Munawar Hafiz

A collection of privacy design patterns

The growth in computing power has enabled the storage and analysis of large volumes of data. Monitoring the Internet access profiles of millions of users has become feasible and also economically lucrative. The interesting thing here is that it is not only the crooks who are interested in privacy intrusion, but government agencies also have vested interest in profiling the population mass. This paper describes 4 design patterns that can aide the decision making process for the designers of privacy protecting systems. These design patterns are applicable to the design of anonymity systems for various types of online communication, online data sharing, location monitoring, voting and electronic cash management.

REST and Web Services: In Theory and in Practice

There are two competing architectural styles employed for building Web services: RESTful services and services based on the WS– ∗ standards (also known as “SOAP Web services”). These two styles have separate follower bases, but many differences between them are ideological rather than factual. In order to promote the healthy growth of Web services research and practice, it is important to distinguish arguments for implementation practices over abstract concepts represented by these styles, carefully evaluating the respective advantages of RESTful and WS– ∗ Web services. Understanding these distinctions is especially critical for the development of enterprise systems, because in this domain, tool vendors have preferred WS– ∗ services to the neglect of RESTful solutions. This chapter evaluates some of the key questions regarding the real and perceived distinctions between these two styles of Web services. It analyzes how the current tools for building RESTful Web services embody the principles of REST. Finally, it presents select open research questions to further the growth of RESTful Web services.

Multiple design patterns for voice over IP (VoIP) security

Design patterns capture software solutions to specific problems that have evolved over time and reflect many iterations of work. Documenting such patterns promotes proven design and software reuse. There has been a growing amount of work documenting design patterns for security, however, little work specific to VoIP security. In 2005 NIST released a report on recommendations and best practices for securing VoIP, however it lacks the structure, terminology, and ease-of-understanding needed for both technical and non-technical audiences that is an inherent feature of design patterns. In this paper, we document three design patterns for VoIP implementations related to specific security problems: (1) secure traversal of firewalls and NATs; (2) detecting and mitigating DDoS attacks; and (3) securing against eavesdropping. With many VoIP vendors rushing products to market with overlapping functionality and requirements for interoperability, documenting design patterns is poised to become an important part of secure programming processes for VoIP

Systematically Eradicating Data Injection Attacks Using Security-Oriented Program Transformations

Injection attacks and their defense require a lot of creativity from attackers and secure system developers. Unfortunately, as attackers rely increasingly on systematic approaches to find and exploit a vulnerability, developers follow the traditional way of writing ad hoc checks in source code. This paper shows that security engineering to prevent injection attacks need not be ad hoc. It shows that protection can be introduced at different layers of a system by systematically applying general purpose security-oriented program transformations. These program transformations are automated so that they can be applied to new systems at design and implementation stages, and to existing ones during maintenance.

Improving perimeter security with security-oriented program transformations

A security-oriented program transformation maps programs to security-augmented programs, i.e. it introduces a protection mechanism to make programs more secure. Our previous work defined security-oriented program transformations [6], introduced a catalog of transformations [8], and showed how program transformations could be applied to systematically eradicate various types of data injection attacks [9]. This paper shows how security-oriented program transformations could be used to improve the security of a systems perimeter by introducing authentication, authorization and input validation components. The program transformation examples in this paper are JAVA specific, but the transformations could be implemented to use other authentication and authorization frameworks.

Security oriented program transformations (or how to add security on demand)

Security requirements change. Many systems fail to cope with the changing requirements because it is hard to redesign. I show that security can be added by applying program transformations. This improves traditional security engineering approaches and keeps software secure in the face of new security threats.

Security patterns and evolution of MTA architecture

In this paper, we describe the evolution of architecture of Mail Transfer Agents(MTA). We consider the design of MTA as a sequence of design decisions [10]. Many of the design decisions are examples of security patterns. Thus, this paper is another example of how patterns generate architecture [5].

Modeling user interactions for (fun and) profit: preventing request forgery attacks on web applications

The goal of a web-request forgery attacker is to manipulate the intended workflow of a web application. Applications that fail to enforce the designer-intended interactions are vulnerable to this type of attack. This paper proposes a systematic methodology for designing web applications to strictly enforce the designer-intended interactions. Our approach captures workflow using the Web DFA model and applies four design patterns to strictly enforce the intended interactions. We argue that using patterns in conjunction with a Web DFA model produces web applications that are secure from request forgery attacks by construction; more-over, our mechanism could be useful in designing workflow-based applications in other domains.

A security oriented program transformation to "add on" policies to prevent injection attacks

Topping the list of the most prominent attacks on applications [6] are various types of injection attacks. Malicious inputs that cause injection attacks are numerous; programmers fail to write checks for all attack patterns. We define a program transformation that allows a programmer to think in terms of rectification policies and automatically add these policies to convert unsafe data inputs to safe inputs. The security oriented program transformation applies to all classes of injection attacks, easing the burden of programmers who would otherwise have to manually write checks.

AMPol: Adaptive Messaging Policy

Interoperability in a large-scale distributed system is challenged by the diversity of node policies. We introduce AMPol (adaptive messaging policy), a service-oriented architecture that facilitates policy-aware, end-to-end adaptive messaging between multiple parties. AMPol provides services for expressing non-functional QoS policies, finding them, and carrying out system extensions to adapt to them. We implement this approach with a Web service middleware that allows parties to use policies for features like attachments, payment, encryption, and signatures. Our implementation demonstrates how AMPol can enhance the function of email messaging by enabling automatic deployment and use of features like cycle exhaustion puzzles, reverse Turing tests and identity based encryption without the need for global deployment or changes to the baseline messaging system