A Survey of Security Concepts for Common Operating Environments (original) (raw)

Abstract

As newer software engineering technologies, such as Service-Oriented Architecture (SOA), become the basis for mission-critical systems, they must include security as a foundational capability. This paper highlights security concepts relevant to using SOA as a foundation for a Common Operating Environment (COE), i.e., a set of infrastructure and common services for developing and executing applications across multiple platforms. We present and motivate security needs, tradeoffs, and solutions in the various layers of a SOA-based COE, including 1) the network, 2) computational platforms, and 3) the common software infrastructure consisting of a SOA stack, common services, and applications. We also discuss cross cutting aspects of security such as survivability, transparency, flexibility, specificity, reuse, and assurance. We then explore security standards and requirements for missioncritical systems developed on top of a SOA-based COE and security technologies that are candidates for satisfying the requirements. The paper closes with a set of recommendations and steps forward for both research into and implementation of security in a SOA-based COE.

Figures (4)

Loading...

Loading Preview

Sorry, preview is currently unavailable. You can download the paper by clicking the button above.

References (29)

  1. Michael Atighetchi, Partha Pal, Andrew Gronosky. "Understanding the Vulnerabilities of a SOA Platform -A Case Study," The 9th IEEE International Symposium on Network Computing and Applications (IEEE NCA10), 2010, Cambridge, MA.
  2. David Bell, Leonard La Padula, "Secure Computer Systems: Mathematical Foundations," MITRE Corporation, March 1, 1973. http://www.albany.edu/acc/courses/ia/classics/belllap adula1.pdf.
  3. Biba, K. J. "Integrity Considerations for Secure Computer Systems", MTR-3153, The Mitre Corpora- tion, April 1977.
  4. The Common Criteria Portal. http://www.commoncriteriaportal.org/
  5. CUBIX, "LaserSystem-SABER (formerly known as DODIIS Trusted Workstation)," Retrieved from http://www.cubix.com/content/lasersystem-saber- formerly-known-dodiis-trusted-workstation on Janu- ary 6, 2011.
  6. Department of Defense Instruction, Number 8500.2, "Information Assurance (IA) Implementation," Feb- ruary 6, 2003. http://www.dtic.mil/whs/directives/corres/pdf/850002 p.pdf.
  7. Director of Central Intelligence. "Protecting Sensitive Compartmented Information Within Information Sys- tems." Directive 6/3. Washington: DCID, June 5, 1999.
  8. Rob Dobry, "High Assurance Platform Challenges," 3rd Annual Layered Assurance Workshop (LAW 2009), August 4-5, 2009, San Antonio, Texas.
  9. DoD Information Assurance Certification and Accre- ditation Process (DIACAP), Department of Defense Instruction Number 8510.01, November 28, 2007.
  10. Glenn Faden, "Comparing the Multilevel Security Policies of the Solaris Trusted Extensions and Red Hat Enterprise Linux Systems," Oracle BigAdmin System Administration Portal, February 2007. http://www.sun.com/bigadmin/features/hub\_articles/ mls_trusted_exts.jsp.
  11. General Dynamics, "High Assurance Platform Workstation," Retrieved from http://www.gdc4s.com/documents/D-HAPWS- 60207_p1.pdf on January 6, 2011.
  12. C. Hanson, "SELinux and MLS: Putting the Pieces Together," Security Enhanced Linux Symposium, February 28-March 2, 2006, Baltimore, Maryland.
  13. Hewlett-Packard, "HP NetTop," Retrieved from http://h71028.www7.hp.com/enterprise/cache/48852- 0-0-225-121.html on January 6, 2011.
  14. B. Hicks, S. Rueda, L. St.Clair, T. Jaeger, P. McDa- niel, "A Logical Specification and Analysis for SE- Linux MLS Policy," ACM Transactions on Informa- tion and System Security (TISSEC), Volume 13, Issue 3, July 2010.
  15. R. Meushaw, D. Simard, "NetTop, Commercial Technology in High Assurance Applications," Tech Trend Notes, Volume 9, Edition 4, Fall 2000. http://www.vmware.com/pdf/TechTrendNotes.pdf.
  16. OASIS, Security Assertion Markup Language (SAML) 2.0, March 2005. http://saml.xml.org/saml- specifications
  17. OASIS, WS-Security 1.1, http://www.oasis- open.org/specs/#wssv1.1.
  18. OASIS, WS-SecurityPolicy 1.2, July 1, 2007. http://docs.oasis-open.org/ws-sx/ws- securitypolicy/200702/ws-securitypolicy-1.2-spec- os.pdf
  19. OASIS, WS-Trust 1.3, March 19, 2007. http://docs.oasis-open.org/ws-sx/ws-trust/200512/ws- trust-1.3-os.pdf
  20. OASIS, eXtensible Access Control Markup Lan- guage (XACML) Version 2.0, February 1, 2005. http://docs.oasis-open.org/xacml/2.0/access\_control- xacml-2.0-core-spec-os.pdf.
  21. Partha Pal, Michael Atighetchi, Joseph Loyall, Charles Payne, Robert Hillman, "Advanced Protected Services -A Concept Paper on Survivable Service- Oriented Systems," 1st IEEE International Workshop on Object/component/service-oriented Real-time Networked Ultra-dependable Systems, May 7, 2010, Carmona, Spain.
  22. Partha Pal, Rick Schantz, and Joseph Loyall, "Mid- dleware for Runtime Assessment of Information As- surance," The ACM/IFIP/USENIX 11th International Middleware Conference (Middleware 2010), Nov 29- December 3, 2010, Bangalore, India.
  23. Partha Pal, Franklin Webber, Richard Schantz, "The DPASA Survivable JBI-A High-Water Mark in In- trusion-Tolerant Systems," EuroSys Workshop on Recent Advances in Intrusion-Tolerant Systems, March 23, 2007, Lisbon, Portugal.
  24. Stephen Quinn, David Waltermire, Christopher John- son, Karen Scarfone, John Banghart, "The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.1," NIST Special Publication 800-126, May 2010.
  25. Rick Smith, "Authentication, Crypto, Information Security, and Life with Gadgets," Cryptosmith, July 7, 2007, www.cryptosmith.com/archives/36.
  26. G. Stoneburner, C. Hayden, A. Feringa, "Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A,". National Institute of Standards and Technology, June 2004.
  27. Sun Microsystems, "DTW -DODIIS Trusted Workstation, Intelligence Paradigm for the 21 st Cen- tury," Retrieved from http://www.sun- rays.org/lib/hardware/sunray/ds/go_DTW_cc.pdf on January 6, 2011.
  28. Trusted Computer Solutions, "SecureOffice Trusted Workstation on Linux," Retrieved from http://www.trustedcs.com/products/TrustedWorkstati onLinux.html on January 6, 2011.
  29. Robert Walker, "Common Operating Environment (COE) and Global Information Grid (GIG) Enterprise Services (GES)," Biometric Consortium Conference, September 22 -24, 2003, Arlington, VA.