SlideShare a Scribd company logo

Synthesis of Secure Adaptors

José Antonio Martín Baena
José Antonio Martín Baena

These are the slides of a talk I gave at SRI International about one of my journal papers (http://bit.ly/JLAP12). The idea is to automatically synthesise orchestrators between stateful services that might be incompatible in signature, behavior and security protocols while avoiding deadlocks, livelocks and secrecy attacks

TechnologyBusiness
1 of 38
Download to read offline
Synthesis of secure adaptors for stateful services J. Antonio Martín and Ernesto Pimentel University of Málaga SRI International, 2012 Paper: http://bit.ly/JLAP12
Motivation ● We deal with stateful services, i.e., services with behaviour ● Web Services have security policies ○ WS-Security, WS-SecureConversation, WS-Policy, ... ● Incompatible services send and receive incompatible cryptographic messages ● We want to deal with incompatible policies and incompatible behaviour (which arises deadlocks and livelocks between these stateful services) client
Example: Stateful services Service a Service b Encoded in Crypto-CCS
Solution: adaptation ● Deploy an adaptor in the middle of the communication which adapts incompatibilities in signature, behaviour and security ● Behavioural adaptation is based on receiving, rearrange and forward messages at the appropriate time ● Security adaptation extends behavioural adaptation with symmetric and asymmetric cryptography and digests through hashing Get flickr API key client adaptor Request Frob Handle Token...
Example: Adaptor Adaptor Service a Service b
Example: Adaptor Adaptor Service a Service b
Solution: adaptation contracts ● An adaptor is abstractly specified by a security adaptation contract (SAC) ● The synthesis process takes a contract and returns a deadlock/livelock-free adaptor ● Secrecy properties are verified over the system and, if needed, the adaptor is automatically refined to preserve them client adaptor synthesis process contract
Overview
Overview
Example: Incompatible services Service a Service b
Overview
Example: Incompatible services Service a Service b
Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa?
Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? I have the user U and pass K
Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? Goal: pass info M I have the user from b to a U and pass K
Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? Goal: pass info M I have the user from b to a U and pass K Privacy req.: M should not be disclosed
Adaptation contract Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < ... E0 VLTS
Adaptation contract Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < ... E0 VLTS
Adaptation contract, E0 Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < login!U^,E(K^,U^) < des!E(K^, M^) < send?M ... E0 = [k/K, u/U,...] VLTS
Adaptation contract, VLTS Service a Service b Sec. Adaptation Contract 1. anonymous!M^ < send?M 2. public_key! < 3. login!U^,E(K^,U^) < 4. des!E(K^, M^) < send?M ... E0 = [k/K, u/U,...] VLTS }
Overview
Interactions compliant with SAC Service a Service b Adaptor Sec. Adaptation Contract 1. anonymous!M^ < send?M 2. public_key! < 3. login!U^,E(K^,U^) <
Deadlock free synthesis Adaptor Service a Service b SAC
Deadlock free synthesis Adaptor Service a Service b SAC
Deadlock free synthesis Adaptor Service a Service b SAC
Overview
Secrecy property Service a Service b ● What do you want to protect? ● Which channels are subject to attack? ○ Restricted Dolev-Yao model ● Which information is public?
Secrecy property Service a Service b Le - Actions not eavesdroppable by the attacker La - Actions not accessible nor eavesdroppable by the attacker p - Secrecy attack to avoid
Secrecy property Service a Service b In our toy example: La, Le: the attacker can only adaptor avesdrop actions of service a p: The attacker should not learn M In other words, passive attacker and the adaptor acts as a wrapper around service b
Partial model checking Service a Service b (thanks to partial model-checking)
Verification Adaptor Service a Service b Attack
Refinement Adaptor Service a Service b
Secure security adaptor Adaptor Service a Service b SAC
Contribution ● Adaptation of services with complex behaviors and security policies in such a way that: ○ We avoid undesirable situations as deadlocks and livelocks ○ The adaptor is able to decompose and recompose messages according to the interfaces and security policies of the services involved ○ It is formally proved that the given secrecy attack is avoided ● The adaptation is specified by an abstract security adaptation contract which expresses: ○ The initial information required for the adaptation ○ The transformations required to proceed with a successful communication ○ The security checks to perform throughout the communication
Thank you! Paper: http://bit.ly/JLAP12 -- Thesis: http://bit.ly/jamartin-thesis
WS-Security <?xml version="1.0" encoding="utf-8"?> <S11:Envelope><S11:Header> <wsse:Security> ● T, I, S, V, K, L and B <wsu:Timestamp wsu:Id="T0">...</wsu:Timestamp> <wsse:BinarySecurityToken ValueType="...#X509v3" are placeholders used wsu:Id="X509Token">... </wsse:BinarySecurityToken> <xenc:EncryptedKey>... for matching data in the <xenc:ReferenceList> <xenc:DataReference URI="#enc1"/> messages received </xenc:ReferenceList> </xenc:EncryptedKey> and sent from the <ds:Signature><ds:SignedInfo>... <ds:Reference URI="#T0">... T, adaptor <ds:DigestValue>LyLsF094Pi4wP...</ds: DigestValue> </ds:Reference> I, <ds:Reference URI="#body">... <ds:DigestValue>LyLsF094i4wPU...</ds: Pk(S), DigestValue> </ds:Reference> </ds:SignedInfo> penc(V, <ds:SignatureValue>Hp1ZkmFZ/2kQ...</ds: SignatureValue> Hash(cat(I,Pk(S)))), <ds:KeyInfo> <wsse:SecurityTokenReference> enc(K,L), <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> Hash(T), </ds:KeyInfo> </ds:Signature> </wsse:Security> Hash(B), </S11:Header> <S11:Body wsu:Id="body"> penc(S,cat(Hash(T),Hash(B)), <xenc:EncryptedData wsu:Id="enc1">...</xenc:EncryptedData>... </S11:Body></S11:Envelope> enc(L,B)
WS-Security <?xml version="1.0" encoding="utf-8"?> <S11:Envelope><S11:Header> <wsse:Security> ● T, I, S, V, K, L and B <wsu:Timestamp wsu:Id="T0">...</wsu:Timestamp> <wsse:BinarySecurityToken ValueType="...#X509v3" are placeholders used wsu:Id="X509Token">... </wsse:BinarySecurityToken> <xenc:EncryptedKey>... for matching data in the <xenc:ReferenceList> <xenc:DataReference URI="#enc1"/> messages received </xenc:ReferenceList> </xenc:EncryptedKey> and sent from the <ds:Signature><ds:SignedInfo>... <ds:Reference URI="#T0">... T, adaptor <ds:DigestValue>LyLsF094Pi4wP...</ds: DigestValue> </ds:Reference> I, <ds:Reference URI="#body">... <ds:DigestValue>LyLsF094i4wPU...</ds: Pk(S), DigestValue> </ds:Reference> </ds:SignedInfo> penc(V, <ds:SignatureValue>Hp1ZkmFZ/2kQ...</ds: SignatureValue> Hash(cat(I,Pk(S)))), <ds:KeyInfo> <wsse:SecurityTokenReference> enc(K,L), <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> Hash(T), </ds:KeyInfo> </ds:Signature> </wsse:Security> Hash(B), </S11:Header> <S11:Body wsu:Id="body"> penc(S,cat(Hash(T),Hash(B)), <xenc:EncryptedData wsu:Id="enc1">...</xenc:EncryptedData>... </S11:Body></S11:Envelope> enc(L,B)
Applications

Recommended

Petrodolares
PetrodolaresPetrodolares
PetrodolaresSalvador Mata Sosa
 
De verrader van de Oude wilg(1)
De verrader van de Oude wilg(1)De verrader van de Oude wilg(1)
De verrader van de Oude wilg(1)steffke1
 
Trabajos de gimp
Trabajos de gimpTrabajos de gimp
Trabajos de gimptlozsky
 
Gregor mendel
Gregor mendelGregor mendel
Gregor mendelAndrés Huserman
 
Gaza amb humor
Gaza amb humorGaza amb humor
Gaza amb humortonidal
 
C O N C U R S O D E C O C H E S
C O N C U R S O D E C O C H E SC O N C U R S O D E C O C H E S
C O N C U R S O D E C O C H E SJorge Llosa
 
Tem Dias Que A Gente Acorda Assim...
Tem Dias Que A Gente Acorda Assim...Tem Dias Que A Gente Acorda Assim...
Tem Dias Que A Gente Acorda Assim...paula brieze
 
Diapositiva de cindy
Diapositiva de cindyDiapositiva de cindy
Diapositiva de cindycarlosipanaque20
 

Recommended

Petrodolares
PetrodolaresPetrodolares
PetrodolaresSalvador Mata Sosa
 
De verrader van de Oude wilg(1)
De verrader van de Oude wilg(1)De verrader van de Oude wilg(1)
De verrader van de Oude wilg(1)steffke1
 
Trabajos de gimp
Trabajos de gimpTrabajos de gimp
Trabajos de gimptlozsky
 
Gregor mendel
Gregor mendelGregor mendel
Gregor mendelAndrés Huserman
 
Gaza amb humor
Gaza amb humorGaza amb humor
Gaza amb humortonidal
 
C O N C U R S O D E C O C H E S
C O N C U R S O D E C O C H E SC O N C U R S O D E C O C H E S
C O N C U R S O D E C O C H E SJorge Llosa
 
Tem Dias Que A Gente Acorda Assim...
Tem Dias Que A Gente Acorda Assim...Tem Dias Que A Gente Acorda Assim...
Tem Dias Que A Gente Acorda Assim...paula brieze
 
Diapositiva de cindy
Diapositiva de cindyDiapositiva de cindy
Diapositiva de cindycarlosipanaque20
 
Windows Azure - Windows In The Cloud
Windows Azure - Windows In The CloudWindows Azure - Windows In The Cloud
Windows Azure - Windows In The CloudJohan Lindfors
 
Api observability
Api observability Api observability
Api observability Luca Mattia Ferrari
 
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00Paul G. Huppertz
 
Service Mesh in Practice
Service Mesh in PracticeService Mesh in Practice
Service Mesh in PracticeBallerina
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service MeshGeorgios Andrianakis
 
AWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App MeshAWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App MeshAmazon Web Services
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

More Related Content

Similar to Synthesis of Secure Adaptors

Windows Azure - Windows In The Cloud
Windows Azure - Windows In The CloudWindows Azure - Windows In The Cloud
Windows Azure - Windows In The CloudJohan Lindfors
 
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00Paul G. Huppertz
 
Service Mesh in Practice
Service Mesh in PracticeService Mesh in Practice
Service Mesh in PracticeBallerina
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service MeshGeorgios Andrianakis
 
AWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App MeshAWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App MeshAmazon Web Services
 

Similar to Synthesis of Secure Adaptors (6)

Windows Azure - Windows In The Cloud
Windows Azure - Windows In The CloudWindows Azure - Windows In The Cloud
Windows Azure - Windows In The Cloud
 
Api observability
Api observability Api observability
Api observability
 
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
Servicialisation - Service Specifying: Example E-mailing Service V01.05.00
 
Service Mesh in Practice
Service Mesh in PracticeService Mesh in Practice
Service Mesh in Practice
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
 
AWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App MeshAWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
AWS Dev Lounge: Taking Control of Your Microservices with AWS App Mesh
 

Recently uploaded

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Recently uploaded (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Synthesis of Secure Adaptors

  • 1. Synthesis of secure adaptors for stateful services J. Antonio Martín and Ernesto Pimentel University of Málaga SRI International, 2012 Paper: http://bit.ly/JLAP12
  • 2. Motivation ● We deal with stateful services, i.e., services with behaviour ● Web Services have security policies ○ WS-Security, WS-SecureConversation, WS-Policy, ... ● Incompatible services send and receive incompatible cryptographic messages ● We want to deal with incompatible policies and incompatible behaviour (which arises deadlocks and livelocks between these stateful services) client
  • 3. Example: Stateful services Service a Service b Encoded in Crypto-CCS
  • 4. Solution: adaptation ● Deploy an adaptor in the middle of the communication which adapts incompatibilities in signature, behaviour and security ● Behavioural adaptation is based on receiving, rearrange and forward messages at the appropriate time ● Security adaptation extends behavioural adaptation with symmetric and asymmetric cryptography and digests through hashing Get flickr API key client adaptor Request Frob Handle Token...
  • 5. Example: Adaptor Adaptor Service a Service b
  • 6. Example: Adaptor Adaptor Service a Service b
  • 7. Solution: adaptation contracts ● An adaptor is abstractly specified by a security adaptation contract (SAC) ● The synthesis process takes a contract and returns a deadlock/livelock-free adaptor ● Secrecy properties are verified over the system and, if needed, the adaptor is automatically refined to preserve them client adaptor synthesis process contract
  • 10. Example: Incompatible services Service a Service b
  • 12. Example: Incompatible services Service a Service b
  • 13. Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa?
  • 14. Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? I have the user U and pass K
  • 15. Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? Goal: pass info M I have the user from b to a U and pass K
  • 16. Example: Incompatible services Service a Service b HOW: send! could match with either anonymous?, des?, pub_rsa? or priv_rsa? Goal: pass info M I have the user from b to a U and pass K Privacy req.: M should not be disclosed
  • 17. Adaptation contract Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < ... E0 VLTS
  • 18. Adaptation contract Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < ... E0 VLTS
  • 19. Adaptation contract, E0 Service a Service b Sec. Adaptation Contract anonymous!M^ < send?M public_key! < login!U^,E(K^,U^) < des!E(K^, M^) < send?M ... E0 = [k/K, u/U,...] VLTS
  • 20. Adaptation contract, VLTS Service a Service b Sec. Adaptation Contract 1. anonymous!M^ < send?M 2. public_key! < 3. login!U^,E(K^,U^) < 4. des!E(K^, M^) < send?M ... E0 = [k/K, u/U,...] VLTS }
  • 22. Interactions compliant with SAC Service a Service b Adaptor Sec. Adaptation Contract 1. anonymous!M^ < send?M 2. public_key! < 3. login!U^,E(K^,U^) <
  • 23. Deadlock free synthesis Adaptor Service a Service b SAC
  • 24. Deadlock free synthesis Adaptor Service a Service b SAC
  • 25. Deadlock free synthesis Adaptor Service a Service b SAC
  • 27. Secrecy property Service a Service b ● What do you want to protect? ● Which channels are subject to attack? ○ Restricted Dolev-Yao model ● Which information is public?
  • 28. Secrecy property Service a Service b Le - Actions not eavesdroppable by the attacker La - Actions not accessible nor eavesdroppable by the attacker p - Secrecy attack to avoid
  • 29. Secrecy property Service a Service b In our toy example: La, Le: the attacker can only adaptor avesdrop actions of service a p: The attacker should not learn M In other words, passive attacker and the adaptor acts as a wrapper around service b
  • 30. Partial model checking Service a Service b (thanks to partial model-checking)
  • 31. Verification Adaptor Service a Service b Attack
  • 32. Refinement Adaptor Service a Service b
  • 33. Secure security adaptor Adaptor Service a Service b SAC
  • 34. Contribution ● Adaptation of services with complex behaviors and security policies in such a way that: ○ We avoid undesirable situations as deadlocks and livelocks ○ The adaptor is able to decompose and recompose messages according to the interfaces and security policies of the services involved ○ It is formally proved that the given secrecy attack is avoided ● The adaptation is specified by an abstract security adaptation contract which expresses: ○ The initial information required for the adaptation ○ The transformations required to proceed with a successful communication ○ The security checks to perform throughout the communication
  • 35. Thank you! Paper: http://bit.ly/JLAP12 -- Thesis: http://bit.ly/jamartin-thesis
  • 36. WS-Security <?xml version="1.0" encoding="utf-8"?> <S11:Envelope><S11:Header> <wsse:Security> ● T, I, S, V, K, L and B <wsu:Timestamp wsu:Id="T0">...</wsu:Timestamp> <wsse:BinarySecurityToken ValueType="...#X509v3" are placeholders used wsu:Id="X509Token">... </wsse:BinarySecurityToken> <xenc:EncryptedKey>... for matching data in the <xenc:ReferenceList> <xenc:DataReference URI="#enc1"/> messages received </xenc:ReferenceList> </xenc:EncryptedKey> and sent from the <ds:Signature><ds:SignedInfo>... <ds:Reference URI="#T0">... T, adaptor <ds:DigestValue>LyLsF094Pi4wP...</ds: DigestValue> </ds:Reference> I, <ds:Reference URI="#body">... <ds:DigestValue>LyLsF094i4wPU...</ds: Pk(S), DigestValue> </ds:Reference> </ds:SignedInfo> penc(V, <ds:SignatureValue>Hp1ZkmFZ/2kQ...</ds: SignatureValue> Hash(cat(I,Pk(S)))), <ds:KeyInfo> <wsse:SecurityTokenReference> enc(K,L), <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> Hash(T), </ds:KeyInfo> </ds:Signature> </wsse:Security> Hash(B), </S11:Header> <S11:Body wsu:Id="body"> penc(S,cat(Hash(T),Hash(B)), <xenc:EncryptedData wsu:Id="enc1">...</xenc:EncryptedData>... </S11:Body></S11:Envelope> enc(L,B)
  • 37. WS-Security <?xml version="1.0" encoding="utf-8"?> <S11:Envelope><S11:Header> <wsse:Security> ● T, I, S, V, K, L and B <wsu:Timestamp wsu:Id="T0">...</wsu:Timestamp> <wsse:BinarySecurityToken ValueType="...#X509v3" are placeholders used wsu:Id="X509Token">... </wsse:BinarySecurityToken> <xenc:EncryptedKey>... for matching data in the <xenc:ReferenceList> <xenc:DataReference URI="#enc1"/> messages received </xenc:ReferenceList> </xenc:EncryptedKey> and sent from the <ds:Signature><ds:SignedInfo>... <ds:Reference URI="#T0">... T, adaptor <ds:DigestValue>LyLsF094Pi4wP...</ds: DigestValue> </ds:Reference> I, <ds:Reference URI="#body">... <ds:DigestValue>LyLsF094i4wPU...</ds: Pk(S), DigestValue> </ds:Reference> </ds:SignedInfo> penc(V, <ds:SignatureValue>Hp1ZkmFZ/2kQ...</ds: SignatureValue> Hash(cat(I,Pk(S)))), <ds:KeyInfo> <wsse:SecurityTokenReference> enc(K,L), <wsse:Reference URI="#X509Token"/> </wsse:SecurityTokenReference> Hash(T), </ds:KeyInfo> </ds:Signature> </wsse:Security> Hash(B), </S11:Header> <S11:Body wsu:Id="body"> penc(S,cat(Hash(T),Hash(B)), <xenc:EncryptedData wsu:Id="enc1">...</xenc:EncryptedData>... </S11:Body></S11:Envelope> enc(L,B)