES) WG. Browser-based single sign-on methods, whether based on cookies or on protocols like the OASIS Security Services TC's SAML 2.0, constitute another design class of interest: in these situations, HTTP-capable browsers may act as passive holders and forwarders of credentials, operating in response to triggers received from the systems they access. This presentation will characterize and examine security-relevant characteristics of different types of intermediary processing in web service and e-commerce environments, and will suggest related research topics.


J. Micallef, B. Falchuk and C. Chung (Telcordia Technologies, Inc., USA)

Title: Automating Deployment Configuration of Web Services Security

Communications service providers are re-engineering their back-office systems and enterprise architectures to increase business agility and flexibility for revenue generation, and to integrate the supply chain for cost reduction. A flexible, standards-based integration architecture is a key factor for success of these initiatives, and therefore many of these re-architecture efforts are adopting a Service Oriented Architecture implemented with Web Services.

Mission critical enterprise systems, such as telecommunications network management systems, have stringent Quality of Service (QoS) requirements for security, reliability, availability, performance, and scalability. A key challenge is how to design and architect Web service-based applications to allow the service QoS to be easily and correctly configured at deployment time.

Our approach to address this challenge exploits semantic Web technologies to support and automate deployment configuration to satisfy the application QoS requirements for the specific target technology infrastructure. In this presentation, we describe how we have applied this approach to automate the configuration of security policies for a Web services gateway based on an ontology that describes the Web service security requirements and the gateway's security capabilities.


Naftaly Minsky (Rutgers University, USA)

Title: Flexible Regulation of Virtual Enterprises

There is a growing tendency for enterprises to form coalitions in order to collaborate by sharing some of their resources, or by coordinating some of their activities. Such coalitions, or "virtual enterprises", are the basis for such things as supply-chains, in B2B commerce, and for grid computing. This talk will address the question of how such coalitions are to be regulated.

We assume that a coalition C of enterprises E1,...,En is to be governed by a coalition policy Pc, and that each member enterprise Ei has its own internal policy Pi that regulates its participation in the coalition. I will describe a mechanism for the flexible formulating of such an ensemble of policies, and for their scalable enforcement---where by "flexible" we mean that each member-enterprise Ei should be able to formulate its internal policy Pi, and to change it at will, independently of the internal policies of other enterprises in the coalition, and without any knowledge of them.

The regulatory mechanism to be described is based on the concept of Law-Governed Interaction (LGI), and on its hierarchical organization of policies.


Sanjai Narain (Telcordia Technologies, Inc., USA)

Title: Scalable Configuration Management For Secure Web Services Infrastructure

Typically, an enterprise wishing to set up secure web services specifies end-to-end requirements such as on encryption, authentication, authorization, integrity, non-repudation, and availability. Systems integrators then design an architecture, at and across multiple protocol layers, to satisfy these requirements. They could make design choices such as credit-card encryption at the application layer, authentication, authorization and non-repudiation via XML gateways, and bulk encryption and integrity via VPNs. Availability could be accomplished via a cluster of XML gateways and via fault-tolerant routers and VPNs. Defense-in-depth could be accomplished by placing XML gateways inside DMZs. Integrators then use different types of reasoning to accomplish a variety of configuration management tasks: synthesizing component configurations implementing requirements, troubleshooting configuration errors, performing vulnerability analysis, accomodating changes in requirements, and adding and deleting sites consistently with top-level requirements. However, such tasks are manually performed. One cannot even precisely specify architectures, that require the expressive power of first-order logic, hence any automation of such tasks is impossible. Thus, equipment, labor and time costs of building and adapting web services infrastructure is very high.

Recent work has proposed the notion of a Requirement Solver to formally specify architecture requirements and automate above tasks. This Solver takes as input first-order logic requirements and a set of components, and produces as output component configurations satisfying the requirements. The Solver has a direct implementation in the logical system called Alloy from MIT. Alloy finds models of first-order logic formulas in finite domains, and uses highly efficient SAT solvers. This talk illustrates the use of the Solver for secure web services, and sketches ongoing work to scale the approach to infrastructures of realistic size.


Birgit Pfitzmann (IBM Zurich Research Lab, Switzerland)

Title: Web services and Federated Identity Management

Abstract: One of the major early promises of web services for enterprises is consolidated identity management across different trust domains. This includes identity provisioning as well as federated authentication, and browser-clients as well as rich web-services clients. We will discuss the security and privacy challenges in this domain. This includes security flaws found in prior versions of such protocols, the special techniques needed to prove federated identity management protocols, as well as an overview of the privacy goals and to what extent the design of the protocols themselves (in contrast to policy management) can limit the achievable privacy.


Constantin Serban (Rutgers University, USA)

Title: Regulating Synchronous Communication, and its Applications to Web-Services

Web Services, which often use synchronous methods of communication, involve interaction among heterogeneous entities spanning across multiple administrative domains. Such interaction needs to be regulated, for it to be reliable and safe. But the various synchronous communication protocols -- as RMI and Soap -- provide a very primitive control mechanism, and even the heavyweight CORBA middleware does not do much better. We propose a more flexible, scalable, and lightweight control over synchronous communication, using the Law Governed
Interaction (LGI)--which is a coordination and control mechanism that allows an open group of distributed agents to engage in an interaction governed by an explicitly specified policy. Using this mechanism, we show a modified RMI implementation for method call control, and fine-grained control for object transfer using policies written in Java. We evaluate our solution by studying a control policy of an airline alliance. The preliminary results show that our solution is flexible, scalable, and inexpensive.


Youjin Song (Dongguk University, S. Korea) and Yuliang Zheng (UNC-Charlotte, USA)

Title: Software Based Acceleration Methods for XML Signature

Enhancing the performance of processing XML signature and encryption is an area of importance to Web service provision. While hardware based solutions are available to accelerate both XML signature and encryption, software based acceleration methods are more advantageous in some applications where flexibility and low cost are an issue. In this talk we report our findings on the performance of various XML security configurations. We will also report results on incorporating signcryption schemes into Web service provision.


Victoria Ungureanu (Rutgers University, USA)

Title: Using Certified Policies to Regulate E-Commerce

E-commerce regulations are usually embedded in mutually agreed upon contracts. Generally, these contracts enumerate agents authorized to participate in transactions, and spell out such things like rights and obligations of each partner, and terms and conditions of the trade. An enterprise may be concurrently bound by a set of different contracts that regulate the trading relations with its various clients and suppliers. This set is dynamic because new contracts are constantly being established, and previously established contracts end, are annulled or revised.

We argue that existent access control mechanisms cannot adequately support the large number of regulations embedded in disparate, evolving contracts. To deal with this problem we propose to use certified policies (CPs). Such a policy consists of access and control regulations expressed in a formal, interpretable language, and digitally signed by a proper authority. In the proposed framework, an agent addressing a request to a server has to send the server not only his credentials, but also the CP formalizing the rules of the contract under which the agent operates. The CP is used as the authorization policy for the request in question, if it is signed by a trusted authority.

This approach makes several aspects of contract enforcement more manageable and more efficient: (a) deployment: certified policies may be stored on certificate repositories, from where they can be retrieved as needed, (b) annulment: if a contract is annulled, the corresponding CP should be invalidated; the latter can be conveniently supported by certificate revocation, and (c) revision: revision of contract terms can be done by publishing a new certified policy, and by revoking the old one. The proposed approach is practical in that it does not require any modification of the current certificate infrastructure, and only minor modifications to servers.


Brent Waters (Stanford University, USA), Alex Halderman (Princeton University, USA) and Ed Felten (Princeton University, USA)

Title: A Convenient Method for Securely Managing Passwords

Computer users are asked to generate, keep secret, and recall an increasing number of passwords for uses including host accounts, email servers, e-commerce sites, and online financial services. Unfortunately, the password entropy that users can comfortably memorize seems insufficient to store unique, secure passwords for all these accounts, and it is likely to remain constant as the number of passwords (and the adversary's computational power) increases into the future.

I will present Password Multiplier, an application that uses a strengthened hash-based function to compute secure passwords for arbitrarily many accounts while requiring the user to memorize only a single short password. Unlike previous approaches, our design is both highly resistant to brute force attacks and nearly stateless, allowing users to retrieve their passwords from any location so long as they can execute our program and remember a short secret. This combination of security and convenience will, we believe, entice users to adopt our scheme. I will discuss the construction of our algorithm in detail, compare its strengths and weaknesses to those of related approaches, and present an implementation in the form of an extension to the Mozilla Firefox web browser.


George Yee (National Research Council, Canada)

Title: Negotiated Security and Privacy Policies for Web Services

Security and privacy provisions for web services have to-date been centered on protocols based on XML that are put in place for a particular web service by the service provider. They provide limited security and privacy based on the provider's view of what is needed. However, consumers need to have a say regarding the security and privacy of information that they provide as required input for the service. This talk looks at the use of service-specific security and privacy policies that are negotiated between the service consumer and the service provider to regulate the security and privacy of consumer information. Consumers are allowed their say through the negotiation.


Previous: Program
Workshop Index
DIMACS Homepage
Contacting the Center
Document last modified on May 2, 2005.