SOA End to End Security presents about Security Challenges in SOA, Project Summary, Prototype Development, Transition to Cloud Computing, Demo/Evaluation of the Proposed Solution (Security and Performance), Schedule and Timeline, Future Tasks. | SOA End to End Security Department of Computer Science Purdue University West Lafayette, Indiana Award No. FA8750-10-2-0152 Program Manager: Asher Sinclair, AFRL/RISE 09/27/2011 1 People Involved In the Project Two Faculty Members Ten graduate students 2 Outlines Security Challenges in SOA Problem Overview Project Summary Prototype Development System Architecture and Baseline Scenario Use Case Scenario Service Domain Internals and Implementation SOA Authentication Scheme (CAC/IDM) WS-* Standard Integration Trust Broker Subsystem Service Registry Taint Analysis Subsystem Transition to Cloud Computing Demo/Evaluation of the Proposed Solution (Security and Performance) Schedule and Timeline Future Tasks Discussion Appendixes (Publication) 3 WS-attacks: inline SOAP attacks, replay attacks. Security Challenges in SOA Authentication and authorization may not take place across intended end points Intermediate steps of service execution might expose messages to hostile threats External services are not verified or validated dynamically (Uninformed selection of services by user) User has no control on external service invocation within an orchestration or through a service in another service domain Violations and malicious activities in a trusted service domain remain undetected 4 SOA End to End Security Architecture 5 End to End Security Architecture Description Figure shows problems in end to end SOA security as follow: In this figure the current Air Force infrastructure is shown above the red dashed line. In this architecture, all services are available in the local trusted service domain and everything is under the control of domain A. Client at the edge platform decides to use a service from domain A. He will use his CAC (common access card) to authenticate into the system. The security token is sent to the IDM (identity management system) for validation check. If the user is authorized, IDM gives permission to the requested service (. MX or mail service) for . | SOA End to End Security Department of Computer Science Purdue University West Lafayette, Indiana Award No. FA8750-10-2-0152 Program Manager: Asher Sinclair, AFRL/RISE 09/27/2011 1 People Involved In the Project Two Faculty Members Ten graduate students 2 Outlines Security Challenges in SOA Problem Overview Project Summary Prototype Development System Architecture and Baseline Scenario Use Case Scenario Service Domain Internals and Implementation SOA Authentication Scheme (CAC/IDM) WS-* Standard Integration Trust Broker Subsystem Service Registry Taint Analysis Subsystem Transition to Cloud Computing Demo/Evaluation of the Proposed Solution (Security and Performance) Schedule and Timeline Future Tasks Discussion Appendixes (Publication) 3 WS-attacks: inline SOAP attacks, replay attacks. Security Challenges in SOA Authentication and authorization may not take place across intended end points Intermediate steps of service execution might expose messages to hostile threats External .
