Secure web service federation management using tpm virtualisation

Srijith Krishnan Nair, Ivan Djordjevic, Bruno Crispo, Theo Dimitrakos
2007 Proceedings of the 2007 ACM workshop on Secure web services - SWS '07  
Web Services and SOA provide interoperability and architectural baseline for flexible and dynamic cross-enterprise collaborations, where execution and use of the participating services contributes to the common objective. Relationships within these collaborations are complex, with services joining and leaving throughout the life cycle, or the same services being offered in several collaborations simultaneously. This provides strong requirements for federated security, where integrity and
more » ... ntiality of the collaboration must be maintained through membership control, security policy enforcement and separation of web service instance interactions in different collaborations. Abstract Web Services and SOA provide interoperability and architectural baseline for flexible and dynamic crossenterprise collaborations, where execution and use of the participating services contributes to the common objective. Relationships within these collaborations are complex, with services joining and leaving throughout the life cycle, or the same services being offered in several collaborations simultaneously. This provides strong requirements for federated security, where integrity and confidentiality of the collaboration must be maintained through membership control, security policy enforcement and separation of web service instance interactions in different collaborations. In this paper we propose a new Web Services (WS) framework for managing and controlling WS interactions in a federated environment, leveraging on platform virtualisation architecture and the functionalities provided by trusted secure hardware. The framework allows configuring policies that define collaboration membership, and enforce access to the collaboration per-WS instance. In addition, since the access to the configurations is restricted, it provides master-slave model where only authorised administrative entity can modify any of the aboveeither at the deployment or at the execution time. Some of the benefits of the proposed approach are: finegrained external exposure of WSs, a flexible model for group membership control and revocation and hardware-enabled secure virtualised system providing functional process isolation and strong data security.
doi:10.1145/1314418.1314430 dblp:conf/sws/NairDCD07 fatcat:mkzwv7lhbzcahk47li6jljzkwq