Akamai Project: Web Service Security Through a Guard
Project Site: Akimeka
Mentor: Marc Lefebvre
A guard is a government-proprietary and government-certified device that is used by the National Security Agency (NSA) and the Defense Information Systems Agency (DISA) as a Cross Domain Solution (CDS). A domain, in the web service security sense, is an isolated network with a certain security standard. The terminology “cross domain” indicates the connection and data transfer between two different security domains. The NSA and DISA have asked Akimeka to test the strengths and weaknesses of certain guard platforms using web services. Specifically, the guard evaluation setup in Akimeka’s Service Oriented Architecture (SOA) Test Lab considers a cross domain network of a classified client and an unclassified server. The major goal of this project was to research and document how to implement WS-Security (WSS) for use on this network. To narrow the vast scope of WSS, specific studies of the User Name Token, Timestamp, Signature, and Encryption mechanisms were conducted. Each mechanism was analyzed using only the options needed for basic functionality. As a test bench, both a client and a server were simulated on a single computer. All work was conducted with the open-source software currently in use at Akimeka, and will be used as a guide for future WSS work in the SOA Test Lab. An example of one of the studies will be presented.