Automatically generating security policies for web services

US 7,559,080 B2
Filed: 12/29/2004
Issued: 07/07/2009
Est. Priority Date: 05/04/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

describing one or more links between one or more endpoints with an abstract link description such that, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link are described, the one or more endpoints hosting respective principals networked in a distributed operating environment;

automatically generating, from the abstract link description, detailed security policies for enforcement during exchange of messages between the one or more endpoints; and

in response to a request for a communication between a first endpoint of the one or more endpoints and a second endpoint of the one or more endpoints, the first endpoint and the second endpoint being Simple Object Access Protocol (SOAP) processors;

automatically generating a model from the detailed security policies,automatically evaluating the model to determine whether the detailed security policies are secure in a distributed operating environment,allowing the communication when the detailed security policies are secure in the distributed operating environment, anddenying the communication and outputting a counterexample when the detailed security policies are not secure in the distributed operating environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for automatically generating security policy for a web service are described. In one aspect, one or more links between one or more endpoints are described with an abstract link description. The abstract link description describes, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link. The one or more endpoints host respective principals networked in a distributed operating environment. Detailed security policies for enforcement during exchange of messages between the one or more endpoints are automatically generated from the abstract link description.

74 Citations

View as Search Results

18 Claims

1. A computer-implemented method comprising:
- describing one or more links between one or more endpoints with an abstract link description such that, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link are described, the one or more endpoints hosting respective principals networked in a distributed operating environment;
  
  automatically generating, from the abstract link description, detailed security policies for enforcement during exchange of messages between the one or more endpoints; and
  
  in response to a request for a communication between a first endpoint of the one or more endpoints and a second endpoint of the one or more endpoints, the first endpoint and the second endpoint being Simple Object Access Protocol (SOAP) processors;
  
  automatically generating a model from the detailed security policies,automatically evaluating the model to determine whether the detailed security policies are secure in a distributed operating environment,allowing the communication when the detailed security policies are secure in the distributed operating environment, anddenying the communication and outputting a counterexample when the detailed security policies are not secure in the distributed operating environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A computer-implemented method as recited in claim 1, where the detailed security policies are specified in configuration data for the one or more endpoints.
  - 3. A computer implemented method as recited in claim 1, wherein a link of the links indicates one or more of a URI of a web service, a set of allowed actions, a set of name(s) of endpoints that can act as client(s) or as web service(s), and a set of secrecy level(s) of one or more messages exchanged between endpoints in one or more sessions.
  - 4. A computer-implemented method as recited in claim 1, wherein the endpoints comprise a client and a server.
  - 5. A computer-implemented method as recited in claim 1, wherein the abstract link description is fixed, randomly generated, or hand written.
  - 6. A computer-implemented method as recited in claim 1, wherein the abstract link description describes one or more of the following:
    - message authentication, confidentiality, anonymity, correlation of request and reply, trust relationship between principals, protection against replayed messages, intended authentication mechanism, and composition of links to form a high-level application configuration.
  - 7. A computer-implemented method as recited in claim 1, wherein the security goals comprise an indication that one or more messages for exchange between the one or more endpoints are signed, encrypted, or have one or more associated signatures that in combination authenticate one or more respective principals.
  - 8. A computer-implemented method as recited in claim 1, wherein an authenticity goal of the security goals indicates that a service principal only accept a request message sent by a client principal or that a client principal only accept a response message from a service principal.
  - 9. A computer-implemented method as recited in claim 1, wherein a secrecy goal of the security goals indicates that a part of messages associated with a link of the links is to be kept secret from any principal that does not participate in the link.
  - 10. A computer-implemented method as recited in claim 1, wherein the detailed security policies comprises non-automatically generated security policies and automatically generated security policies.
  - 11. A computer-implemented method as recited in claim 1, wherein the detailed security policies indicate one or more of the following:
    - a trust relationship between endpoints, a service supported by an endpoint of the one or more endpoints, an action supported by an endpoint of the one or more endpoints.
  - 12. A computer-implemented method as recited in claim 1, wherein at least a subset of the detailed security policies for an endpoint of the one or more endpoints indicates configuration of a server for one or more services and actions, the configuration comprising one or more of a receive request policy and a send response policy.
  - 13. A computer-implemented method as recited in claim 1, wherein at least a subset of the detailed security policies for an endpoint of the one or more endpoints indicates configuration of a client for one or more service or action, the configuration comprising one or more of a send request policy and a receive response policy.
  - 14. A computer-implemented method as recited in claim 1, wherein automatically generating the detailed security policies further comprises selecting cryptographic algorithms for security policy configurations.
  - 15. A computer-implemented method as recited in claim 1, wherein automatically generating further comprises inserting one or more hints into the detailed security policies to assist a theorem proving or type checking operation.
  - 16. A computer-implemented method as recited in claim 1, and further comprising:
    - evaluating the model to determine if the detailed security policies meet a security goal of the abstract link description.
  - 17. A computer-implemented method as recited in claim 1, wherein the detailed security policies are associated with original security goals, wherein the detailed security policies have been edited to generate modified detailed security policies, and wherein the method further comprises:
    - generating a model from the modified detailed security policies; and
      
      checking the model to determine if the original security goals are maintained in view of the modified detailed security policies.

18. A computer storage medium comprising computer program instructions executable by a processor for:
- describing one or more links between one or more endpoints with an abstract link description such that, for each link of the one or more links, one or more security goals associated with exchange of message(s) between the one or more endpoints associated with the link are described, the one or more endpoints hosting respective principals networked in a distributed operating environment;
  
  automatically generating, from the abstract link description, detailed security policies for enforcement during exchange of messages between the one or more endpoints; and
  
  in response to a request for a communication between a first endpoint of the one or more endpoints and a second endpoint of the one or more endpoints, the first endpoint and the second endpoint being Simple Object Access Protocol (SOAP) processors;
  
  automatically generating a model from the detailed security policies,automatically evaluating the model to determine whether the detailed security policies are secure in a distributed operating environment,allowing the communication when the detailed security policies are secure in the distributed operating environment, anddenying the communication and outputting a counterexample when the detailed security policies are not secure in the distributed operating environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bhargavan, Karthikeyan, Gordon, Andrew Donald, Kaler, Christopher G., Fournet, Cedric
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/025,375
Publication Number

US 20050251853A1
Time in Patent Office

1,651 Days
Field of Search

726/1, 713/151, 713/152, 713/160, 713/168, 713/169, 713/180, 713/181
US Class Current

726/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/12   Applying verification of th...

H04L 63/20   for managing network securi...

Automatically generating security policies for web services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

74 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automatically generating security policies for web services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links