... designed by the team of Prof. Dr. Christoph Meinel

SOA-Security Lab

1^st Place of the 2010 IEEE International Services Cup

Our Motivation

Creating secure Web Service-based composed applications is challanging due to the complexity of the WS-* specifications and the multitude of security specifications. On a technical layer, security services requires

Plenty of configurations
Strong security knowledge
Complex Security Configurations

Our Solution

The SOA Security Lab is designed as a virtualused testing environment for service-related security concepts. Our platform comprises several layers as shown in Figure 1.

Figure 1. Layers of the SOA Security Lab

Composed applications (provided as Software as a Service) can be created using a visual modeller and are executed in virtual machines (Infrastructure as a Service). Users can integrate external services (e.g. Amazon services), use the cloud platform to execute constom services (Platform as a Service) or compose predefined services (Component as a Service).

Figure 2 shows the main components of our platform:

1.	Scenario Management:	Visual creation of components
2.	Policy Management:	Generation of security configurations
3.	Deployment Service:	Deployment and execution of applications
4.	Security Analysis:	Monitoring and analysis of security mechanisms

Figure 2. SOA Security Lab Architecture (click on the image to enlarge it)

Features

1. Visual Creation of Composed Application

Composed applications based on Web Services can be created by modelling the structure of the desired system as shown in Figure 3. In order to secure the system, security requirements such as the protection of exchanged messages, the authentication of users, or the necessary trust relationships can be modelled as well. In addition, this model is verified to ensure a proper transformation to service configuration files and policies.

Figure 3. Modeling of a secure composed application. The services require the authentication of users as well as a confidential exchange of messages.

2. Generation of Security Configurations

The Policy Management performes the transformation of the model to service configuration files and security policies (e.g WS-SecurityPolicy) that can be deployed and enforced at services and frontends used in the composed application. This information is based on security configuration patterns that provide expert knowledge to transform simple security intentions to complex security configurations. The different layers in the transformation process are shown in Figure 4. Additional information about our model-driven approach are provided here.

Figure 4. Model-driven Generation of Configuration Files

Modelling Layer: This layer is the foundation for a pattern-based transformation. System design models are enhanced with security intentions to specify security requirements.
Platform Independent Model: This layer represents a platform-independent model that describes security policies in a platform independent language.
Configuration Files: This is the technical layer which states security requirements in a deployable notation, e.g. WS-SecurityPolicy.

3. Deployment and Execution of Applications

Services, frontends and related metadata are stored in the service repository. On demand a virtual machine is created for the user to execute a modelled use case. The Scenario Management component (see Figure 5) deploys all components and configuration files related to the modelled use case. Finally, each user can eecute, analyse and test composed applications in its own isolated environment.

Figure 5. Deployment of composed applications

Figure 6. Visualising the structure of exchanged messages

4. Monitoring and Analysis of Security Mechanisms

Our platform enables users to gain insight into services and the security modules used to enforce security policies. For each service, the security modules can be visualised. The messages that passed these modules can be inspected as well. Figure 6 shows the visualisation in our platform that depicts a chain of security modules and a service request that passed this chain. The message security protocols and mechanisms used to secure this message are analysed and highlighted.

Demo

Live demo:www.soa-security-lab.de

Related Publications

Michael Menzel, Robert Warschofsky, Ivonne Thomas, Christian Willems, Christoph Meinel: The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud. Proceedings of the 2010 IEEE World Congress on Services (Services 2010), pp.115-122, (Miami, USA, Juli 2010).
Michael Menzel, Robert Warschofsky, Christoph Meinel: A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures. Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010), pp.243-250, (Miami, USA, Juli 2010).
Michael Menzel, Christoph Meinel: SecureSOA - Modelling Security Requirements for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010), pp.146-153, Miami, USA, Juli 2010.

People

Research and Development
- Prof. Dr. Christoph Meinel
- Dr. Feng Cheng
- Dipl.-Inform. Christian Willems
- Dr. Michael Menzel (ehem.)
- Dr. Ivonne Scherfenberg (ehem.)
- Robert Warschofsky (ehem.)
Student Developer
- Florian Thomas (ehem.)
- Frederik Leidloff (ehem.)

Weitere Links

... zu unseren Forschungen:
Security Engineering - Learning & Knowledge Tech - Design Thinking - früher
... zu unserer Lehre:
Tele-Lectures - MOOCs - Labore - Systeme
... zu unseren Publikationen:
Bücher - Journale - Conference-Papers - Patente
... und zu unseren Jahresberichten.

Kontakt

Du möchtest mit uns in Austausch treten, oder hast andere Fragen? Schicke uns gern eine Mail an sec-eng-webadmin(at)hpi.de

News!

Juli 2022

HPI Cybersicherheitskurse für deutsch-chinesische Sommerschule der Universität Nanjing

Das HPI unterhält seit mehr als zwei Jahrzehnten enge Beziehungen zu bekannten chinesischen Universitäten und hat bereits 2011 eine eigene HPI Research School an der Universität Nanjing eröffnet. Im Rahmen einer interdisziplinären Sommerschule der Universität Nanjng bot das HPI vom 5. bis 7. Juli 2022 speziell eine Lecture Series zum Thema Cybersicherheit an.

Juni 2022

Ankündigung: Kostenloser Onlinekurs "Tatort Internet: Auflage 2022" startet im Oktober! im Kurs stellen Prof. Dr. Ch. Meinel und das Security-Team aktuelle und grundlegende Themen der Internetsicherheit vor! Melden Sie sich bereits heute an, um den Kursstart nicht zu verpassen!

Mai 2022

openHPI-Kurs: Cloud Computing durchgeführt von Prof. Meinel, Hendrik Steinbeck und Daniel Köhler. Neben der grundlegenden Funktionsweise des Cloud-Computings und der Enabler-Technologien steigt der Kurs auch in Risiken und Verantwortungen beim CC ein.

Nachtrag: Der Kurs ist abgeschlossen, aber die Lehrinhalte sind weiterhin im Selbststudium verfügbar!

März 2022

DDoS-Angriffe: Was sie sind und wie sie funktionieren

Der Krieg zwischen Russland und der Ukraine findet nicht mehr nur im physischen Raum statt. Die Cyberkriegsführung mit Angriffen auf gegnerische Systeme spielt für beide Seiten eine wichtige Rolle. Um der Ukraine zu helfen, startete die Online-Aktivisten-Gruppe Anonymous im Februar 2022 einen Aufruf, sich an DDos-Attacken gegen Russland zu beteiligen. Im Interview erklärt Daniel Köhler, was DDoS-Attacken sind, was ihr Ziel ist und ob man gegen sie vorgehen kann.

Januar 2022

Im Januar ist eine Wiederholung unserer englischsprachigen Cybersicherheits-Reihe auf openHPI mit dem Kurs Confidential Communication in the Internet gestartet.

Werde Teil unseres Teams!

Lehre

Sommersemester 2024

Master Seminar: Emerging Technologies for Security Operations

Wintersemester 2023/44

Bachelor Seminar: Big Data Security Analytics
Master Seminar: Network Security in Practice
Master Project
- Towards Red Team Exercising

Team

Supervisor: Prof. Dr. sc. nat., Dr. rer. nat. Christoph Meinel
Head & Senior Researcher: Dr. rer. nat. Feng Cheng
PostDoc/PhD Students/Research Assistants:
- Dr.-Ing. Pejman Najafi
- Eric Klieme, M.Sc.
- Alexander Mühle, M.Sc.
- Daniel Köhler, M.Eng.
- Mehryar Majd, M.Sc.
- Farzad Motlagh, M.Sc.
- Mehrdad Hajizadeh, M.Sc. (Visiting PhD Student, TU Chemnitz)
- Dominic Schaa (Master student assistant)
- Jonas Schmitz (ongoing Master thesis)
- Lars Prepens (ongoing Master thesis)
- Lieven Leue (ongoing Master thesis)
- Mohamed Budagow (ongoing Master thesis)
External PhD Students:
- Hendrik Graupner M.Sc. (with Bundesdruckerei GmbH)
- Kennedy Torkura, M.Sc. (external, Mitigant GmbH, Potsdam)
- Kaja Schmidt, M.Sc. (with European Commision)
Former Team Members