 |
WebGuard OVERVIEW |
|---|
|
WebGuard OVERVIEW |
|---|
The mechanism we propose for enforcing security on web services has three major components: security policies, enforcement engine and the automatically generated code for security enforcement. The web developers only need to express the security rules they wish to enforce in our WebGuard security language, which is loosely based on temporal logic. Then the enforcement engine, which is a code generator, will read in these rules and platform specification library according to different targeted platform. With the two input, the enforcement engine generates site and platform specific security enforcement code. The generated code is integrated into the web, usually as prologue or epilogue. The security rules are independent of the specific platform, so it's portable across different platforms. Also this mechanism only involves modification on the server side and there is no requirement for the client browsers.
To define security policies, we give a domain-specific, special-purpose language. Our language borrows features from temporal logic, so it can concisely capture sequence dependencies, which is a common feature in web services. There are three kinds of access control specification: predicate rules, sequencing rules and implication rules. Predicate rules specify the condition that must be satisfied before perform the action. Sequencing rules are used to express the temporal dependencies on user's action in the past. Implication rules are used to specify what must be done as a consequence of this action. The action here can be a general URL request from client, or the execution of a server-side script.
The enforcement engine is responsible to automatically convert the security rules into platform and site specific access control code. This process is somehow like a compiler. The security rules are parsed into abstract syntax tree (AST) first, and then translate this AST into real code specific to targeted platform. We provide different library for different platform, which enables this mechanism portable across platforms.
All the generated code by the enforcement engine operates in the prologue and epilogue code for web services, and we keep the session or user related information in the backend database. All the security checks and state management occur at the entry or exit of web service invocations. So they can be integrated into the the site without parsing the site-specific code and merging into the implementation. This will bring some overhead because it might re-extract and re-calculate some values which are need in the site-specific code, but our experiment shows it won't adversely affect the performance of the web services.
In summary, WebGuard can automatically generate security enforcement code according the security rules specified by the web developers, which reduces the burden of the web programmers and make it less error-prone. Also, it's efficient with little overhead, and portable over platforms. We hope WebGuard can lead to quicker, cheaper and more secure web development.
