Lenin Singaravelu, Jinpeng Wei, Calton Pu,
A Secure Middleware Architecture for Web Services
Current web service platforms (WSPs) often perform all web services-related processing, including security-sensitive information handling, in
the same protection domain. Consequently, the entire WSP may have access to security-sensitive information such as credit card numbers,
forcing us to trust a large and complex piece of software. To address this problem, we propose ISO-WSP, a new middleware architecture that
decomposes current WSPs into two parts executing in separate protection domains: (1) a small trusted T-WSP to handle security-sensitive data,
and (2) a large, legacy untrusted U-WSP that provides the normal WSP functionality, but uses the T-WSP for security-sensitive data handling.
By restricting security-sensitive data access to T-WSP, ISO-WSP reduces the software complexity of trusted code, thereby improving the
testability of ISO-WSP. To achieve end-to-end security, the application code is also decomposed into two parts, isolating a small trusted
part from the remaining untrusted code. The trusted part encapsulates all accesses to security-sensitive data through a Secure Functional Interface (SFI).
To ease the migration of legacy applications to ISO-WSP, we developed tools to translate direct manipulations of security-sensitive data by
the untrusted part into SFI invocations. Using a prototype implementation based on the Apache Axis2 WSP, we show that ISO-WSP reduces
software complexity of trusted components by a factor of five, while incurring a modest performance overhead of few milliseconds per request.
We also show that existing applications can be migrated to run on ISO-WSP with minimal effort: a few tens of lines of new and modified code.