Web Services Security Scenarios

- J.D. Meier, Prashant Bansode, Paul Enfield.

We organize our scenarios for key problem areas into a frame. We use the scenarios to figure out where customers need more help, and to test how well the guidance, tools, and platform address the problems.

Hot Spots

  • Auditing and logging
  • Authentication
  • Authorization
  • Code Access Security
  • Communication
  • Message and Data Validation
  • Deployment Considerations
  • Exception Management
  • Message Protection
  • Message Replay Detection
  • Sensitive Data
  • Session Management


Hot Spot Key Engineering Decisions
Auditing and Logging * How to identify the sink for logging and auditing.
* How to identify the operations and events to be logged.
* How to log authentication and authorization events.
* How to avoid storing sensitive information in log files.
Authentication * How to authenticate your users and pass authenticated identities across the layers.
* How to use windows authentication in a web service.
* How to use username password authentication in a web service.
* How to use certificate authentication in a web service.
* How to manage user accounts securely.
* How to use WS security with SOAP messages.
* How to use secure sessions.
Authorization * How to identify trust boundaries within the web service layers for authorization.
* How to decide granularity of authorization settings.
* How to choose authorization strategy for your web service.
* How to use resource authorization.
* How to use roles authorization.
* How to manage roles store securely.
* How to use trusted subsystem model.
* How to use impersonation and delegation.
Code Access Security * Under what circumstances should Worker and Web roles run under partial trust (default).
* Under what circumstances should Worker and Web roles run under full trust.
Communication * How to decide communication protocol for the web service.
* How to reliably handle unreliable or intermittent communication.
* How to use dynamic URL behavior with configured endpoints for maximum flexibility.
* How to validate endpoint addresses in messages etc.
* How to handle asynchronous calls etc.
* How to decide message communication patterns like one-way or two-way etc.
Message and data Validation * How to identify trust boundaries within Web service layers for message and data validation.
* How to design your validation strategy to constrain, reject, and sanitize malicious input.
* How to efficiently and securely validate input data.
* How to validate all messages received by the service interface.
* How to handle data and message validation failures.
Deployment Considerations * How to use least privilege account for running the service.
* How to use certificates to enable secure communication using SSL.
* How to handle encryption keys securely in production.
* How to secure configuration sections containing sensitive data.
Exception Management * How to choose exception management strategy.
* How to scrub exception message for secure exception handling.
* How to deal with sensitive information when handling the exception.
* How to deal with unhandled exceptions.
* How to use SOAP Fault elements or custom extensions to return exception details to the caller.
* How to design fault contracts to allow services to declare known faults for each operation.
Message Protection * How to choose between message security and transport security.
* How to use message security.
* How to use message security.
* How to sign and encrypt part of the message.
* How to avoid tampering of messages and parameters.
Message replay detection. * How to detect message replay.
* How to handle message replay.
Sensitive Data * How to protect message confidentiality and integrity.
* How to design service to protect parts of the message with partial encryption.
* How to secure metadata in an endpoint to be consumed by service clients.
* How to use transport security
Session Management * How to configure message throttling to avoid denial of service attacks.
* How to design services per session mode.
* How to configure memory limits to avoid denial of service attacks.
* How to configure service for reliable messaging with reliable session and ordering of messages.
* How to implement structured exception handling and state management to avoid state corruption.









Last edited Sep 8, 2009 at 9:27 PM by paulenfield, version 1

Comments

No comments yet.