Conference Paper

Preventing data leakage in service orchestration

DOI: 10.1109/ISIAS.2011.6122806 Conference: 7th International Conference on Information Assurance and Security, IAS 2011, Melacca, Malaysia, December 5-8, 2011
Source: DBLP

ABSTRACT Web Services are currently the base of a lot a e-commerce applications. Nevertheless, clients often use these services without knowing anything about their internals. Moreover, they have no clue about the use of their personal data inside the global applications. In this paper, we offer the opportunity to the user to specify constraints on the use of its personal data. To ensure the privacy of data at runtime, we define a distributed security policy model. This policy is configured at runtime by the user of the BPEL program. This policy is enforced within a BPEL interpreter, and ensures that no information flow can be produced from the user data to unauthorized services. However, the dynamic aspects of web services lead to situations where the policy prohibits the nominal operation of orchestration (e.g., when using a service that is unknown by the user). To solve this problem, we propose to let user to dynamically permit exceptional unauthorized flows. In order to make decision, the user is provided with all information necessary for decision-making. We also present an implementation inside the Orchestra BPEL interpreter. As far as we know this implementation is the first information flow monitor for web services that is also end-user configurable.

Download full-text


Available from: Yves Le Traon, Feb 24, 2014
12 Reads
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Improperly validated user input is the underlying root cause for a wide variety of attacks on Web-based applications. Static approaches for detecting this problem help at the time of development, but require source code and report a number of false positives. Hence, they are of little use for securing fully deployed and rapidly evolving applications. We propose a dynamic solution that tags and tracks user input at runtime and prevents its improper use to maliciously affect the execution of the program. Our implementation can be transparently applied to Java classfiles, and does not require source code. Benchmarks show that the overhead of this runtime enforcement is negligible and can prevent a number of attacks.
    Computer Security Applications Conference, 21st Annual; 01/2006
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We present a simple architectural mechanism called dynamicinformation flow tracking that can significantly improve thesecurity of computing systems with negligible performanceoverhead. Dynamic information flow tracking protects programs against malicious software attacks by identifying spurious information flows from untrusted I/O and restrictingthe usage of the spurious information.Every security attack to take control of a program needsto transfer the program’s control to malevolent code. Inour approach, the operating system identifies a set of inputchannels as spurious, and the processor tracks all information flows from those inputs. A broad range of attacks areeffectively defeated by checking the use of the spurious values as instructions and pointers.Our protection is transparent to users or application programmers; the executables can be used without any modification. Also, our scheme only incurs, on average, a memoryoverhead of 1.4% and a performance overhead of 1.1%.
    Proceedings of the 11th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2004, Boston, MA, USA, October 7-13, 2004; 12/2004
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This article focuses on intrusion detection in systems using Web applications and COTS. We present a solution that combines policy-based intrusion detection and information flow control. We describe JBlare, an inline Java monitor that tracks inter-method flows in Java applications. This monitor collaborates with Blare, a monitor that tracks information flow in the whole system at the OS-level. The combination of these two detectors constitutes a policy-based Intrusion Detection System that can address a wide range of attacks.
    CRiSIS '08, Third International Conference on Risks and Security of Internet and Systems, Tozeur, Tunesia, October 28-30, 2008; 10/2008
Show more