Cross-Organizational Service Security - Attack Modeling and Evaluation of Selected Countermeasures
Supervisor(s) and Committee member(s): Ralf Steinmetz (Supervisor), Alexander Schill (Referee)
Challenging market dynamics and the rise of complex value networks require organizations to adjust their processes rapidly in order to stay competitive. Because many organizational processes are directly supported or even enabled by Information Technology (IT), a process is only as flexible as its underlying technological representation. The Service-oriented Architecture paradigm (SOA) offers means on both a technological and organizational level for the flexible integration of internal and external IT systems. Thus, services are used to assemble processes through service compositions, as well as across enterprise boundaries. Such cross-organizational service-based workflows lead to a global SOA which is often referred to as the “Internet of Services”.
Just as any economic system requires security in order to function and to be accepted by its participants, the security of the involved IT systems, exchanged messages, and communication channels used has to be ensured for cross-organizational service-based collaboration. Achieving and guaranteeing basic IT security goals such as confidentiality, authentication, authorization, non-repudiation, integrity, availability, and anonymity is a necessity in this context and an active topic, both in research and industry.
The main tenor of current SOA security research is that conventional security measures are not effective enough in the SOA context. Furthermore, just equalizing SOA security with Web service security reduces SOA security requirements to Web service security standards and their configuration, which is an incomplete view.
This thesis makes several contributions regarding the security of service-based systems: First, it is shown how a model of cross-organizational SOA concepts can be used for analyzing SOA elements regarding their impact on security. This is done by applying core IT security concepts, such as threats, vulnerabilities, etc., to the general elements of a cross-organizational SOA, such as loose coupling, composability, etc.
Second, an analysis of attacks in the Internet of Services is performed by proposing an attack taxonomy for service-based systems and by modeling selected examples of service-specific attack classes. This goes beyond the current state-of-the-art regarding SOA attacks by taking into account more service-specific and business-oriented threats. The modeling of these attacks builds on a self-developed generic metamodel, that brings together the most important concepts of IT security and their relationships. It is shown, how assets, threats, vulnerabilities, risks, security goals, etc. relate to each other at the core of this metamodel and what the basic structure of countermeasures is.
Third, an attack scenario of communication analysis that threatens relationship anonymity in the Internet of Services is further investigated, due to its system-inherent implications. With a particular focus on service compositions, a simulation-based evaluation of different attack models and scenarios offers insights regarding the anonymity of cross-organizational collaboration. Furthermore, the impact of using standard anonymity mechanisms on selected Quality of Service parameters is evaluated for Web services in real networks. The obtained results aim at identifying the limits of anonymity in the Internet of Services and at quantifying side-effects of using state-of-the-art countermeasures.