Saturday 20 September 2008
Model Driven Security & SOA - take the survey & get involved
The UK Cyber Security KTN currently runs a SOA security analysis project (see www.secure-soa.info) and there is a study about the main concerns of SOA security by end-users.Please click here www.secure-soa.info to take the 5 minute survey, and get involved in the email group, wiki, and report!
Blog merged with www.modeldrivensecurity.org
This blog has been merged with www.modeldrivensecurity.org, the blog on Model Driven Security. Please have a look there about current issues
Tuesday 25 September 2007
Publications & Resources
This blog also tries to provide a forum for publications about SOA security. Please put any abstracts into the comments of this message and we will merge them into the main message.
Here is our publication at ISSE 2007:
Model driven security for agile SOA-style environments
Dr. Ulrich Lang & Rudolf Schreiner
There is evidence that many IT security vulnerabilities are caused by incorrect security policies and configurations (i.e. human errors) rather than by inherent weaknesses in the attacked IT systems. Security administrators need to have an in-depth understanding of the security features and vulnerabilities of a multitude of ever-changing and different IT "silos". Moreover, in complex, large, networked IT environments such policies quickly become confusing and error-prone because administrators cannot specify and maintain the correct policy anymore. Agile service oriented architecture (SOA) style environments further complicate this scenario for a number of reasons, including: security policies may need to be reconfigured whenever the IT infrastructure gets re-orchestrated; security at the business process management layer is at a different semantic level than in the infrastructure; semantic mappings between the layers and well-adopted standardised notations are not available. This paper explores how the concepts of security policy management at a high, more intuitive (graphical) level of abstraction and model-driven security (tied in with model driven software engineering) can be used for more effective and simplified security management/enforcement for the agile IT environments that organisations are faced with today. In this paper, we illustrate in SecureMDA™ how model driven security can be applied to automatically generate security policies from abstract models. Using this approach, human errors are minimised and policy updates can be automatically generated whenever the underlying infrastructure gets re-orchestrated, updated etc. The generated security policies are consistent across the entire distributed environment using the OpenPMF policy management framework. This approach is better than having administrators go from IT system to IT system and change policies for many reasons (including security, cost, effort, error-proneness, and consistency). The paper also outlines why meta-modelling and a flexible enforcement plug-in model are useful concepts for security model flexibility.
Here is our publication at ISSE 2007:
Model driven security for agile SOA-style environments
Dr. Ulrich Lang & Rudolf Schreiner
There is evidence that many IT security vulnerabilities are caused by incorrect security policies and configurations (i.e. human errors) rather than by inherent weaknesses in the attacked IT systems. Security administrators need to have an in-depth understanding of the security features and vulnerabilities of a multitude of ever-changing and different IT "silos". Moreover, in complex, large, networked IT environments such policies quickly become confusing and error-prone because administrators cannot specify and maintain the correct policy anymore. Agile service oriented architecture (SOA) style environments further complicate this scenario for a number of reasons, including: security policies may need to be reconfigured whenever the IT infrastructure gets re-orchestrated; security at the business process management layer is at a different semantic level than in the infrastructure; semantic mappings between the layers and well-adopted standardised notations are not available. This paper explores how the concepts of security policy management at a high, more intuitive (graphical) level of abstraction and model-driven security (tied in with model driven software engineering) can be used for more effective and simplified security management/enforcement for the agile IT environments that organisations are faced with today. In this paper, we illustrate in SecureMDA™ how model driven security can be applied to automatically generate security policies from abstract models. Using this approach, human errors are minimised and policy updates can be automatically generated whenever the underlying infrastructure gets re-orchestrated, updated etc. The generated security policies are consistent across the entire distributed environment using the OpenPMF policy management framework. This approach is better than having administrators go from IT system to IT system and change policies for many reasons (including security, cost, effort, error-proneness, and consistency). The paper also outlines why meta-modelling and a flexible enforcement plug-in model are useful concepts for security model flexibility.
Thursday 6 September 2007
Gartner Hype Cycle for Information Security 2007
Gartner has just released their new Hype Cycle for Information Security 2007, and model driven security is on it. ObjectSecurity's OpenPMF 2.0 (www.openpmf.com) has been identified as aleading product in this emerging area.
This shows that Gartner believes that model driven security is a critical technology approach to simplify enterprise security.
We believe that model driven security plays an important role for securing agile SOA, as illustrated at www.trustedsoa.com.
This blog is a public forum and we are welcoming any views on this.
This shows that Gartner believes that model driven security is a critical technology approach to simplify enterprise security.
We believe that model driven security plays an important role for securing agile SOA, as illustrated at www.trustedsoa.com.
This blog is a public forum and we are welcoming any views on this.
Friday 27 July 2007
Related blogs
There is a related blog at www.modeldrivensecurity.org and one with more of a middleware security focus at www.securemiddleware.org.
Thursday 21 June 2007
Looking for TrustedSOA, the SOA security solution?
If you got to this webpage because you are looking for TrustedSOA, ObjectSecurity's innovative SOA security solution, then please go to:
www.trustedsoa.com
or
http://www.objectsecurity.com/en-products-trustedsoa.html
www.trustedsoa.com
or
http://www.objectsecurity.com/en-products-trustedsoa.html
Friday 23 March 2007
“Brittleness” is a feature, not a bug!
I often hear that standard middleware, be it Web Services based on SOAP or CORBA is too "brittle" for the real world. The provider and the user of a service of such tightly coupled systems have to exactly agree on the interfaces on both sides. This raises problems, because these interfaces always have to be kept in sync, which is hard to manage in real life. If one side changes the interface description, expressed in WSDL or IDL, then the other side does not understand the data transferred anymore.
A often proposed "solution" now is a document centric, loosely coupled message system. Instead of well defined information, now documents, mainly in XML, are sent around and the receiver has to understand only the "relevant" parts. Other parts of the message are processed, modified or reordered somehow.
Great idea! Did the people suggesting this ever hear about type safety and its benefits? What about safety in general? Why do safety critical domains like military or Air Traffic Control use a strict code even for vocal communication? Because in this case both sides exactly know what's going on the other side!
In the loosely coupled approach you never exactly know how a message is handled, whether the ignored parts are relevant or critical.
So strict typing is a feature, not a bug! At at least it gives a clear error message, instead of making a system completely indeterministic.
OK, but the problem is still there! It is a fact that big enterprises have problems to handle all the interfaces, to keep them all in sync. Just by saying that strict typing is a good thing, the problem does not go away.
The real solution is not on the middleware side, a too loosely coupled middleware can be avoided. The solution is on the development and management side. In order to avoid interface clashes, good enterprise wide development tools, e.g. versioning systems with detection of conflicts, and a strict observing of best practices are needed.
A often proposed "solution" now is a document centric, loosely coupled message system. Instead of well defined information, now documents, mainly in XML, are sent around and the receiver has to understand only the "relevant" parts. Other parts of the message are processed, modified or reordered somehow.
Great idea! Did the people suggesting this ever hear about type safety and its benefits? What about safety in general? Why do safety critical domains like military or Air Traffic Control use a strict code even for vocal communication? Because in this case both sides exactly know what's going on the other side!
In the loosely coupled approach you never exactly know how a message is handled, whether the ignored parts are relevant or critical.
So strict typing is a feature, not a bug! At at least it gives a clear error message, instead of making a system completely indeterministic.
OK, but the problem is still there! It is a fact that big enterprises have problems to handle all the interfaces, to keep them all in sync. Just by saying that strict typing is a good thing, the problem does not go away.
The real solution is not on the middleware side, a too loosely coupled middleware can be avoided. The solution is on the development and management side. In order to avoid interface clashes, good enterprise wide development tools, e.g. versioning systems with detection of conflicts, and a strict observing of best practices are needed.
Subscribe to:
Posts (Atom)