WebGuard

	WebGuard

The web services have become a critical part of our computing infrastructure, even our everyday life. Many application servers, script language, toolkits and modules have been proposed to facilitate the quick construction of web services, for example AOLServer, Apache, IIS, Tcl, PhP, ASP. The number of web sites around the world increases exponentially, doubling roughly every six months. Yet, this modular component approach fails to address security, a critical cross-cutting concern in web services design. Usually, the web programmers need to consider what security checks are appropriate and implement them manually in site-specific code. However, this is highly error-prone. The security policies and the implementations change frequently. Keeping the two up to date and matched with each other is operationally difficult, and omission of a check might result in a security breach. Our goal in WebGuard is to provide an approach to formally specify security policies and enforce them automatically on web services implementations.

An automated mechanism for security enforcement on web services include the following properties:

Secure: The reference monitor implemented by the automatic enforcement engine must correctly implement a give policy.
Automatic: Security enforcement should not depend on manual implementation by web programmers.
General purpose: The language to express security policies should be sufficient enough to express the common security concerns for web services.
Portable: The security enforcement mechanism should support various different web service platforms.
Backwards compatible: Existing web service implementation should not need to be modified to incorporate the new automatic tool.
Performance: The latency overhead of automatic security enforcement should be comparable to manual code.

WebGuard is a mechanism for security enforcement on web services that exhibits these properties. There are three contribution by WebGuard: (1) it separates the high-level security policy from the implementation. (2) it provides a general and versatile access control model for web services according to our domain-specific language. (3) it demonstrates the overhead for automatically generated security enforcement can be low.

*Selections for Cornell only*
WebGuard Overview	Brief overview of WebGuard.
Paper Trail	Project Reports, Talks, Papers, etc.
Related Work	Related projects, papers.
Project Members	Who we are.
WebGuard Projects	Projects that could lead to an A-exam, a Masters degree, a funded RAship position, or undergraduate project credit.

WebGuard

Computer Science Department Cornell University

Computer Science Department
Cornell University