An Analysis of Trust Requirements and Design Choices

An Analysis of Trust Requirements and Design Choices for Trust Management in Web Services Based Service Oriented Architectures Bienvenida Pagdanganan Supervisor: Prof Vijay Varadharajan 3/19/2018 Bienvenida Pagdanganan 1

Main Problem With Web Services: • • Who the requestors are Who the providers are What credential is being requested What specific services are being requested • Who is trustable • Who is not • How are they trusted 3/19/2018 Bienvenida Pagdanganan 2

Main Problem BPAY Scenario: Alice pays electricity bill through BPAY Alice logs in to her Internet Banking system using Username AND Password Alice enters her electricity account number and other identity information Alice’s bank and electricity provider has some agreement that facilitates the service Alice trusts that the service has been completed in her behalf by the bank 3/19/2018 Bienvenida Pagdanganan 3

Main Problem Authentication in Web services: • Mechanism by which clients and service providers prove to one another that they are acting on behalf of specific users or systems • Client usually presents identifier • Service provider verifies client’s claimed identity Authorization • Allow only authenticated service identities to access resources, such as hosts, files, Web pages, components, and database entries, to name a few 3/19/2018 Bienvenida Pagdanganan 4

Aim To address the trust requirements needed to use or provide a Web service through studies about trust model and language trust policy language trust management systems federation and trust in relation to trust management 3/19/2018 Bienvenida Pagdanganan 5

Significant Achievements This study provides the following: • A framework for a hybrid trust model incorporating hard trust and soft trust, and the attributes in hard trust and soft trust • A methodology by example for evaluating reputation-based soft trust attribute • A methodology by example for incorporating soft trust attributes in a service policy • A federation and trust scenario in Web services incorporating soft trust body, Reputation Authority, and soft trust attributes 3/19/2018 Bienvenida Pagdanganan 6

Roadmap to achievements: Project Scope Studies on n n Web Services Trust Model Trust Policy for Web Services Trust Management in Web Services Based SOA Federation and Trust in Web Services 3/19/2018 Bienvenida Pagdanganan 7

What is. . Web service n n self- contained software module available via a network, such as the Internet completes tasks, solves problems, or conducts transactions service on behalf of a user or application Service Oriented Architecture n n n a logical way of designing a software system provide services either to end-user applications or to other services distributed in a network use published and discoverable interfaces 3/19/2018 Bienvenida Pagdanganan 8

Roadmap – Web Services Trust Model Studies on n n Hoffman, Lawson-Jenkins et al. 2006 Lin and Varadharajan 2007 Web Services Security Plan and Roadmap (2002) WS-Trust 3/19/2018 Bienvenida Pagdanganan 9

Roadmap – Web Services Trust Model Hoffman, Lawson-Jenkins et al. 2006 n n n Develop improved trust model and related metrics for distributed computer-based systems Incorporate security, privacy, safety, usability, reliability, and availability factors into trust vector Incorporate factors such as verification techniques, user knowledge, user experience, and trust propagation in their model Define ‘expectation’ - experience with an application or service, and the reputation of the vendor providing the service or product (we discuss as soft trust attributes) Consider metrics (we discuss as trust attributes) 3/19/2018 Bienvenida Pagdanganan 10

Roadmap – Web Services Trust Model Lin and Varadharajan 2007 n n n Propose a hybrid trust model for enhancing security in distributed systems by combining hard and soft trust relationships and associated operations Consider soft trust decision making, based on behaviour and evidence and the specified thresholds for these opinion-based soft trust requirements Our paper similarly discusses hard and soft trust attributes and trust relationships, we consider Web services rather than mobile agent system 3/19/2018 Bienvenida Pagdanganan 11

Roadmap – Web Services Trust Model IBM and Microsoft 2002 - End to End Security n Web Service – require incoming message prove a set of claims (referred to as policy) n Requester – send messages with proof of required claims (security tokens) with the messages. n Messages demand specific action n Messages prove their sender has claim to demand the action n Requester can obtain claim through the Security Token Services (STS broker trust by issuing security tokens) 3/19/2018 Bienvenida Pagdanganan 12

Roadmap – Web Services Trust Model WS- Trust n n n TRUST – represented through exchange and brokering of security tokens Specifications to enable application to construct trusted SOAP message exchange Web Services trust specification for n n n Requesting and obtaining security tokens Managing trusts and establishing relationships Establishing and assessing trust relationships 3/19/2018 Bienvenida Pagdanganan 13

Roadmap – Web Services Trust Model WS- Trust : managing trusts and establishing and assessing trust relationships n Verify that claims in token are sufficient to comply with policy and that message conforms to policy n Verify that attributes of claimant are proven by signatures, claims are either proven or not based on policy n Verify that issuers of security tokens (including all related and issuing security token) are trusted to issue claims they have made 3/19/2018 Bienvenida Pagdanganan 14

Roadmap – Web Services Trust Model WS-Trust - Trust relationships can be: n Direct trust - relying party accepts as true all (or some subset of) the claims in token sent by the requestor Requester n Web service Brokered trust, a trust proxy (second party) – read policy information and request appropriate security tokens from an issuer of security tokens, thus vouching for a third party Security Token Service Requester 3/19/2018 Web service Bienvenida Pagdanganan 15

Roadmap – Trust Policy for Web Services Studies on n Vuong, Smith et al. 2001 Nagarajan, Varadharajan et al. 2007 WS-Policy 3/19/2018 Bienvenida Pagdanganan 16

Roadmap – Trust Policy for Web Services Vuong, Smith et al. 2001 n n Discuss practical concepts employed in enterprise environment for managing security policies Use e. Xtensible Markup Language (XML) Design specification for security policy use structured language model (XML), separate semantics API, and standardized policy schema model to represent and implement security policies. We consider their methodology in our study to develop a methodology by example for incorporating soft trust attributes in a service policy 3/19/2018 Bienvenida Pagdanganan 17

Roadmap – Trust Policy for Web Services Nagarajan, Varadharajan et al. 2007 n n n Propose a 3 -level granularity model with levels, high, mid and low properties for authorization credentials for trusted platform Present methodology for capturing requirements through compositions and Component Property Certificate We adapt their methodology as a way in establishing our work to develop a methodology by example for evaluating reputation-based soft trust attributes 3/19/2018 Bienvenida Pagdanganan 18

Roadmap – Trust Policy for Web Services WS-Policy • An XML Infoset called a policy expression that contains domain-specific, Web Service policy information • Core set of constructs to indicate how choices and/or combinations of domain specific policy assertions apply in Web services environment (01) (02) (03) (04) (05) (06) An example of a security policy 3/19/2018 Bienvenida Pagdanganan 19

Roadmap – Trust Management in Web Services Based SOA Studies on: n n n The Policy. Maker Trust Management System (Blaze, Feigenbaum et al. 1996) REFEREE: Trust Management for Web Applications (Chu, Feigenbaum et al. 1997) The Key. Note Trust Management System(Blaze, Feigenbaum et al. 1999) Then……. Our Approach Incorporating Hybrid Trust Attributes in Policy 3/19/2018 Bienvenida Pagdanganan 20

Roadmap – Trust Management in Web Services Based SOA The Policy. Maker Trust Management System (Blaze, Feigenbaum et al. 1996) n Interface that separates generic mechanisms from application-specific policy n Return simple yes/no answer or additional restrictions that would make the proposed action acceptable n Our interest is language structure n Way policy is written through queries of the form: key 1, key 2, . . . keyn Requests Action. String Source ASSERTS Authority. Struct WHERE Filter 3/19/2018 Bienvenida Pagdanganan 21

Roadmap – Trust Management in Web Services Based SOA REFEREE: Trust Management for Web Applications (Chu, Feigenbaum et al. 1997) n Rule-controlled Environment for Evaluation of Rules, and Everything Else n Provides both general policy-evaluation mechanism and language for specifying policies n Return value when asking for authorization n Yes, the action may be taken because sufficient credentials exist for the action to be approved” “No, the action may not be taken because sufficient credentials exist to deny the action” “The trust management system was unable to find sufficient credentials to approve or to deny the requested action” 3/19/2018 Bienvenida Pagdanganan 22

Roadmap – Trust Management in Web Services Based SOA The Key. Note Trust Management System (Blaze, Feigenbaum et al. 1999) n n n Language describing policy and credential assertion, structures of action descriptions and model of computation Evaluates policy through a policy compliance value (PCV) PCV advises application how to process the requested action. In simplest case, the compliance value is Boolean (e. g. , reject or approve) 3/19/2018 Bienvenida Pagdanganan 23

Roadmap – Trust Management in Web Services Based SOA The Key. Note Trust Management System (Blaze, Feigenbaum et al. 1999) Conditions: @user_id == 0 -> “full_access”; @user_id < 1000 -> “user_access”; @user_id < 10000 -> “guest_access”; user_name == “root” -> “full_access”; n n # clause (1) #clause (2) #clause (3) #clause (4) Given “user_id” is “ 1073” and the “user_name” attribute is “root”, possible compliance value set would contain the following: “guest_access” (by clause (3)) and “full_access” (by clause (4)) 3/19/2018 Bienvenida Pagdanganan 24

Roadmap – Trust Management in Web Services Based SOA Our Approach n n A framework for trust management A hybrid trust model for managing trust incorporating hard trust and soft trust 3/19/2018 Bienvenida Pagdanganan 25

Our Approach – Trust Management in Web Services Based SOA Hybrid Trust Composition n Trust relationships based on exchange and brokering of hard trust attributes and on support of soft trust attributes established by corresponding security authorities 3/19/2018 Bienvenida Pagdanganan 26

Our Approach – Trust Management in Web Services Based SOA Hard Trust Composition n “strong security” mechanisms n Result is a binary decision- trusted or not 3/19/2018 Bienvenida Pagdanganan 27

Our Approach – Trust Management in Web Services Based SOA Soft Trust Composition n n “soft computational” approach, a method of evaluation of soft trust attributes developed by illustration through a hypothetical example 3/19/2018 Bienvenida Pagdanganan 28

Our Approach – Trust Management in Web Services Based SOA Hypothetical Example: A Web service provided by ABC company for purchasing shares of stocks - Must be citizens of its country only - May have loyalty cards with the company - Have transactions above a threshold amount $D - Have reference from company staff Company Assertions: Is_Citizen = ‘Y’ #clause (1) has_Loyalty. Card = ‘Y’ #clause (2) has_No_Loyalty. Card = ‘Y’ #clause (3) has_Transaction_Threshold > $D = ‘Y’ #clause (4) has_Reference_From_Staff = ‘Y’ #clause (5) 3/19/2018 Bienvenida Pagdanganan 29

Our Approach – Trust Management in Web Services Based SOA Hypothetical Example cont. : Company has set to true (‘Y’) only the following composition Order of assertion: ascending, highest to lowest All other combinations are not acceptable. (1) {“Is_Citizen”, “has_Loyalty. Card”, “has_Transaction_Threshold > $D”, “has_Reference_From_Staff”}, (2) {“Is_Citizen”, “has_Loyalty. Card”, “has_Transaction_Threshold > $D”}, (3) {“Is_Citizen”, “has_Loyalty. Card”, “has_Reference_From_Staff ”}, (4) {“Is_Citizen”, “has_No_Loyalty. Card”, “has_Transaction_Threshold > $D”}, (5) {“Is_Citizen”, “has_No_Loyalty. Card”, “has_Reference_From_Staff ”} 3/19/2018 Bienvenida Pagdanganan 30

Our Approach – Trust Management in Web Services Based SOA Hypothetical Example cont. : Evaluation of assertions • A decision response (Y or N) for reputation will be delivered for compositions (1) through (5). • Each composition has weight value corresponding to reputation of requestor of Web service • Notation use to indicate weight value where weight value is a function of composition; R 1 = W(C 1) = Extremely high reputation R 2 = W(C 2) = Strongly high reputation R 3 = W(C 3) = Very high reputation R 4 = W(C 4) = Moderately high reputation R 5 = W(C 5) = High reputation • Reputation weight value is referred to as ‘Reputation Token’ 3/19/2018 Bienvenida Pagdanganan 31

Our Approach – Trust Management in Web Services Based SOA Reputation Authority • Soft trust authority body • The Reputation Authority can then validate the Reputation Rating of the user for a given role or capability as Identity based attributes for the user. 3/19/2018 Bienvenida Pagdanganan 32

Our Approach – Incorporating Hybrid Trust Attributes in Policy Trust Management in Web Services Based SOA (01) (02) (03) (04) (05) wsse: Reputation. Token (06) (07) (08) wsse: Loyalty. Card. Number (09) (10) (11) wsse: Username. Token (12) (13) (14) (15) (16) wsse: Reputation. Token (17) (18) (19) (20) (21) (22) wsse: Username. Token (23) (24) (25) (26) 3/19/2018 Bienvenida Pagdanganan 33

Mechanism to federate across trusted authorities incorporating Reputation Authorities Our Approach – Federation and Trust in Web Service 3/19/2018 Bienvenida Pagdanganan 34

Our Approach – Federation and Trust in Web Service 1. ABC Company issued Alice a Kerberos security token and a reputation token. 2. Currency service’s policy only accepts security and reputation tokens issued by its own security token service and reputation authority. 3. We assume the administrators at ABC Company and Business 456 have exchanged public key certificates and reputation tokens in order to federate security. 4. We further assume that Alice only supports symmetric key technology. 5. Based on the Currency Web service policy, Alice needs to acquire a security token and a reputation token that can be used to access the security token service and the reputation authority at Business 456. 6. Alice first contacts her security token service and reputation authority that is intended for the Business 456 security token service and reputation authority. 7. Using the security and reputation token intended for the Business 456 security token service and reputation authority, Alice requests security and reputation token for the Currency service. 8. The Business 456 security token service provides Alice security token for the Currency service, and reputation token required by the Currency service policy. 9. Using the security and reputation token intended for the Currency service and the associated symmetric key, Alice makes the requests to the Currency service. 3/19/2018 Bienvenida Pagdanganan 35

Future Work Suggested Work: Development of a trust management system incorporating reputationbased token in its language for policy formulation Study to consider the formal institution of Reputation Authority In our approach to evaluate reputation using weighted values, further work may adapt such methodology and compare and contrast with some existing models Concept of quality trust can be further studied 3/19/2018 Bienvenida Pagdanganan 36