Application level security enforcement mechanisms for advanced network services

Abstract

Today the telecom world and the Internet world are converging. Ericsson has foreseen this convergence and developed a prototype of a service creation and execution environment called ServiceFrame. ServiceFrame is an extension of the ActorFrame framework. ActorFrame features new concepts described in UML 2.0, such as connectors, ports, parts and behaviour inheritance and structured classes. ActorFrame has central components called actors and agents. Actors and agents are modelled and described using the UML 2.0 notation. In ActorFrame and ServiceFrame actors and agents are communicating asynchronously using messages and concurrent state machines. The ServiceFrame developers have always concentrated on making ServiceFrame a framework with distributed components. The developers have not yet focused on the security issues in ServiceFrame. As a result ServiceFrame currently has no security mechanisms for securing actors or agents. This thesis proposes a security protocol and security mechanisms for securing ServiceFrame. The proposed security mechanisms are implemented in a prototype and tested using a test case. The report first gives an introduction to security concepts, such as authentication, authorisation, integrity and confidentiality. The report also describes relevant frameworks and security protocols. The Java programming language is used for developing and implementing the security mechanisms. UML 2.0 is used as the modelling language. At the end of the report the security mechanisms are analysed and discussed. Authentication in ServiecFrame is achieved by using a key exchange protocol with certificates. In the thesis a solution for achieving authorisation is proposed. This thesis only proposes a rudimentary solution which uses access control lists. Integrity and confidentiality are achieved using cryptography and signing of messages. The main conclusion of this thesis is that the security mechanisms proposed can contribute to securing the ServiceFrame framework. The security mechanisms achieve point to point security between two agents. ServiceFrame could be used to secure access to the Parlay gateway and telecom services. Fundamental in the security mechanisms is an extended variant of the Needham-Schroeder-Lowe public key protocol. The main contribution of this thesis has been to introduce security in ServiceFrame, which previously had not been implemented. The security mechanisms can be used by developers of ServiceFrame to accomplish security in their services. Commercial systems require focus on security to secure both end users and the service providers. The thesis work may contribute to the establishment of ServiceFrame in commercially related products in the future. The thesis has shown that ServiceFrame does not have security mechanisms and that achieving security is essential for ServiceFrame. The thesis has also shown that some of the proposed security mechanisms can be implemented in the framework. It has also shown how security concepts can be implemented and used by distributed components.