Navegación

Búsqueda

Búsqueda avanzada

Easy security management over microservices architectures based on OpenAPI Specification

Nowadays, many developers around the world use RESTful APIs along microservices architectures. These APIs are increasingly being described using the OpenAPI Specification standard. Moreover, they usually require some level of security. However, maintaining security settings across the entire architecture can be a time-consuming task. For example, adding a new role to the application may lead to modifying the settings for each API. This approach presents various drawbacks, such as low scalability. We have found this problem while working on an institutional web page. This is why we are developing an extension for OpenAPI which allows for easier security management on microservices applications. Furthermore, the in-progress Node.js module will perform automatic validation of JSON Web Tokens. JWTs are a simple and standard way to implement access control. Using them along with the aforementioned extension will greatly reduce development time. By providing some configuration parameters, a single API or a whole infrastructure will be more secure. This will also cause bigger applications to be more scalable and easy to maintain.

Social Internet of Things: architectural approaches and challenges

Social Internet of Things takes a step forward over the traditional IoT, introducing a new paradigm that combines the concepts of social networks with the IoT, to obtain the benefits of both worlds, as in the case of Social Internet of Vehicles. With the emergence of Social Internet of Things, new challenges also arise that need to be analyzed in depth. In this article, the key architectural components and challenges that the implementation of Social Internet of Things must address have been identified through the analysis of available literature, and the architectures that have been proposed in recent years. Challenges include trustworthiness, navigability, scalability, security, and reliability of the system.

Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA

We perform an automated analysis of two devices developed by Yubico: YubiKey, designed to authenticate a user to network-based services, and YubiHSM, Yubico’s hardware security module. Both are analyzed using the Maude-NPA cryptographic protocol analyzer. Although previous work has been done applying formal tools to these devices, there has not been any completely automated analysis. This is not surprising, because both YubiKey and YubiHSM, which make use of cryptographic APIs, involve a number of complex features: (i) discrete time in the form of Lamport clocks, (ii) a mutable memory for storing previously seen keys or nonces, (iii) event-based properties that require an analysis of sequences of actions, and (iv) reasoning modulo exclusive-or. Maude-NPA has provided support for exclusive-or for years but has not provided support for the other three features, which we show can also be supported by using constraints on natural numbers, protocol composition and reasoning modulo associativity. In this work, we have been able to automatically prove security properties of YubiKey and find the known attacks on the YubiHSM, in both cases beyond the capabilities of previous work using the Tamarin Prover due to the need of auxiliary user-defined lemmas and limited support for exclusive-or. Tamarin has recently been endowed with exclusive-or and we have rewritten the original specification of YubiHSM in Tamarin to use exclusive-or, confirming that both attacks on YubiHSM can be carried out by this recent version of Tamarin.

Framework for modelling and implementing secure NoSQL document databases

The great amount of data managed by Big Data technologies have to be correctly assured in order to protect critical enterprise and personal information. Nevertheless, current security solutions for Big Data technologies such as NoSQL databases do not take into account the special characteristics of these technologies. In this paper, we focus on assuring NoSQL document databases proposing a framework composed of three stages: (1) the source data set is analysed by using Natural Language Processing techniques and ontological resources in order to detect sensitive data. (2) we define a metamodel for document NoSQL databases that allows designer to specify both structural and security aspects. (3) this model is implemented into a specific document database tool, MongoDB. Finally, we apply the framework proposed to a case study with a dataset of medical domain.