Abstract
The pervasiveness of Web services increases the necessity for consumers to access and use them in a secure way. Besides secure communications, consumer security also involves providing strong guarantees that a requested security policy is satisfied. Needless to say, remote services are adverse to most techniques of analysis and control that usually require direct access to either the implementation or the execution. In this chapter, the authors classify service execution paradigms and provide a characterization of the security threats that may affect a Web service infrastructure depending on the elements composing it. In particular, the authors provide a discussion of the threat models for several different Web service paradigms involving service consumers, providers, and platforms, and illustrate how and when contract-based security approaches and its variants can be applied for mitigating risks in service integrations in the identified paradigms.
TopBackground
Several techniques have been proposed to tackle specific security aspects. These approaches may be combined in security frameworks or used to guarantee the reliability of third-party provided resources. In our context, resources are the service code, the service contract, and the consumer policy.
We assume that each consumer specifies its security requirements, herein referred to as policies. A policy is a security requirement that a consumer wants to apply to a service execution. In general, consumers want to be sure that their policies will be respected during service execution. A violation happens when a service S behaves in a way that is not allowed by the policies. Thus, a threat corresponds to the possibility that a service violates a policy. Usually, consumers have more than one policy to be satisfied by a service.
Generally, service providers release interface information about the provided service, called the service contract. A service contract is a formal description of the service behavior. Contracts typically describe the service in terms of interaction protocol (e.g., input and output channels, message syntax, parameter types, and encryption algorithms) and service computation (e.g., message semantics, service state transitions, and resource usage).
Key Terms in this Chapter
Policy: A policy is a security requirement that a consumer wants to apply to a service execution.
Secure Web Service: A Web service whose behavior does not violate the security policy.
Security-by-Contract-with-Trust: A security methodology that substitutes the evidence checking functionality of security-by-contract with a trust management mechanism, and thus removes the assumption that verification may be performed and relies on how much a user trusts the correctness of the published contract.
Contract-Based Security: A security framework that combines static analysis based on the information provided by the contract and run-time enforcement mechanisms in accordance with the policy in order to guarantee that a system is secure.
Service Contract: A service contract is a formal description of the service behavior. Contracts typically describe the service in terms of interaction protocols such as input and output channels, message syntax, parameter types, encryption algorithms, etc.; and service computation such as message semantics, service state transitions, and resources usage.
Security-by-Contract: A security methodology that implements automatic checking of the formal correspondence between the code and the contract, i.e., provide evidence checking.