12-11-2012, 04:36 PM
Server-Side Streaming Processing of WS-Security
Server-Side Streaming.pdf (Size: 1.47 MB / Downloads: 37)
Abstract
With SOAP-based web services leaving the stadium of being an explorative set of new technologies and entering the stage
of mature and fundamental building blocks for service-driven business processes—and in some cases even for mission-critical
systems—the demand for nonfunctional requirements including efficiency as well as security and dependability commonly increases
rapidly. Although web services are capable of coupling heterogeneous information systems in a flexible and cost-efficient way, the
processing efficiency and robustness against certain attacks do not fulfill industry-strength requirements. In this paper, a
comprehensive stream-based WS-Security processing system is introduced, which enables a more efficient processing in service
computing and increases the robustness against different types of Denial-of-Service (DoS) attacks. The introduced engine is capable
of processing all standard-conforming applications of WS-Security in a streaming manner. It can handle, e.g., any order, number, and
nesting degree of signature and encryption operations, closing the gap toward more efficient and dependable web services.
INTRODUCTION
ENTERPRISES are faced with greatly changing requirements
influencing the way businesses are created and operated.
They have become more pervasive with a mobile
workforce, outsourced data centers, different engagements
with customers, and distributed sites. Information and
communication technology (ICT) is therefore becoming a
more and more critical factor for business. ICT moves from
a business supporter to a business enabler and has to be
partly considered as a business process on its own.
In order to achieve the required agility of the enterprise
and its ICT, the concept of Service-Oriented Architectures [1]
is increasingly used. The most common technology for
implementing SOA-based systems is the SOAP-based web
services [2]. Some applications like Software-as-a-Service
(SaaS) [3], [4] or Cloud Computing [5] are inconceivable
without web services. There are a number of reasons for
their high popularity. SOAP-based web services enable
flexible software system integration, especially in heterogeneous
environments, and is a driving technology for
interorganization business processes. Additionally, the
large amount of increasingly mature specifications, the
strong industry support, and the large number of web
service frameworks for nearly all programming languages
have boosted its acceptance and usage.
MOTIVATION AND BACKGROUND
To set the scenes for this paper, some motivating foundations
and related state of the art are briefly introduced in the
subsequent sections.
Efficient Processing
There exist two general processing models for XML
documents: document-based processing and stream-based
processing. In the first one, the complete XML document
(e.g., a web service SOAP message) is read, parsed, and
transformed into an in-memory object tree representation of
the document. All XML processing is performed using this
object tree. The most widespread implementation of this
model is the W3C Document Object Model (DOM) [9].
When applying the second model, the XML document is
read and parsed step by step, divided into parts (e.g., single
XML elements) and passed to the application. The application
then operates on these XML parts. One can distinguish
two approaches for implementing the communication
between the parser and the application: a pull and a push
approach. With the pull approach, the application requests
the next XML part from the parser. A well-known
implementation of this approach is the Streaming API for
XML (StAX) [10]. Using the push approach, the parser calls
the application, which waits for incoming XML events.
That’s why, this model is also called event-based XML
processing. The most common realization of the eventbased
model is the Simple API for XML (SAX) [11].
Prompt Fault Detection
Another benefit of the stream-based processing approach
which results in a higher resilience against attack is the
ability to detect bogus messages more timely. The treebased
approach requires the whole XML document to be
parsed and processed before any application-specific
operation can be initiated, transforming it into an inmemory
representation of the XML element’s tree structure.
For object-oriented programming languages, this typically
results in a set of object instances, where each object
represents one XML element from the document. These
object instances are interlinked according to the XML
structure, i.e., they usually contain a parent link to the
element’s parent element, and a set of links to its child
elements. Such an object tree representation tends to occupy
much more in-memory space than the textual representation,
as it also has to store object instance metadata.
Assuming the parsed XML document to contain an
XML Schema violation (while still being well formed), the
flaws of the tree-based approach become clear. As shown
in Fig. 1a, the XML document must be read completely
before any processing on the contained XML elements can
start. For web service messages, this enables a malicious
SOAP message sender to feed in a huge XML document of
arbitrary, schema-violating contents, which the parser
must read in completely before being able to detect the
presence of a schema violation. This way, as the size of the
SOAP message is in control of the sender, an attacker can
cause heavy workloads for parsing XML documents at the
server [15], [16].
Prompt Access Control Decision
A similar property to react as timely as possible to certain
events can be exploited in access control. By this approach,
only parts of the message are processed in the cases in
which insufficient authorization can be determined [17].
Commonly, the security tokens containing the identity,
authentication, or authorization information are transported
inside the same SOAP envelope as the web service
request that is to be authenticated. Implementations using a
tree-based processing model have to read the complete
SOAP message before the processing can be started.
Stream-based processing instead allows one to access
identity, authentication, and authorization information
contained in the request much earlier and thus enables
one to reject bogus or other unauthorized messages much
more timely, saving compute and memory resources. In the
cases of flooding attacks based on captured and replied
messages, the stream-based processing again provides
mechanisms to be more resilient and dependable in the
presence of such kind of attacks.
Complex Programming Model
The stream-based processing approach has a variety of
advantages in comparison to the tree-based processing
approach. Nevertheless, streaming processing has not
found widespread adoption yet. The more complex and
inconvenient programming model is the main reason that
the stream-based processing was mostly neglected until
now. Without random document access and without the
possibility of backward navigation, a lot of operations are
difficult to implement. This includes operations for processing
a SOAP message containing WS-Security mechanisms,
e.g., evaluation of forward and backward references for
digital signatures or evaluation of XPath expressions.
STREAMING WS-SECURITY PROCESSING
In this section, the algorithms for processing WS-Security
enriched SOAP messages in a streaming manner are
presented and discussed. To understand the algorithms
and the problems solved by them, first of all, an introduction
to the WS-Security elements is given.
WS-Security
In contrast to most “classic” communication protocols, web
services do not rely on transport-oriented security means
(like TLS/SSL [25]) but on message-oriented security. The
most important specification addressing this topic is WSSecurity
[26], defining how to provide integrity, confidentiality,
and authentication for SOAP messages. Basically,
WS-Security defines a SOAP header (wsse:Security)
that carries the WS-Security extensions. Additionally, it
defines how existing XML security standards like XML
Signature [27] and XML Encryption [28] are applied to
SOAP messages.