Semantic Markup for Secure Survivable Enterprise Applications Anya - - PowerPoint PPT Presentation

semantic markup for secure survivable enterprise
SMART_READER_LITE
LIVE PREVIEW

Semantic Markup for Secure Survivable Enterprise Applications Anya - - PowerPoint PPT Presentation

Oct 30, 2022 237 likes •393 views

Semantic Markup for Secure Survivable Enterprise Applications Anya Kim, Amit Khashnobish, Jim Luo, Bruce Montrose, Myong Kang US Naval Research Laboratory Code 5542 Washington, DC Introduction Service-oriented architectures Relies

slide-1
SLIDE 1

Semantic Markup for Secure Survivable Enterprise Applications

Anya Kim, Amit Khashnobish, Jim Luo, Bruce Montrose, Myong Kang

US Naval Research Laboratory Code 5542 Washington, DC

slide-2
SLIDE 2

Introduction

  • Service-oriented architectures

– Relies on the ability to communicate relevant security information in a machine-understandable manner

  • Resources are protected by security

mechanisms

– Can act as barriers to access

  • Interoperability requires semantic markup of

resources with security-related metadata

– Enable dynamic discovery and invocation of services in a secure and trusted environment

slide-3
SLIDE 3

Security in SOA

Specification & Matchmaking

Infrastructure T1 T2 T3 T4 T5 D3 D4 D2 D1

Web-service Level Enterprise Application Level

BPEL UDDI WSDL Augment with security-related markup in the context of the application Add semantic markup and query capabilities Semantic description of security-related concepts using ontologies Current Standard Our Contribution

slide-4
SLIDE 4

Security Specifications in SOA

  • More complex than functional descriptions

– Security Requirements and Capabilities – Matchmaking is different

Service Consumer Service Provider Security Requirements Security Capabilities Security Requirements Security Capabilities

slide-5
SLIDE 5

NRL Security Ontology

  • Ontologies provide fine-grained semantic description and discovery
  • Used at all levels of SOA for security specification

Cookie Password Certificate X.509Certificate name value path version serialNumber issuer notBefore notAfter minLength

Date/time ontology Organizational ontology

slide-6
SLIDE 6

Infrastructure level

  • Industry standard UDDI repositories

cannot store ontology information

  • OWL2UDDI

– Provide capabilities for ontology-based service description and discovery in UDDI using client-side modules

slide-7
SLIDE 7

Web Services Level and Enterprise Application Level

  • Web Services Level

– Describe security capabilities and requirements using NRL Security Ontology – GUI to browse ontologies, specify security, and discover services

  • Enterprise Application Level

– Created a simple GUI that represents data flow among tasks to specify security requirements: – Capturing mission software logic that spans multiple

  • rganizations and multiple applications

– Consider security requirements in the context of mission software – Bridge the gap between operational community and security community

slide-8
SLIDE 8
slide-9
SLIDE 9
slide-10
SLIDE 10

Beyond the Paper

P2 P1 P3 P4 Service selector

Invoke the best service Search criteria List of potential services

Goal: functional & security descriptions

Web Service

Service Registry QoS Security Status Check status 1 2 3 Compose Mission Logic (Business Logic)

slide-11
SLIDE 11

Questions?

slide-12
SLIDE 12
slide-13
SLIDE 13
slide-14
SLIDE 14