Title :
A Secure Information Flow Architecture for Web Services
Author :
Singaravelu, Lenin ; Wei, Jinpeng ; Pu, Calton
Author_Institution :
Coll. of Comput., Georgia Inst. of Technol., Atlanta, GA
Abstract :
Current Web service platforms (WSPs) often perform all Web services-related processing, including security-sensitive information handling, in the same protection domain. Consequently, the entire WSP may have access to security-sensitive information such as credit card numbers, forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new information flow architecture that decomposes current WSPs into two parts executing in separate protection domains: (1) a small trusted T-WSP to handle security-sensitive data, and (2) a large, legacy untrusted U-WSP that provides the normal WSP functionality, but uses the T-WSP for security-sensitive data handling. By restricting security-sensitive data access to T-WSP, ISO-WSP reduces the software complexity of trusted code, thereby improving the testability of ISO-WSP. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request.
Keywords :
Web services; security of data; software architecture; software metrics; Apache Axis2 WSP; ISO-WSP; Web service platforms; credit card numbers; information flow architecture security; security-sensitive information handling; software complexity; trusted code; Computer architecture; Credit cards; Data handling; Data security; Educational institutions; Information security; Protection; Service oriented architecture; Software testing; Web services;
Conference_Titel :
Services Computing, 2008. SCC '08. IEEE International Conference on
Print_ISBN :
978-0-7695-3283-7
DOI :
10.1109/SCC.2008.121
