Web Services Architecture and Its Specifications [Electronic resources] : Essentials for Understanding WS-* نسخه متنی

Appendix C. Common Security Attacks

Attacks against distributed systems can be divided along several axes. They can be directed against one or more of the hosts in the system or against the communication between them. Attacks can be intended to disrupt operations, obtain confidential information, or perform unauthorized actions within the system. They can attack the cryptographic and other security-focused techniques used in the system, or they can attempt to bypass them by attacking the systems and network layers below or the application layers above.

Following is a brief, nonexhaustive list of security attack classes, organized according to these axes, together with standard countermeasures for each:

Attacks on hosts Attacks on hosts include the following:

Denial-of-service (DoS) attacks disrupt host operations by overwhelming their ability to respond.

When directed at the cryptographic layer, a DoS attack usually attempts to force the host to repeatedly perform the computationally expensive public-key operations needed for certain authentication or key exchange protocols. The typical defense against such attacks is to delay public-key operations until the legitimacy of the interlocutor can be verified by less expensive means, such as symmetric cryptography or "puzzles."

DoS attacks on the underlying network layer or the overarching application layer are very difficult to prevent, particularly if the attacker has massive resources at his disposal and the traffic is indistinguishable from a "flash crowd" of legitimate traffic. Network infrastructure typically has to be deployed in a way that funnels traffic down to manageable levels.

Host confidentiality or authorization attacks attempt to compromise privacy or identity.

These attacks attempt to exploit vulnerabilities in the host software to gain control of the host. Proper security administrationsuch as installation of patches, firewall configuration, and reducing the privilege of exposed applicationsis the usual countermeasure.

Another type of attack exploits weaknesses in the system or applicationssuch as incorrectly set policies or application logic errorsthat allow for confidentiality or authorization compromises short of general host compromise. Proper security policy administration and careful application programming are the only defenses against such attacks.

"Spoofing" attacks are where an attacker attempts to obtain authorization for various actions by assuming the identity of a different, authorized party. Secure authentication protocols, properly used, can prevent spoofing, as long as both the host and the authorized party carefully guard the cryptographic secrets used for authentication.

Attacks on communication Attacks on communication include these:

DoS attacks on the network attempt to disrupt communication with a service. Like those on the host network layer, these can only really be addressed using network infrastructure means.

Attacks on the confidentiality of network communication attempt to compromise privacy on the wire.

Direct monitoring of cleartext communication can be prevented through use of encryption.

Cryptanalysis attacks can be made infeasible by sufficiently strong cryptographic algorithms, with sufficient key sizes.

Attacks on the authorization of network communication attempt to compromise identity.

Message forgery attacks, in which the attacker attempts to inject messages into a conversation, and message alteration attacks, in which the attacker modifies the messages sent in a conversation, can be prevented with message security protocols that include message authentication.

Message replay attacks, in which the attacker injects previously sent, and hence correctly authenticated, messages into a conversation can be detected and addressed through sequence numbers or the combination of timestamps and message caches.