Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre.

Similar presentations


Presentation on theme: "1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre."— Presentation transcript:

1 1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre Advisor: Todd Lawson

2 2 Presentation Overview Project Hierarchy and Motivation Background and Terminology Guard Web Service Security My Specific Part Test Bench An Example Questions

3 3 Information Assurance (IA) Group Cross Domain Solutions (CDS) Group GWSG (Global Web Services Gateway) Project Service Oriented Architecture (SOA) Test Lab Customers National Security Agency (NSA) Defense Information Systems Agency (DISA)

4 4 GWSG Project Motivation Goal To enhance the capabilities of a user on a classified network to gain immediate access to data available on an unclassified network Unclassified Database Classified Network User

5 5 GWSG Project Motivation One Method Currently Used To Access Data Unclassified Database Classified Database Classified Network User (Soldier) Sneaker-net

6 6 GWSG Project Motivation Disadvantages to Current Methods Redundancies of Data Time Costly Replication Transportation Need For Data Synchronization Frequent Updates No Guarantee of Data Availability Extra Manpower by Man-In-The-Loop

7 7 GWSG Project Motivation New Cross Domain Solution (CDS) Web Services Technology Unclassified Database Classified Network User (Soldier) Guard

8 8 SOA Test Lab Component Goal Evaluate Guards Specified by NSA and DISA Compare capability and effectiveness to process message formats used by web services today Provide the best guard solution given a specific situation in which the guard would be applied

9 9 My Part In The SOA Test Lab Research and Document How To Implement Web Service Security Controlled and Predictable Environment Test Web Service Findings To Be Used In SOA Test Lab Foundation Template

10 10 WSS, SOAP, and HTTP WSS or WS-Security (Web Service Security) OASIS (Organization for the Advancement of Structured Information Standards) Applied to SOAP Messages SOAP (Simple Object Access Protocol) Message Format HTTP (Hypertext Transfer Protocol) Transport Protocol

11 11 The Project: Test Bench Client and Server on same computer Communicate through localhost interface Client (soapUI) Server (Axis2) * SOAP Request and SOAP Response

12 12 The Project: Open-Source Software Server Side Tomcat Axis2 1.4 Rampart 1.4 Client Side soapUI 2.0.2

13 13 The Project: Test Bench Client and Server on same computer Communicate through localhost interface Client (soapUI) Server (Axis2) * SOAP Request with WSS

14 14 soapUI Outgoing Configuration Interface Used to Apply WSS to Request To Server

15 15 A SOAP Message Request w/o WSS Hello? Usual Request soapUI Sends w/o WSS

16 16 A SOAP Message Request Header with WSS alice bobPW Additional WSS Informational Applied To Usual Request soapUI

17 17 The Project: Test Bench Client and Server on same computer Communicate through localhost interface Client (soapUI) Server (Axis2) * SOAP Response with WSS

18 18 services.xml Without Rampart org.apache.rampart.samples.policy.sample01.SimpleService Usual Configuration Scheme For A Service on The Server

19 19 services.xml with Rampart username org.apache.rampart.samples.policy.sample01.PWCBHandler Additional Code To Tell Rampart What Type of WSS To Expect

20 20 The Project: Test Bench Client and Server on same computer Communicate through localhost interface Client (soapUI) Server (Axis2) * SOAP Messages with WSS

21 21 The Project: Ultimate Purpose Client (soapUI) Server (Axis2) * SOAP over HTTP with WSS * Proprietary Format over Proprietary Protocol localhost ClassifiedUnclassified Guard XML Firewall XML Firewall

22 22 WSS Mechanisms Attempted User Name Token Username and Password Timestamp Time to Live Encryption Confidentiality Signature Integrity and Authentication

23 23 An Example: Test Web Service ClientServer “Hi!”

24 24 An Example: Valid User Name Token ClientServer Echo Correct Username And Password

25 25 An Example: Invalid User Name Token ClientServer Incorrect Username And/Or Password Error

26 26 An Example: Test Results UsernamePasswordResult Correct Echo Incorrect Error Blank Error CorrectIncorrectError CorrectBlankError IncorrectCorrectError IncorrectBlankError BlankCorrectError BlankIncorrectError

27 27 Actual SOA Test Lab Setup

28 28 Acknowledgements VP Operations Matt Granger Program Manager Todd Lawson Mentor Marc Lefebvre GWSG Bryan Berkowitz Casey McGinty Scott Oshita Christopher Paris Derek Terawaki Helpful Coworkers Conrado Cortez Deanna Garcia Mark Mizubayashi Former Cubiclemates Ellen Federoff Kelly Ledford And Everyone Else Who Made Me Feel Welcome!

29 29 Acknowledgements Maui Akamai Internship Program Funding Center for Adaptive Optics (CfAO) National Science Foundation and Technology Center Grant (#AST ) Akamai Workforce Initiative National Science Foundation Grant and Air Force Office of Scientific Research Grant (#AST ) University of Hawai ʻ i Grant Program Staff Lisa Hunter Lani LeBron Scott Seagroves Lynne Raschke Short Course Instructors Dave Harrington Ryan Montgomery Isar Mostafanezhad Mark Pitts Sarah Sonnet And Everyone Else Who Contributed To This Valuable Experience!

30 30 Thank you! Any Questions?


Download ppt "1 Web Service Security Through A Guard Roxanne Yee Home Institution: University of Hawai ʻ i at Mānoa Internship Site: Akimeka, LLC Mentor: Marc Lefebvre."

Similar presentations


Ads by Google