- »Lectures and Classes
- Diskrete Strukturen und Logik (WS 2011/12)
- Internet Security (WS2011/2012)
- Semantic Web Technologien (WS2011/2012)
- Large Scale Processing for Multimedia Analysis (WS2011/2012)
- SEO - Search Engine Optimization (WS2011/2012)
- Webprogrammierung und Web 2.0-Technologien (WS2011/12)
- Der neue Personalausweis: Konzept und Umsetzung (WS2011/2012)
- Web Service Security (WS2011/2012)
- Network Security in Practice (WS2011/2012)
- Archive
- »Tele-Lectures
- »Master-Projekte
- Master Theses
- »Bachelor Projects
- PhD Students
- D-School teaching
- Research Seminars
- »Lectures and Classes
Contact
Prof. Dr. Christoph Meinel
Hasso-Plattner-Institut
an der Universität Potsdam
Tel: +49 0331/5509-222
Fax: +49 0331/5509-325
Mobil: +49 176 10010727
meinel"at"hpi.uni-potsdam.de
Books
Our Motivation
Creating secure Web Service-based composed applications is challanging due to the complexity of the WS-* specifications and the multitude of security specifications. On a technical layer, security services requires
- Plenty of configurations
- Strong security knowledge
- Complex Security Configurations
Our Solution
The SOA Security Lab is designed as a virtualused testing environment for service-related security concepts. Our platform comprises several layers as shown in Figure 1.
- Figure 1. Layers of the SOA Security Lab
Composed applications (provided as Software as a Service) can be created using a visual modeller and are executed in virtual machines (Infrastructure as a Service). Users can integrate external services (e.g. Amazon services), use the cloud platform to execute constom services (Platform as a Service) or compose predefined services (Component as a Service).
Figure 2 shows the main components of our platform:
1. | Scenario Management: | Visual creation of components |
2. | Policy Management: | Generation of security configurations |
3. | Deployment Service: | Deployment and execution of applications |
4. | Security Analysis: | Monitoring and analysis of security mechanisms |
- Figure 2. SOA Security Lab Architecture (click on the image to enlarge it)
Features
1. Visual Creation of Composed Application
Composed applications based on Web Services can be created by modelling the structure of the desired system as shown in Figure 3. In order to secure the system, security requirements such as the protection of exchanged messages, the authentication of users, or the necessary trust relationships can be modelled as well. In addition, this model is verified to ensure a proper transformation to service configuration files and policies.
- Figure 3. Modeling of a secure composed application. The services require the authentication of users as well as a confidential exchange of messages.
2. Generation of Security Configurations
The Policy Management performes the transformation of the model to service configuration files and security policies (e.g WS-SecurityPolicy) that can be deployed and enforced at services and frontends used in the composed application. This information is based on security configuration patterns that provide expert knowledge to transform simple security intentions to complex security configurations. The different layers in the transformation process are shown in Figure 4. Additional information about our model-driven approach are provided here.
- Figure 4. Model-driven Generation of Configuration Files
- Modelling Layer: This layer is the foundation for a pattern-based transformation. System design models are enhanced with security intentions to specify security requirements.
- Platform Independent Model: This layer represents a platform-independent model that describes security policies in a platform independent language.
- Configuration Files: This is the technical layer which states security requirements in a deployable notation, e.g. WS-SecurityPolicy.
3. Deployment and Execution of Applications
Services, frontends and related metadata are stored in the service repository. On demand a virtual machine is created for the user to execute a modelled use case. The Scenario Management component (see Figure 5) deploys all components and configuration files related to the modelled use case. Finally, each user can eecute, analyse and test composed applications in its own isolated environment.
- Figure 5. Deployment of composed applications
4. Monitoring and Analysis of Security Mechanisms
- Figure 6. Visualising the structure of exchanged messages
Our platform enables users to gain insight into services and the security modules used to enforce security policies. For each service, the security modules can be visualised. The messages that passed these modules can be inspected as well. Figure 6 shows the visualisation in our platform that depicts a chain of security modules and a service request that passed this chain. The message security protocols and mechanisms used to secure this message are analysed and highlighted.
Demo
Live demo: www.soa-security-lab.de
Related Publications
- Michael Menzel, Robert Warschofsky, Ivonne Thomas, Christian Willems, Christoph Meinel: The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud. Proceedings of the 2010 IEEE World Congress on Services (Services 2010), pp.115-122, (Miami, USA, Juli 2010).
- Michael Menzel, Robert Warschofsky, Christoph Meinel: A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures. Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010), pp.243-250, (Miami, USA, Juli 2010).
- Michael Menzel, Christoph Meinel: SecureSOA - Modelling Security Requirements for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010), pp.146-153, Miami, USA, Juli 2010.
People
- Research and Development
- Student Developer
- Florian Thomas
- Frederik Leidloff
Join Us
We are offering student jobs as well as subjects for master-/bachelor-theses. Please contact Ivonne Thomas or Robert Warschofsky if you are interested.
Contact
Prof. Dr. Christoph Meinel
Hasso-Plattner-Institut für Softwaresystemtechnik
Prof.-Dr.-Helmert-Str. 2-3
D-14482 Potsdam, Germany
Tel: +49(0)331/5509-222
Fax: +49(0)331/5509-325
Email: soa-security"at"hpi.uni-potsdam.de