PLoP2004_ndelessygassant0_0.doc

Base checkcontent checkcontent requestservice

Info icon This preview shows pages 16–20. Sign up to view the full content.

View Full Document Right Arrow Icon
Base checkContent checkContent requestService requestService interceptMessage() interceptMessage() authenticate authenticate authenticate authenticate authenticated authenticated checkAccess checkAccess accessGranted accessGranted accessGranted accessGranted contentChecked contentChecked authenticated authenticated checkAccess checkAccess log() log() serviceProvided serviceProvided Service Provided serviceProvided 16
Image of page 16

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Figure 8: Sequence Diagram for filtering a Client’s request with Authentication and Signature 17
Image of page 17
d. The PolicyAuthorizationPoint authenticates the Client through its IdentityBase. This step may be avoided for each request through the use of a Session class. e. Once the Client has been authenticated and identified, the PolicyAuthorizationPoint filters the request according to the PolicyBase. The request is accepted or denied according to the defined policies. f. The contents of the message is checked . If the message contains harmful data, it is rejected. g. The Signature of the XML Document is verified. h. The firewall allows access to the service of the application and the access is logged into the XML Firewall. Alternate Flow : If the XML message is invalid, or the XML message contains harmful data, or the Client is not authenticated or no policy allows the specific Client to access the specified service, the firewall rejects the access request. If the user has already been authenticated, the Client may not be authenticated again (Single Sign-On use). If the signature is not verified, the request may be relayed, depending on the existing policies. Postcondition : The firewall has filtered the access of a Client to a service, based on the content of the message, the authentication of the Client, and the existence of a matching policy. Consequences The XML Firewall has the same advantages of the Application firewall and the following additional advantages: Provides a higher level of security than the Application Firewall for inputs which are XML documents or requests. The XML Firewall has the following (possible) liabilities: The application could affect the performance of the protected system as it is a bottleneck in the network, and as the XML content checking may create a large overhead. This can be alleviated by using multiple a multiple-agents configuration. The solution is intrusive for existing applications that already implement their own access control or their own filtering. Implementation The same architectural structures used for the Application Firewall (Reverse Proxy, Multiple Agents) can be used to deploy XML Firewalls.
Image of page 18

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Known Uses This model is used in several commercial products, such as Reactivity’s XML Firewall [Rea03], Vordel’s XML Security Server [Vor03], Westbridge’s XML Message Server [Wes03], Netegrity’s TransactionMinder [Net03], DataPower’s Security Gateway[] and Forum Systems Xwall [For04]..
Image of page 19
Image of page 20
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern