6.1 SOA and Web Service 安全

  • SOA Layered Architecture
  • Presentation Stack : Provide meaning to information going across network.
  • Security Stack : Provide security to information embedded in XML format
  • Discovery Stack : Provide information about the location of Web services to Web services users
  • Access Stack : Provide the means and tools for accessing various Web service oe SOA
  • Transport Stack : Provide a way to share and transport information from one part of the network with another

 

  • SOA threat Framework
  • Layer 1: Web Services in Transit
  • •In Transit Sniffing or Spoofing
      ex.用Wireshark來sniffing(監聽)
    •WS-routing Security Concern
      在程式中間加入SOAP的指令讓特定的人知道,容易造成MITM(man-in-the-middle)的attack
      MITM:就是對receiver假冒sender
                    對sender假冒receiver
    •Replay attacks

  
        Layer 2: Web Services Engine(系統or應用)

  • •Buffer overflow
      造成程式容易當掉
    •XML parsing(解析) attacks
      Web services沒辦法解析XML的架構,而造成駭客的攻擊
    •Spoiling(搞壞) schema/DTD
    •Complex or recursive structure as payload
      schema或DTD沒有寫好,而使得long loop and DoS,造成payload增加,而系統shutdown
    •Denial of services (CPU usage)
    •Large payload
    •Specially crafted requests
      Inject some code in an HTTP header or XML body 

        Layer 3: Web Services Deployment

  • •Fault code leaks
      產生出Error Message
    •Permissions and access issues
      Access control要做好
      Access control就是作為"使用者"和"資源"的橋梁
    •Poor policies
      代理的權限要做好管理
    •Customized error leakage
      為了讓使用者有更大的彈性可以使用程式,便把使用者的更改限制縮小,而造成使用者因對程式的不熟悉,讓informantion被揭露出來
    •Authentication and certification=>OpenID, OAuth
      ID/Password的重要性
      有些ID/Password是透過pass或dictionary的方式來取得,進入系統;也有可能從後方直接進入

         Layer 4: Web Services User Code:Threats and Attacks

  • •Parameter tampering(最多)
      用不同的參數放進去,去得到一些資料
    •WSDL probing
      WSDLu也是一個web service的schema,而開發者不該讓他暴露在網路上
    •SQL/LDAP/XPATH/OS command injection
    •Virus/spyware/malware injection
    •Brute force
      使用Dictionary attack來get id/password
    •Data type mismatch
      被hacker發現Error string
    •Content spoofing
    •Session tampering/hijacking
    •Format string
    •Information leakage
    •Authorization (Access Control Mechanism)
Attachment大小
Image icon SOA Layered Architecture.jpg27.29 KB
Image icon Threat Framework.jpg59.88 KB