Microservices Expo Authors: Liz McMillan, Pat Romanski, Carmen Gonzalez, Elizabeth White, Jason Bloomberg

Related Topics: Microservices Expo, Cloud Security

Microservices Expo: Article

Security Gotchas at the System Architecture Level Excerpted from Mastering Web Services Security

Security Gotchas at the System Architecture Level Excerpted from Mastering Web Services Security

(Web Services may have great potential, but they also have a huge problem: they are too open, according to the authors of Mastering Web Services Security. Security will be one of the hardest parts of implementing Web services, because these distributed systems encompass many different security products and solutions that don't work together. The following book excerpt offers important considerations in planning security.)

In addition to paying attention to the way your security service provider implements and secures the underlying services, you should pay attention to the overall operation of the security service as a whole. The two main system areas that can be severely affected by the addition of security are scaling and performance.

The security solutions for distributed systems usually employ a security policy server to handle requests for authentication, authorization, and audit policies. Let's take a look at what a security policy server is expected to do and why it can be a critical item in affecting the scaling capabilities of your system. There are two competing principles at work. On one hand you want to be able to centrally administer your security data. On the other hand, funneling all the maintenance and requests through one server, especially for large highly interactive companies like ePortal and eBusiness, can put an extreme load on that one server to say nothing of the single point of failure that a lone security policy server would impose on the system. Another aspect is the geographic distribution of the system in which you would want security policy servers geographically distributed. The latter two requirements point to multiple security policy servers, whereas the first is most easily satisfied by a single security policy server.

One way for multiple security policy servers to act as a central point of administration is for them to be stateless or to support very little state, which can be coordinated between the different security policy servers. A second requirement of multiple security policy servers is that maintenance be coordinated. For example, when our system administrator in London wants to update the same policy that our system administrator in New York wants to update, the security system should handle the multiple steps of a policy update from the two administrators as a separate, atomic update for each administrator. Because this could wind up in a last update wins situation, there needs to be notification of the updates between the distributed authorities.

The solutions to this class of problems are known, but they are not easy to implement. Therefore, this is another area that you should look at closely; that is, how your security provider has implemented solutions to this scaling problem.

Another potential scaling problem for a heavily distributed system is key management, which is how the system stores and retrieves the cryptographic keys needed for encryption and integrity. There are commercial systems that your security provider can use such as those from RSA, Entrust, Verisign, and Baltimore Technologies. Performance

When discussing performance, the phrase that comes to mind is, "There's no free lunch." In order to have effective security in a distributed system, work has to be done by the system, which means computing time. Once again, risk management comes into the picture. The tighter and more fine-grained you want the security to be, the bigger the performance hit.

For the same level of security, there are a number of factors that can effect the performance of the security system. Some of these include:

  • Encryption algorithms
  • Underlying transport
  • Policy granularity
  • Caching
As discussed in Chapter 3, there are two types of encryption: public key and secret key. Secret key encryption is much faster than public key encryption, but secret keys do not scale as well as public keys. In each of these encryption types, different algorithms have different performance characteristics. When encrypting large amounts of data, implementations usually exchange a secret key using a public key to protect the key exchange. The details of encryption are too arcane for most, so our suggestion is to look at the performance numbers for the systems under consideration and compare them with other systems.

The implementation of the underlying application platform transport is another mechanism that can seriously affect performance because the security system itself is distributed and uses the transport to do its work and get the data it needs.

The more fine-grained the policy, the more work the security system must do and thus the slower the performance. This is a trade-off that you can use when designing your overall security system. For example, in some cases performing authorization at the application level is appropriate, whereas in other cases authorization at the interface or even method is required for adequate security.

Caching can boost performance by orders of magnitude if it is well integrated into a security service. For example, an access decision could entail multiple trips to the security policy server and from there to the persistent store for each piece of data. This offers multiple opportunities for caching the data to improve performance. However, caching can cause a security problem if not done properly. For example, if a break-in is discovered, you will want to flush the cache or that party or parties will continue to have access until the cache times out. If your provider has not implemented an emergency cache flush, you will have to bring your whole system down to remove the cached values. Another problem with a badly designed caching system is the lack of control over the timing of updates to the security data values. Has your provider given you the ability to control the updates to the cache?

In the end, what you, the user of a security service, are concerned with is the overall performance in your environment. It's the job of the security provider to balance the performance of the system against the functionality of the security. It's your job to assess the overall performance of the system. However, the security and system trade-offs in the various parts of the system make the subject of performance highly complex. Therefore, be sure that the performance characteristics that you examine match the type of work that your system will be asked to do. A performance number that measures the performance of calling the same method 100,000 times is not very useful if your system does separate method calls to a large number of methods with very little repetition.

Finally, it is best to get performance numbers from a third party. However, these are hard to get, so you will probably have to do your own comparative performance tests. There is a need for companies that perform independent security performance tests of distributed application server environments, and we expect to see them entering the industry market soon.

Excerpted from Mastering Web Services Security, by Bret Hartman, Donald Flinn, Konstantin Beznosov, & Shirley Kawamoto. Published by Quadrasis, 1/31/2003. ISBN: 0-471-26716-3. 464 pages, $40.00. For more information on Quadrasis, visit www.quadrasis.com.

Bret Hartman is a well-known expert on security of component systems, Chief Technology Officer at Quadrasis (a business unit of Hitachi).

Donald Flinn is a security architect at Quadrasis and an active member of the SAML working group of OASIS, which defines XML and Web services security.

Konstantin Beznosov is also a security architect at Quadrasis and a former co-chair of the OMG Security SIG.

Shirley Kawamoto is a principal security architect at Quadrasis, specializing in cryptography.

More Stories By Bret Hartman

Bret Hartman, VP of Technology Solutions at DataPower, has more than 23 years of experience in information security and secure systems development. His expertise includes Web Services security, distributed component security, policy development and management, and security modeling and analysis. Bret is a nationally recognized expert on distributed systems security; and he is a book author, regular speaker, and panelist on a variety of secure distributed system topics.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Microservices Articles
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...
"NetApp's vision is how we help organizations manage data - delivering the right data in the right place, in the right time, to the people who need it, and doing it agnostic to what the platform is," explained Josh Atwell, Developer Advocate for NetApp, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, will discuss why containers should be paired with new architectural practices such as microservices ra...
In his session at 20th Cloud Expo, Scott Davis, CTO of Embotics, discussed how automation can provide the dynamic management required to cost-effectively deliver microservices and container solutions at scale. He also discussed how flexible automation is the key to effectively bridging and seamlessly coordinating both IT and developer needs for component orchestration across disparate clouds – an increasingly important requirement at today’s multi-cloud enterprise.
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin, ...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm. In their Day 3 Keynote at 20th Cloud Expo, Chris Brown, a Solutions Marketing Manager at Nutanix, and Mark Lav...
Many organizations are now looking to DevOps maturity models to gauge their DevOps adoption and compare their maturity to their peers. However, as enterprise organizations rush to adopt DevOps, moving past experimentation to embrace it at scale, they are in danger of falling into the trap that they have fallen into time and time again. Unfortunately, we've seen this movie before, and we know how it ends: badly.
TCP (Transmission Control Protocol) is a common and reliable transmission protocol on the Internet. TCP was introduced in the 70s by Stanford University for US Defense to establish connectivity between distributed systems to maintain a backup of defense information. At the time, TCP was introduced to communicate amongst a selected set of devices for a smaller dataset over shorter distances. As the Internet evolved, however, the number of applications and users, and the types of data accessed and...