Security patterns with wso2 esb
Upcoming SlideShare
Loading in...5
×
 

Security patterns with wso2 esb

on

  • 1,283 views

Security is a key aspect of any successful enterprise SOA solution. ...

Security is a key aspect of any successful enterprise SOA solution.

The Enterprise Service Bus is usually the entry point to an enterprise SOA solution. It is also the central place through which the incoming and outgoing messages flow, thus making it the most relevant location to enforce security measures of the solution.

This presentation which was used in a webinar, goes through the recurring problems and requirements in the space of identity, security and access control of a SOA solution along with the security patterns that can be applied to overcome them using the WSO2 ESB as a security gateway. Use cases are taken from a Healthcare SOA solution to illustrate these challenges and the corresponding solution patterns that can be designed to overcome them.

Statistics

Views

Total Views
1,283
Views on SlideShare
1,258
Embed Views
25

Actions

Likes
0
Downloads
21
Comments
0

2 Embeds 25

http://172.22.38.28 14
http://tdl.insiel.it 11

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Manages, exchanges and exposes sensitive data with related to different services offered.
  • IT system of Ceycare going to adaopt SOA solution with its business expansion – why need SOA?SOA enables ceycare to expose its legacy sys comp as services, achive loosecouplingf among them,With expansion, their IT sys needs to collaborate with partner org – SOA provides necessary interoperabilityIt provides req. Flexibility to cope up with changing business req. While providing capability to compose several services together as values added business processes ceycare decided to adapt a SOA solution:List of points in brief for ceycare to adopt SOA.Expose legacy sys components as reusable services.With expansion of org – collaborate with other partener org. Need to support interoperability,Support changing business requierments, soln needs to be flexible.Ochestrating business processes.
  • Why do we need special concern about SOA security?Web service sec mechanisms & ws sec policy
  • European Union's Data Protection Directive95/46/EC, together with other relevant laws and regulations,Following is a specific set of req. Related to healthcare sys extracted from: which is a research carried out on:WRT identification & authz. Sys should..........Those are the main sec. Req. Of a Healthcare SOA soln in brief.. Lets go though each of them one by one in detail and explore how to accomplish them by applying the relevant security patterns.
  • There can be many types of users of the sys – both human, sys, internal & externalMajority is being internal users.Services should identify and verify the identity of all its human usersbefore allowing them access to their resourcesServices should identify and verify the identity of corresponding servicesbefore they are allowed to communicate.
  • There is a central place where the credentials stored and the authentication is enforced at a central place or the at the entry point to the system. Users can use the credentials of these listed types.
  • Services should identify and verify the identity of all its human usersbefore allowing them access to their resourcesServices should identify and verify the identity of corresponding servicesbefore they are allowed to communicate.
  • Instead of user name, password, user brings a security token issued by a third party authentication broker.There are several mechanisms to implement borkered auth, here we illustrate how to accomplish it with WS-Trust based on SAML SAML is the standard for porting identities accross organizational boundary.
  • Services should identify and verify the identity of all its human usersbefore allowing them access to their resourcesServices should identify and verify the identity of corresponding servicesbefore they are allowed to communicate.
  • Even if the claim based authorization is used, if it is backed into application logic, it is not flexible, it should be possible to change access control policies with changing business requirements.
  • XACML mediator
  • This is how you can configure in sequence of a ESB proxy service to implement audit interceptor pattern.
  • Internal system will be free from unwanted traffic since the messages are dropped at boundray.
  • The throttle mechanism is used to control access to our services at different levels.Globally, service level, operation level
  • SQL injection is a threat that results from poor validation of user input,when performing a dynamic query, one formed by concatenating strings, inan application's database. Such attack can allow access to private data andmodify the database in a number of ways, via select, insert, update, anddelete operations [81].
  • SQL injection is a threat that results from poor validation of user input,when performing a dynamic query, one formed by concatenating strings, inan application's database. Such attack can allow access to private data andmodify the database in a number of ways, via select, insert, update, anddelete operations [81].

Security patterns with wso2 esb Security patterns with wso2 esb Presentation Transcript

  • Hasini GunasingheSoftware Engineer-WSO2
  •  Security requirements of a SOA solution in healthcare domain. Security patterns to accomplish them. Implementing patterns with WSO2 ESB.
  • Hospital Services Channelling consultation Physicians’Patients’ data data Ceycare Systems Medical Laboratory Collaboration with medical Services research institutes Medical Test results Medical statistics
  •  Why SOA?  Expose legacy sytem components as services.  Loose coupling  Interoperability  Flexibility  Business process composition.
  •  Why security in SOA?  Business assets exposed to outside as services to be discovered.  Should facilitates interoperability, flexibility.
  •  Identification and authentication Authorization Intergrity Privacy Security auditing Survivability Non-repudiation Source: Security in SOA-Based Healthcare System
  • Requirement:Services need to identify and verify the claimedidentity of internal users of the organization.
  • Pattern:Authentication Patterns: Direct Authentication - Authenticating users with credentials stored internally. - Credentials can be : - Username/password - Username token - X.509 certificates
  • Patient’s Records: Name:Credential 3 Age: Histroy: 1 Secured Proxy 2 Ceycare credential store
  • Requirement:Services need to identify and verify the claimedidentity of external users – from partnerorganizations.
  • Pattern:Authentication Patterns: Brokered Authentication  Authenticating users outside the organization boundary.  Ceycare trusts a token issued by a trusted party in partner organization.  Brokered authentication based on WS-Trust with SAML.
  • Scenario 1: Authentication accross organizational boundries CeyCare 4 Patient’s Records:Secure Token Name: Service of Age: CeyMed Histroy: 2 Secured Proxy 3 CeyMed 1 credential store CeyMed
  • Requirement: Facilitate communication between clients and services which talk in different authentication mechanisms.
  • Pattern:Resource Access Patterns: Protocol Transition  ESB authenticates clients with the auth mechanism that they understand – eg: UT  Transform credentials in the form that service understands - eg: Basic Auth
  • Patient’s Records: Name: Age: Histroy: BasicAuth Header 3 1 2Username Token Ceycare credential store
  • Requirements:- Avoid user credentials to be passed to backend service.- Avoid user bypassing security processing.
  • Pattern:Resource Access Patterns: Trusted sub system pattern  User authenticates to ESB with his/her credentials.  BE service trusts ESB.  ESB accesses BE service on behalf of authenticated user.
  • Patient’s Records: Name: ESB Age: Credential Histroy: 3 UserCredential Secured Proxy 1 2 Ceycare credential store
  • Requirement:Control access based on privileges of the users. Eg: Users in role: ‘Physician’ can update patients’ records while users in role: ‘Lab technologist’ can only view records
  • Pattern:Authorization patterns Role based access control:  Assign users to roles.  Grant privileges to roles.  This is a coarse grained authorization model.
  • Requirement:Control access based on user’s claims, in a finegrained manner. Eg: Heart patients data could only be accessed by Physicians with job title: “Cardiologists”
  • Pattern:Authorization patterns Claim based authorization :  Provides fine grained authorization.  Policy based access control with XACML – provides flexibilty.
  • Authorization based on claims carried in SAML token. Heart Patient’s Records: (4) Allow/deny Name: access Age: Histroy: SAML Token Secured Proxy 1 (3) Authorization decision Entitlement PAP, PDP, Mediator (2) XACML PIP [PEP] Authorization request
  • Requirement:Delegating access: Eg: Application in a phisician’s mobile device needs to retrieve channelling appointments from his account in Ceycare System.
  • Pattern:Authorization patterns Constrained delegation using OAuth: 1. Mobile app authenticates to authorization server. 2. Mobile app requests authorization from resource owner. 3. Resource owner authenticates to authorization server. 4. Resource owner grants permissions to the application to access resource on behalf of him. 5. Application obtains access token from access grant. 6. Resource server (ESB) validates access token. 7. Allow/Deny access to BE resource.
  • Chanelling appointments Name: Time: (7) Allow/ Hospital: Access request+ deny Access Token OAuth access 5 Mediator (6) Validate Access Token Authorization1 request (4) Access Token 2Authorization (3) Authorization grantgrant
  • Requirements: Protect sensitive personal data during transmission from :  tampering  unauthorized access Non-repudiation - A patient’s account should show who has updated his/her medical records.
  • Patterns:Message protection patterns: Data origin authentication and intergrity - digital signatures. Data confidentiality - digital encyption.
  • Example Configuration:
  • Example Configuration:
  • Requirement:Avoid exposing sensitive data through exceptions. Legacy application code might throw exceptions containing sensitive information. Need to filter those expections when system is exposed to external parties.
  • Pattern:Boundry defense pattern Exception shielding: - Sanitize unsafe exception data by replacing it with non-harmful exception message. - Enrich mediator of ESB.
  •  Example un-safe message:
  •  Example Configuration:
  • Requirement:Log security incidents to trace system abuse:- Failed login attempts- Unauthorized access attempts to services
  • Pattern:Boundry defense pattern: Audit Intercepter  All messages flow through the a gateway of the system. (ESB)  Necessary auditing is done by the logging at the gateway. (Log mediators of ESB)
  • Example Configuration:
  • Requirement:Prevent denial of service attacks caused byreplaying valid messages.
  • Pattern:Boundray defense pattern Replay mitigation:- Apply throttling rules at the entry point (ESB).- Validate message freshness by WS-Security mechanisms (Timestamp).
  • Applying throttling rules in ESB:Control access at three different levels throughthrottling:1. Global2. Service3. Operation
  •  Throttling at global level:
  •  Throttling at service level:
  •  Configuring throttling in ESB:
  •  Example Time Stamp in WS-Security Header:
  • Requriement:Mitigate damages to the system from messageswith malicious content :- SQL injection- X-Doc attacks
  • Pattern:Boundray defense pattern Message validation :- XML Schema validation.- Regular expression validation to avoid SQL injections contained in strings.- Validation & Filter mediators of ESB.
  •  Examlpe SQL Injection attack:Query:SELECT * FROM p r e s c r i p t i o n s WHERE pat i ent ID = + $pat i ent ID + ;If$pat i ent ID = 3 5 2 1 ; DROP TABLE p a t i e n t s ;Resulting query causing SQL injection:SELECT FROM p r e s c r i p t i o n s WHERE pat i ent ID = 3 5 2 1 ;DROP TABLE p a t i e n t s ; Source: Security in SOA-Based Healthcare System
  •  Example Configuration:
  •  Security requierments related to a healthcare SOA solution. Security patterns used to accomplish them. How WSO2 ESB fits in the security patterns.
  •  WSO2 Security & Identity Gateway solution white paper: http://wso2.com/casestudies/wso2-security-and- identity-gateway-solution/ Security in SOA based healthcare systems: By Richard Sassoon
  • Selected Customers https://ail.google.com/mail/u/0/?ui=2&ik=ad9a e58f41&view=att&th=1331a70983344a32&atti d=0.1&disp=thd&realattid=f_gtxto6mk0&zw
  • • QuickStart• Development Support• Development Services• Production Support• Turnkey Solutions • WSO2 Mobile Services Solution • WSO2 FIX Gateway Solution • WSO2 SAP Gateway Solution
  • Contact us: bizdev@wso2.com