Skip to main content
SpringerLink
Log in

Behavioral Attestation for Web Services using access policies

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Service Oriented Architecture with underlying technologies like web services and web service orchestration opens new vistas for integration among business processes operating in heterogeneous environments. However, such dynamic collaborations require a highly secure environment at each respective business partner site. Existing web services standards address the issue of security only on the service provider platform. The partner platforms to which sensitive information is released have till now been neglected. Remote Attestation is a relatively new field of research which enables an authorized party to verify that a trusted environment actually exists on a partner platform. To incorporate this novel concept in to the web services realm, a new mechanism called WS-Attestation has been proposed. This mechanism provides a structural paradigm upon which more fine-grained solutions can be built. In this paper, we present a novel framework, Behavioral Attestation for Web Services, in which XACML is built on top of WS-Attestation in order to enable more flexible remote attestation at the web services level. We propose a new type of XACML policy called XACML behavior policy, which defines the expected behavior of a partner platform. Existing web service standards are used to incorporate remote attestation at the web services level and a prototype is presented, which implements XACML behavior policy using low-level attestation techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8

Similar content being viewed by others

Notes

  1. Hereafter, we refer to the Service Provider as SP, the Service Requester as SR and the Validation Service as VS.

  2. Note that in the following description of our implementation, we omit some of the minor details of operations performed by the TPM for the sake of clarity.

References

  1. Alam M, Li Q, Zhang X, Seifert JP (2008) Usage control platformization via trustworthy selinux. In: ASIACCS’08: proceedings of the 2008 ACM symposium on information, computer and communications security

  2. Alam M, Seifert JP, Zhang X (2007) A model-driven framework for trusted computing based systems. In: EDOC ’07: proceedings of the 11th IEEE international enterprise distributed object computing conference. IEEE Computer Society, Washington, p 75

    Chapter  Google Scholar 

  3. Alam M, Zhang X, Nauman M, Ali T, Seifert J (2008) Model-based Behavioral Attestation. In: SACMAT ’08: proceedings of the thirteenth ACM symposium on access control models and technologies. ACM Press, New York

    Google Scholar 

  4. Anderson A, Lockhart H (2005) SAML 2.0 profile of XACML v2. 0. OASIS Standard, vol 1

  5. Anderson S, Bohren J, Boubez T, Chanliau M, Della-Libera G, Dixon B, Garg P, Gudgin M, Hallam-Baker P, Hondo M, et al (2005) Web services trust language (ws-trust). Public draft release, Actional Corporation, BEA Systems, Computer Associates International, International Business Machines Corporation, Layer, vol 7

  6. Atkinson B, Della-Libera G, Hada S, Hondo M, Hallam-Baker P, Klein J, LaMacchia B, Leach P, Manferdelli J, Maruyama H, et al (2002) Web Services Security (WS-Security). IBM developerWorks, http://www-106.ibm.com/developerworks/library/ws-secure. Accessed 2002

  7. Bajaj S, Box D, Chappell D, Curbera F, Daniels G, Hallam-Baker P, Hondo M, Kaler C, Langworthy D, Malhotra A, et al (2006) Web services policy framework (ws-policy). Version 1(2):2003–2006

    Google Scholar 

  8. Devices A (2005) AMD64 virtualization: secure virtual machine architecture reference manual. AMD Publication, vol 33047

  9. Grawrock D (2005) The Intel safer computing initiative building blocks for trusted computing. Intel Press, http://www.intel.com/intelpress/sum_secc.htm. Accessed 2005

  10. IAIK (2005) Iaik: institute for applied information processing and communications, graz university of technology. Avaialable at: http://www.iaik.tugraz.at/. Accessed 2005

  11. Jaeger T, Sailer R, Shankar U (2006) PRIMA: policy-reduced integrity measurement architecture. In: SACMAT ’06: proceedings of the eleventh ACM symposium on access control models and technologies. ACM Press, New York, pp 19–28. doi:10.1145/1133058.1133063

    Chapter  Google Scholar 

  12. Lorch M, Proctor S, Lepro R, Kafura D, Shah S (2003) First experiences using xacml for access control in distributed systems. In: XMLSEC ’03: proceedings of the 2003 ACM workshop on XML security. ACM, New York, pp 25–37. doi:10.1145/968559.968563

    Chapter  Google Scholar 

  13. Mayer F, MacMillan K, Caplan D (2006) SELinux by example: using security enhanced linux. Prentice Hall

  14. McCarty B (2004) SELinux: NSA’s open source security enhanced linux. O’Reilly Media, Inc

  15. Moses T, et al (2005) Extensible access control markup language (xacml) version 2.0. Oasis Standard, vol 200502

  16. Nagarajan A, Varadharajan V, Hitchens M (2007) Trust management for trusted computing platforms in web services. In: STC 07: the second ACM workshop on scalable trusted computing, under ACM CCS 07. ACM, Virginia

    Google Scholar 

  17. Park J, Sandhu R (2002) Towards usage control models: beyond traditional access control. In: SACMAT ’02: proceedings of the seventh ACM symposium on access control models and technologies. ACM Press, New York, pp 57–64. doi:10.1145/507711.507722

    Chapter  Google Scholar 

  18. Pearson S (2002) Trusted computing platforms: TCPA technology in context. Prentice Hall PTR, Upper Saddle River

    Google Scholar 

  19. Proctor S (2006) Sun’s XACML implementation APIs. sunxacml.sourceforge.net/

  20. Sadeghi AR, Stüble C (2004) Property-based attestation for computing platforms: caring about properties, not mechanisms. In: NSPW ’04: proceedings of the 2004 workshop on new security paradigms. ACM Press, New York, pp 67–77. doi:10.1145/1065907.1066038

    Google Scholar 

  21. Safford D, Kravitz J, van Doorn L (2003) Take control of TCPA. Linux J 2003(112):2

    Google Scholar 

  22. Sailer R, Zhang X, Jaeger T, van Doorn L (2004) Design and implementation of a TCG-based integrity measurement architecture. In: SSYM’04: proceedings of the 13th conference on USENIX security symposium. USENIX Association, Berkeley, pp 16–16

    Google Scholar 

  23. Shi E, Perrig A, Doorn LV (2005) BIND: a fine-grained attestation service for secure distributed systems. In: SP ’05: proceedings of the 2005 IEEE symposium on security and privacy. IEEE Computer Society, Washington, pp 154–168. 10.1109/SP.2005.4

    Chapter  Google Scholar 

  24. Song Z, Lee S, Masuoka R (2006) Trusted web service. In: The second workshop on advances in trusted computing (WATC06 Fall). Ivy Hall Aogaku Kaikan, Tokyo, Japan

    Google Scholar 

  25. TCG: Trusted computing group (2000) Available at: http://www.trustedcomputinggroup.org/. Accessed 2000

  26. Trusted-Java: Jsr321: Trusted computing api for java(tm) (2009) Available at: http://jcp.org/en/jsr/detail?id=321. Accessed 2009

  27. Yoshihama S, Ebringer T, Nakamura M, Munetoh S, Mishina T, Maruyama H (2007) WS-attestation: enabling trusted computing on web services. Test and analysis of web services, pp 441–469

Download references

Author information

Authors and Affiliations

  1. Security Engineering Research Group (SERG), Institute of Management Sciences (IMSciences), 1-A, E-5, Phase VII, Hayatabad, Peshawar, Pakistan

    Masoom Alam, Mohammad Nauman, Tamleek Ali, Muhammad Ali, Sajid Anwar & Quratulain Alam

  2. Huawei Research Center, Santa Clara, CA, USA

    Xinwen Zhang

Authors
  1. Masoom Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinwen Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mohammad Nauman
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Tamleek Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Muhammad Ali
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sajid Anwar
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Quratulain Alam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masoom Alam.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Alam, M., Zhang, X., Nauman, M. et al. Behavioral Attestation for Web Services using access policies. Multimed Tools Appl 66, 283–302 (2013). https://doi.org/10.1007/s11042-011-0770-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-011-0770-9

Keywords

Search

Navigation