Designing and Implementing Secure Web Services

{LANG_NAVORIGIN} Web Security
Steve Purser 03/02/2005



Note : This paper has been reformatted and republished from our archives.

1. Introduction

In the past decade, the Internet has become almost synonymous with the world wide web (WWW) and the browser has become the de facto interface for Internet enabled applications. The key advantages of using a browser-based user interface include:

• The familiar ‘look and feel’ of the browser interface promotes ease of use.
• A wealth of existing standards and development practices already exists in this area.
• Browsers are capable of providing end users with an integrated view of multiple applications.
• Many of the more powerful technologies for building distributed systems can be easily integrated with a browser interface.

However, organizations looking to use standard web protocols to deploy services associated with a high-level of risk to corporate customers must recognize and respond to a number of special challenges if they are to meet with success.

This paper presents the key issues associated with designing and deploying highly secure applications for corporate customers over standard web protocols and proposes a number of practical solutions for dealing with these issues.

2. Challenges

Whilst web applications are very appealing from a usability perspective, deploying such systems involves rising to a number of non-trivial challenges. For the purposes of this paper, we can classify such challenges as being associated with the deployment of the client, with security on the network or with the server-side infrastructure.

Ironically, where client-side security mechanisms are concerned, many of the commonly-encountered problems are related to existing security infrastructure. Choosing appropriate mechanisms is complicated by the fact that most commercial organizations adopt a very defensive stance with respect to the Internet and such organizations will usually expect to deploy new applications without modifying their current perimeter defence mechanisms. Because local security necessarily reflects the attitude towards risk of the organization concerned, there can be no standard client-side security configuration. This is of course quite reasonable and one would expect a private bank to adopt an entirely different posture to a software development house or an educational institution. Less obvious, but equally true, is the fact that considerable differences can be found within the same sector of activity, which means that even a targeted deployment can pose problems. Examples of issues associated with the deployment of secure web clients include:

• Different browser configuration options and security settings can have a big impact on the behavior of the client software.
• Proxy servers and firewalls at client site can block standard protocols or require activating unusual protocol options.
• Client side software may not integrate well with the local workstation security configuration.

The problems of protecting data over an insecure network are well-known and standard solutions are well documented, see for example [1,2] or for protocols typically associated with web technology [3]. Nevertheless, standard mechanisms for protecting the confidentiality and/or integrity of data over network connections invariably involve cryptographic protection mechanisms and implementing such solutions can be quite difficult. More importantly, some of the problems associated with dealing with remote clients, such as understanding trust relationships and what they really mean [4] are not technical issues at all and are rooted in the concepts that underlie the technical deployment. Examples of issues related to protecting data over insecure networks include:

• Establishing trust relationships with unknown third parties.
• Protecting the download of thin clients.
• Protecting the confidentiality and integrity of the transmitted data.
• Ensuring availability of the service.
• Achieving End-to-End (E2E) security for transactional systems.

Problems at the server side are somewhat easier to handle because such problems are in-house and under the control of the institution providing the service. Typical issues in this area are:

• Achieving an acceptable level of integration with the local security architecture.
• Interfacing specialised devices, such as Hardware Security Modules (HSM).
• Defining scalable administration procedures and workflow.

Finally, there are many issues associated with initializing and administering secure systems. These issues include identifying and implementing an appropriate administration model (should administration associated with individual end-user accounts be done centrally or at the customer site?), registering new users and initializing new accounts using out-of-band secrets.

Throughout this paper, we will use examples taken from this section to show how these issues can materialize and how they can be resolved.














Your IP address will be sent with this e-mail

From e-mail to e-mail