Formal modeling and analysis of XML firewall for service-oriented systems

As more businesses deploy web services over the Internet, the issue of how to secure them from intruders and possible threats becomes more important. Firewalls have been designed as a major component to protect a network or a server from being attacked. However, since conventional firewalls emphasize on packet filtering at the transport and session layer, rather than verifying user permissions and examining packet contents at the application layer, they are not suitable for protecting service providers from unauthorized web service invocations. In this paper, we propose a formal XML firewall security model using role-based access control (RBAC) mechanisms. Our proposed formal model supports user authentication and role-based user authorization according to policy rules stored in a policy database that can be updated dynamically. The formal model is designed compositionally using colored Petri nets (CPN), which can serve as a high-level design for XML firewall implementation. The major components of our compositional XML firewall security model are the application model and the XML firewall model. We analyze the application model and the XML firewall model separately using an existing Petri net tool, called CPN Tools, and demonstrate how key properties of our formal models can be verified, and how a design error can be detected and corrected at an early design stage.