Title: Ekommertsi lahenduste turvamudelid
1E-kommertsi lahenduste turvamudelid
- Enn Õunapuu
- Tallinn Technical University
- enn_at_cc.ttu.ee
- 372 050 97720
2(No Transcript)
3Designing an Authentication and Authorization
Strategy The following steps identify a process
that will help you develop an authentication and
authorization strategy for your application 1.
Identify resources 2. Choose an authorization
strategy 3. Choose the identities used for
resource access 4. Consider identity flow 5.
Choose an authentication approach 6. Decide how
to flow identity
4Identify Resources Identify resources that your
application needs to expose to clients. Typical
resources include Web Server resources such as
Web pages, Web services, static resources (HTML
pages and images). Database resources such as
per-user data or application-wide data. Network
resources such as remote file system resources
and data from directory stores such as Active
Directory. You must also identify the system
resources that your application needs to
access. This is in contrast to resources that are
exposed to clients. Examples of system resources
include the registry, event logs, and
configuration files.
5Choose an Authorization Strategy The two basic
authorization strategies are Role based. Access
to operations (typically methods) is secured
based on the role membership of the caller. Roles
are used to partition your applications user
base into sets of users that share the same
security privileges within the application for
example, Senior Managers, Managers and Employees
.Users are mapped to roles and if the user is
authorized to perform the requested operation,
the application uses fixed identities with which
to access resources. These identities are trusted
by the respective resource managers (for example,
databases, the file system, and so on).
6 Resource based. Individual resources are secured
using Windows ACLs. The application impersonates
the caller prior to accessing resources, which
allows the operating system to perform standard
access checks. All resource access is performed
using the original callers security context.
This impersonation approach severely impacts
application scalability, because it means that
connection pooling cannot be used effectively
within the applications middle tier.
7Choose an Authentication Approach Two key factors
that influence the choice of authentication
approach are first and foremost the nature of
your applications user base (what types of
browsers are they using and do they have Windows
accounts), and secondly your applications
impersonation/delegation and auditing
requirements.
8Decide How to Flow Identity You can flow identity
(to provide security context) at the application
level or you can flow identity and security
context at the operating system level. To flow
identity at the application level, use method and
stored procedure parameters. Application identity
flow supports Per-user data retrieval using
trusted query parameters SELECT x,y FROM
SomeTable WHERE username"bob" Custom auditing
within any application tier Operating system
identity flow supports Platform level auditing
(for example, Windows auditing and SQL Server
auditing) Per-user authorization based on
Windows identities
9Secure communication
Secure communication provides the following two
features Privacy. Privacy is concerned with
ensuring that data remains private and
confidential, and cannot be viewed by
eavesdroppers who may be armed with network
monitoring software. Privacy is usually provided
by means of encryption. Integrity. Secure
communication channels must also ensure that data
is protected from accidental or deliberate
(malicious) modification while in transit.
Integrity is usually provided by using Message
Authentication Codes (MACs).
10 Secure Sockets Layer / Transport Layer Security
(SSL/TLS). This is most commonly used to secure
the channel between a browser and Web server.
However, it can also be used to secure Web
service messages and communications to and from a
database server running Microsoft SQL Server
2000. Internet Protocol Security (IPSec). IPSec
provides a transport level secure communication
solution and can be used to secure the data sent
between two computers for example, an
application server and a database server. Remote
Procedure Call (RPC) Encryption. The RPC protocol
used by Distributed COM (DCOM) provides an
authentication level (packet privacy) that
results in the encryption of every packet of data
sent between client and server.
11(No Transcript)
12Using SSL When you use SSL you should be aware of
the following When SSL is applied, the client
uses the HTTPS protocol (and specifies an
https// URL) and the server listens on TCP port
443. You should monitor your applications
performance when you enable SSL. SSL uses complex
cryptographic functions to encrypt and decrypt
data and as a result impacts the performance of
your application. The largest performance hit
occurs during the initial handshake, where
asymmetric public/private-key encryption is used.
Subsequently (after a secure session key is
generated and exchanged), faster, symmetric
encryption is used to encrypt application data.
You should optimize pages that use SSL by
including less text and simple graphics in those
pages.
13(No Transcript)
14Web Service Security Model Web service security
can be applied at three levels
Platform/transport level (point-to-point)
security Application level (custom) security
Message level (end-to-end) security
15(No Transcript)
16Application Level Security With this approach,
the application takes over security and uses
custom security features. For example An
application can use a custom SOAP header to pass
user credentials to authenticate the user with
each Web service request. A common approach is to
pass a ticket (or user name or license) in the
SOAP header. The application has the flexibility
to generate its own IPrincipal object that
contains roles. This might be a custom class or
the GenericPrincipal class provided by the .NET
Framework. The application can selectively
encrypt what it needs to, although this requires
secure key storage and developers must have
knowledge of the relevant cryptography APIs.
17(No Transcript)
18