Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 34

Federation and Promotion of Heterogeneous Domains and Services

0

Share

Download to read offline

CARI'2020, Abdramane Bah, Pascal André, Christian Attiogbé et Jacqueline Konaté

Related Books

Free with a 30 day trial from Scribd

See all

Federation and Promotion of Heterogeneous Domains and Services

  1. 1. Federation and Promotion of Heterogeneous Domains and Services Abdramane Bah1,2 , Pascal André1, Christian Attiogbé1 et Jacqueline Konaté21LS2N CNRS UMR 6004 - University of Nantes, France 2FST-USTTB - University of Science and Technology of Bamako, Mali CARI’2020
  2. 2. OUTLINE 1. Introduction  context and contributions 2. Federation of services  concepts and access control 3. Promotion of services 4. Implementation 5. Application 6. Conclusion CARI'2020, FEDERATION AND PROMOTION OF SERVICES 2
  3. 3. INTRODUCTION
  4. 4. CONTEXT Cross-domain interoperability with Service-Oriented Architecture (SOA) SOA allow service-based collaboration across security domains (or domain)  Services can be composed across domains to create new value-added services. However, domains must ensure secure access to their services. CARI'2020, FEDERATION AND PROMOTION OF SERVICES 4 Example of cross-domain service composition
  5. 5. CONTEXT Cross-domain interoperability and Security Services should be shared only between trusted domains (federation)  Access to domain services should be controlled against unauthorised access (Access control) CARI'2020, FEDERATION AND PROMOTION OF SERVICES 5 Service sharing between trusted domains  Domain can participate in several federations  A federation is dynamic: domains can join it; others can leave it.  Each domain is autonomous in terms of security.
  6. 6. CONTEXT Access control to domain services CARI'2020, FEDERATION AND PROMOTION OF SERVICES 6 Access control relies on user authentication  User authentication is delegated to their own domains (or Federated Access control)  User authentication is based on service access control requirements (ACR)  ACR refer to user’s identity informations for access control called authorisation attributes  Domains have heterogeneous authorisation attributes (e.g. role,
  7. 7. CONTEXT Secure federation of services: the obstacles 1. Heterogeneity of domain access control models and attributes a. access control of services : user authentication cannot be delegated to their domains b. Access and secure composition of domain services is not possible 2. Complexity of discovering shared services between domains Shared services are published in the local service registries of their domains. CARI'2020, FEDERATION AND PROMOTION OF SERVICES 7 To share domain services in a federation: • The access control requirements (ACR) of shared services must be expressed by authorization attributes common to all domains • discovering and composing shared services across domains should be simple
  8. 8. PROBLEMS 1. Define common autorisation attributes for all domains in a federation (Interoperability of access control) •Access control of domains are based on their own authorization attributes •Domains cannot abandon their access control models in favour of a global one 2. Redefine service ACR with common autorisation attributes (Interoperability of services)  Domain services are used locally.  the redefinition of service access control requirements (ACR) compromises the existing service consumers. Domains must be both autonomous and interoperable towards theCARI'2020, FEDERATION AND PROMOTION OF SERVICES 8
  9. 9. CONTRIBUTIONS 1. For interoperability of access control models and attributes  We had proposed a method for access control interoperability in [Bah et al., 2019]  which includes a global mechanism to define access control requirements (ACR) of shared services 2. For interoperability of domain services We propose: the promotion of services a. A service federation approach  To facilitate the discovery and composition of shared services between domains b. A method to redefine service ACR without compromising their existing consumers CARI'2020, FEDERATION AND PROMOTION OF SERVICES 9 [Bah et al., 2019] Abdramane BAH, Pascal André, Christian Attiogbé, and Jacqueline Konaté. Federation of Services from Autonomous Domains with Heterogeneous Access Control Models. In 18th International Information Security for South Africa Conference, Johanesbourg, South Africa, August 2019.
  10. 10. FEDERATION OF SERVICES Service Sharing in a Federation: the Concepts
  11. 11. FEDERATION OF SERVICES: THE CONCEPTS SOA: is an approach to organise distributed resources as services Security domain: is a single unit of security administration Federation: is a collection of autonomous domains Federation of services: is a service-based collaboration between trusted domains CARI'2020, FEDERATION AND PROMOTION OF SERVICES 11
  12. 12. FEDERATION OF SERVICES: ACCESS CONTROL Federated Access control: User authentication is delegated to their domains (or Identity provider) Service providers (or Relying party) uses the user's security token to authorise access to services Security token: proof of authentication that contains the authorisation attributes of the user (e.g. role)CARI'2020, FEDERATION AND PROMOTION OF SERVICES 12 Access control steps Authentication and Autorisation
  13. 13. FEDERATION OF SERVICES: ACCESS CONTROL Two methods to address the heterogeneity of domain access control models and attributes [Preuveneers et al., 2018] [Haguouche et al, 2015] CARI'2020, FEDERATION AND PROMOTION OF SERVICES 13 [Haguouche et al, 2015] Samira Haguouche and Zahi Jarir. Managing Heterogeneous Access Control Models Cross Organization. In Javier Lopez, Indrajit Ray, and Bruno Crispo, editors, Risks and Security of Internet and Systems, volume 8924, pages 222–229. Springer, Cham, 2015. [Preuveneers et al., 2018] D. Preuveneers, W. Joosen, and E. Ilie-Zudor. Policy reconciliation for access control in dynamic cross-enterprise collaborations. Enterprise Information Systems, 12(3):279–299, 2018. 1. Attribute Standardisation Common definition of authorisation attributes and semantics for all domains 2. Attribute Mapping define correspondences (or mappings) between the authorisation attributes of the domains
  14. 14. FEDERATION OF SERVICES: ACCESS CONTROL 1. Attribute Standardisation Common definition of authorisation attributes and semantics for all domains Advantages • easy access control between domains Drawbacks • tight coupling between domains • Waiver of internal access control models CARI'2020, FEDERATION AND PROMOTION OF SERVICES 14 2. Attribute Mapping define correspondences between the authorisation attributes of the domains Advantages • preserves the autonomy of the domains • loose coupling between domains • preserves the existing access control mechanisms Drawbacks • Disclosure of internal security informations Interoperability of access control models and attributes
  15. 15. FEDERATION OF SERVICES: ACCESS CONTROL CARI'2020, FEDERATION AND PROMOTION OF SERVICES 15  Global Access Control Mediator (GACM): interoperability mediator  GACM defines global authorisation attributes of the federation called the federated attributes (AF).  Federated attributes ensure interoperability between domains for access control We had proposed an attribute mapping method in [BAH et al., 2019] [Bah et al., 2019] Abdramane BAH, Pascal André, Christian Attiogbé, and Jacqueline Konaté. Federation of Services from Autonomous Domains with Heterogeneous Access Control Models. In 18th International Information Security for South Africa Conference, Interoperability of access control models and attributes
  16. 16. PROMOTION OF SERVICES 1. The principles 2. Formalisation
  17. 17. PROMOTION OF SERVICES : THE PRINCIPLES CARI'2020, FEDERATION AND PROMOTION OF SERVICES 17 Promotion of services our service federation approach  it consist to redefine the access control requirements (ACR) of the services with the federated attributes without modifying the access modalities of their existing consumers  Each shared service is both in the service registry for its domain and in the federated registry  Shared services have two contracts: local and federated
  18. 18. PROMOTION OF SERVICES : THE PRINCIPLES Promoting a service si of a domain di in the federation F we create a new service contract called federated service contract from the local service contract of si . CARI'2020, FEDERATION AND PROMOTION OF SERVICES 18
  19. 19. PROMOTION OF SERVICES : THE PRINCIPLES Promoting a service si of a domain di in the federation F we create a federated service contract for si from its local service contract CARI'2020, FEDERATION AND PROMOTION OF SERVICES 19 1. The local access control requirements (ACR) are redefined with the federated attributes (AF) to create the federated ACR. 2. This redefinition of service ACR is based on the mappings between the authorisation attributes (AT) of the domain di and the federated attributes (AF) 3. The Interface and the Endpoint of the service si are identical in both contracts
  20. 20. PROMOTION OF SERVICES : THE PRINCIPLES Promoting a service si of a domain di in the federation F : the process Preliminary. We have a mapping function m: ATi → AFj Steps: 1. Copy the service contract from the service registry of di 2. Isolate the local access control requirements (ACR) R[ATi] 3. Transform R[ATi] to federated ACR R[AFj] by applying m on R[ATi] 4. Create a new federated service contract with the federated ACR R[AFj] CARI'2020, FEDERATION AND PROMOTION OF SERVICES 20
  21. 21. PROMOTION OF SERVICES : FORMALISATION Promoting a service si of a domain di in the federation F CARI'2020, FEDERATION AND PROMOTION OF SERVICES 21 I : Interface of the service PR[ATi] : Security Policy of the service Edp : Endpoint of the service • R[ATi] : Access control requirements expressed with the autorisation attributes Ui : set of users Si : set of services Ri : service registry SPi : Security policy of di SSi : security services of di Uf : union of domain users Sf : set of services Rf : service registry of F SPf : security policy of F SSf : security services of F Initially Sf and Rf are empty
  22. 22. PROMOTION OF SERVICES : FORMALISATION The following rule formally defines the promotion of domain services in the federation • the rules are expressed with using operational semantics CARI'2020, FEDERATION AND PROMOTION OF SERVICES 22 Service promotion rule
  23. 23. PROMOTION OF SERVICES : FORMALISATION  Semantics of intra-domain services calls When a service s1 of a domain di calls another service s2 of di on behalf of the user u of di (CallAttempt (s1, u, s2)), then the security token (tk) associated to u by the security service ss of di is used to call s2. (SecureCall(s1, tk, Edp)). the symbols has the meaning results in. CARI'2020, FEDERATION AND PROMOTION OF SERVICES 23
  24. 24. PROMOTION OF SERVICES : FORMALISATION  Semantics of inter-domain services calls When a service si of a domain di calls on behalf of user u of di , a service sj of another dj of the federation F CARI'2020, FEDERATION AND PROMOTION OF SERVICES 24
  25. 25. PROMOTION OF SERVICES : FORMALISATION  Semantics of inter-domain services calls When the service sj of domain dj is a federated service CARI'2020, FEDERATION AND PROMOTION OF SERVICES 25
  26. 26. IMPLEMENTATION
  27. 27. PROMOTION OF SERVICES : IMPLEMENTATION We implement the service promotion mechanism with three software modules in Java using the Java API for XML Processing (JAXP). We implement domain services with web service technologies WSDL, SOAP Security policy and ACR of services with WS-SecurityPolicy standard CARI'2020, FEDERATION AND PROMOTION OF SERVICES 27
  28. 28. PROMOTION OF SERVICES : IMPLEMENTATIONService promotion involves a local domain and a federation  The module extract-mod extracts the WSDL contract (localContract) of the service to be promoted  The module promotion-mod receives (localContract) and produces promoted service contract (promotedContract)  The module publish-mod receives (promotedContract) and publishes it as a federated service. The federated service has additional informationCARI'2020, FEDERATION AND PROMOTION OF SERVICES 28
  29. 29. PROMOTION OF SERVICES : IMPLEMENTATION The promotion-mod includes three sub-modules : 1. authzParser-mod: the access control requirements parser; 2. authzMapping-mod: the access control requirements mapping module 3. contractCreator-mod: the promoted service contract construction module CARI'2020, FEDERATION AND PROMOTION OF SERVICES 29 LAR: the list of local access control requirements (ACR) specified with the domain-specific authorisation attributes FAR: list of ACR specified with the authorisation attributes of the federation FAR is LAR list converted using mapping database (mapping-db)
  30. 30. APPLICATION
  31. 31. PROMOTION OF SERVICES : APPLICATION We illustrate the service promotion with a web service named HelloService provided by a domain IUG  The access control requirements are claim requirements as defined by WS-Trust specification.  HelloService requires a security token which must contain certain authorization attributes of the service user: role and locality  HelloService must be shared in the federation ICV IUG has defined mappings between its authorization attributes and those of theCARI'2020, FEDERATION AND PROMOTION OF SERVICES 31
  32. 32. PROMOTION OF SERVICES : APPLICATION Federated Attributes of ICV: domain-address, subject-function, subject- activitystatus CARI'2020, FEDERATION AND PROMOTION OF SERVICES 32 IUG’s Autorisation Atttributes: Role, locality, status IUG’s Mapping-DB Role  subject- function Locality  domain- address Mapping- db Promoti on module HelloService (localContract) HelloService (promotedContract) Access control requirements redefined
  33. 33. CONCLUSION 1. Results 2. Future work
  34. 34. CONCLUSION We have proposed the promotion of services Serice promotion allow to create new applications by composing services across security domains. We have implemented the promotion of services in JAVA as a proof of concept. Our experimentations confirm that service promotion breaks security barriers to service interoperability  Secure access to services is formalized using operational semantics rules. Future work CARI'2020, FEDERATION AND PROMOTION OF SERVICES 34

Editor's Notes

  • 1, each domain control access to its services
    2, each domain has its own SOA
    3, each domain has its own service registry
  • Federated attributes ensure interoperability between domains for access control
    Each domain defines mapping between their authorization attributes and federated attributes
    The ACR of the shared services of the domains must be redefined by federated attributes.
    Hence the promotion of services
  • All shared services of the domains are centralised in the federated registry

    ACR of Local contract are expressed with local autorisation attributes of domains

    ACR of federated contract are expressed with federated attributes

    federated attributes are autorisation attribute common to all domains

  • ×