Is the future Web More Secure ?

Distractions and Solutions of old and new-old security issues and measures

Index
Abstract Introduction Security Challenges Available Counter-Measures Signs of Paradigmatic Shift Conclusions

Abstract

The nostalgics observed a parallel between the emerging paradigm of cloud computing and the traditional time-sharing era, depicting clouds as the modern reincarnation of mainframes available on a pay-per-use basis, and equipped with virtual, elastic, disks-as-a-service that replace the old physical disks with quotas. This comparison is fascinating, but more importantly, it prepares the ground for constructive critiques regarding the security of such a computing paradigm and, especially, one of its key components: web services. This paper discusses position about the current countermeasures (e.g., intrusion detection systems, anti-malware), developed to mitigate well-known web security threats. Keywords- Security. Web Services. Cloud Computing.

Introduction
According to their definitions, cloud computing enables organizations to run web applications (often referred to as services) on a pay-as-you-go basis on top of reliable, highly-available, scalable software and hardware infrastructures referred to as clouds. This is also, in general, the widespread perception shared by users and developers. In some sense, clouds can be seen as modern, large mainframes [30] with virtually infinite resources, and the term cloud computing refers to the use of such resources to deliver web services.

While clouds and services unquestionably offer sophisticated and flexible deployment platforms, they still run pieces of software, which can be just as insecure as any piece of software running on traditional environments For instance: Google AppEngine suffered a blackout" because of a programming error In environments characterized by distraction and lack of solid understanding, it is clearly very difficult to reason about security threats1. It is however important to recall that the Web is not a safe place, with more than 97,500 known web application vulnerabilities disclosed in 2009 and more than 350 million sensitive records involved in security breaches in the United States since 2005. Moreover, less than one year ago, the number of entries in the Google Safe Browsing Malware List has doubled between June 2008 and August 2009.

Security Challenges
Security challenges are divided into two groups : 1.Challenges with Immediate impact . 2.Challlenges with delayed impact .

Challenges with immediate impact

In particular, given the amount of data shared across these infrastructures, data confidentiality, trust relationships and shared reputation are concerning issues. Effective measures to protect data confidentiality: One the solutions would be to encryption. Although homomorphic encryption can be exploited for limiting decryptions and re-encryptions when data needs to be transformed, in its current stage this solution requires significant efforts to be adopted in high-speed, real-world deployments. Encryption is not straightforward when data is distributed . It has low acceptance rate and more importantly, raises the issue of data property.

 Effective measures to protect Shared Resources : Solution to the shared resources would be the cloud A cloud instance is nothing more than an advanced and very well managed virtual machine hypervisor (and a web service is basically a sophisticated and well managed web application instance). Vulnerabilities in VMware have grown 35 times between 1999 and 2007.

Challenges in Delayed impact

Debugging and auditing in large-scale, distributed systems unavoidably affect the foundations of secure software development. Although their impact may be delayed, and no incidents can be attributed directly to them as of now, we believe that these obstacles will influence significantly the security of the software developed for, or deployed onto, modern computing infrastructures. Debugging in a large distributed systems : Programmers know how to pinpoint and solve software flaws using debuggers, which allow to precisely track the execution of even complex, multi-threaded processes and inspect the memory content. This routine task turns out to be a challenging research problem in the case of distributed applications. Besides the intrinsic difficulties that programmers have to face, i.e., understanding what is \the memory", or the process state", debugging tools devised for large-scale distributed systems are quite obtrusive (e.g., they require code annotation).

Audability: When disasters occur, reconstructing a picture" of the system's status is vital. From a purely forensic point of view, monitoring and keeping track of a system's activity is as important as debugging. Unfortunately, this might in turn be very difficult in largescale, service-based systems, since data and processes are distributed rather than contained within well-defined boundaries. Even simple tasks such as collecting logs are naturally more challenging when applications are distributed and provided by different sources (e.g., mash-ups).

Available Countermeasures
Protection for existing systems often revolves around the use of detection and prevention mechanisms, which nowadays are quite sophisticated . The Intrusion Detection System (IDS) described in models the normal characteristics of benign interactions between clients and the server-side applications at the HTTP layer. This system can effectively detect, for instance, code-injection attacks, which are visible into HTTP parameters. A similar system, further develops client-side protection measures and, in addition, can detect attacks against the database tier by profiling benign queries to recognize suspicious ones. These systems are said to be application-aware, because the knowledge they leverage is specific to the application layer protocol (e.g., HTTP). A very effective technique to detect misbehaving processes consists in modeling the data passed to system calls and extracting some representative characteristics of the Control Flow Graph (CFG).

Signs of paradigmatic shift.

This section is divided into two sections : The changes in the networking aspect of computing caused by service orientation and cloud computing. The cloud computing paradigm is impacting the way applications are constructed and executed.

computing caused by service orientation and cloud computing

HTTP is the TCP :The practice of using application protocols, mainly HTTP, to encapsulate a wide spectrum of data types (e.g., binary files, streams of videos, chunks of data with well-defined semantics such as RDF) is becoming very popular. In some sense, HTTP is playing the role of a transport layer, that is, encapsulating a payload and sending it.. A simple example is the Web-DAV protocol (adopted, for instance, by the popular Google Calendar web service), which relies on HTTP to interface calendar clients and servers HTTP sits on top of a real transport layer; but since TCP is so transparent, reliable and highly-available, to some extent it can be considered as a network) layer .

 A protocol-aware IDS analyzes HTTP messages and checks for their validity with respect to normal usage of the protected web application. Let us assume that a SOAP-based authentication system (also vulnerable to injections) is employed instead of the old-fashioned, pure-HTTP web application.
POST /authenticate HTTP/1.1 Host: www.example.com Content-Type: text/xml Content-Length: ... <SOAP-ENV:Envelope xmlns:SOAPENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ... > <SOAP-ENV:Header> <h:BasicAuth xmlns:h="http://soap-authentication.org/basic /2001/10/" SOAP-ENV:mustUnderstand="1"> <Name>administrator</Name> <Password>broccoli</Password> </h:BasicAuth> </SOAP-ENV:Header> ... </SOAP-ENV:Envelope>

Complicating this example a little bit and assume that the IDS also employs a more sophisticated technique to extract the syntax of the body and encode it as a probabilistic grammar or a Markov model (a technique commonly used to detect attack vectors that alter the syntax of a string . After training on some samples, such models can calculate the likelihood of a string with respect to the grammar learned. So, for example, given the sequence of symbols into an HTTP request body, it could tell XML, JSON or plain text apart, because they contain different symbols and also their syntax is dissimilar. It is far from syntax- agnostic parser capable of extracting the real parameters (i.e., name, password) that influence the behavior of the service. Thus, analyzing the entire SOAP block with the aforesaid approach is in- sufficient to distinguish between messages that contain administrator" vs. <script src=//j.mp/xss>", because, intuitively, these values are well buried" by the extra content.

The cloud computing paradigm is impacting the way applications are

constructed and executed.

In a local system, processes originate whenever a certain program (e.g., a calendar application, an e-mail client) is executed. Basically, these programs are built upon a set of primitive functions, exposed by a certain programming language4. Cloud computing extends that model to a larger scale. Indeed, the development of applications is increasingly drifting toward the reuse of services), as opposed to the simple reuse of code.

 A simple example is shown, using a simplified graphical notation

 (a), modeled by means of the system calls they invoke. Data is passed across functions via parameters. (c) of modern applications rely on several services (e.g., parse, build, share) to perform certain tasks and to achieve a global goal. In this example, we imagine an application that parses data submitted by a user through a form, serializes it onto a remote storage and shares a link to it on a social network. (b) of the CFG can be detected with simple checks (d) when a global CFG" is altered.

 On local processes, violations of the CFG can be detected with simple checks. It is, however, more difficult to envision a similar approach to recognize violations of a global CFG". Since services are logically very similar to functions, we believe that the same techniques used to recognize bad-behaving processes may inspire new approaches to mitigate stealthy attacks against service mash-ups.

Conclusion
The stack offered by the cloud computing paradigm needs to be mapped to the well-known hardware and software stack. In principle, this would help at mapping also the patterns of the traditional security issues onto the new stack. This mapping will not, by itself, lead to a complete description of the new threats, rather, it will point out key areas to develop and refine, in a much similar way to what the periodic table did for the discovery of unknown chemical elements