The present invention relates to network security, and more particularly to providing secure communications between applications over a network.
Today, more and more critical information systems, including commercial and U.S. Departrnent of Defense (DoD) sites, are the constant target of network and system attacks. These attacks range from simple and well-known strikes often conducted by young hackers by means of widely available and ready-to-use scripts, to very elaborated attacks led by well-funded organizations or foreign countries.
During operation, systems often rely on security service providers in order to add security enhancements for combating the foregoing attacks. Prior Art FIG. 1 illustrates a system 100 which provides such security enhancements using security service providers in a manner known in the art. As shown, applications 102 are connected to a network 104 by way of network providers 106 for communication purposes. Coupled between the applications 102 and the network providers 106 are security service providers 108. It should be noted that the security service providers 108 may be invoked by the applications 102, the network providers 106, and/or any other third parties. During use, such security service providers 108 may afford security components including, but not limited to authentication, confidentiality, integrity, policy enforcement, etc. Often, these security components may become a likely target of attacks.
In particular, the foregoing security components afforded by the security service providers 108 may employ a set of techniques for encoding data and messages such that the data and messages can be stored and transmitted securely. Such techniques can be used to achieve secure communications, even when the transmission media (for example, the Internet) is untrustworthy. Further, they may also be used to encrypt sensitive files so that an intruder cannot understand them, to ensure data integrity as well as to maintain secrecy, and to verify the origin of data and messages. This may be accomplished using certificates, cryptographic policies, and cryptographic keys.
A certificate may be thought of as a data structure containing information or data representing information, associated with assurance of integrity and/or privacy of encrypted data. A certificate binds an identity of a holder to a key of that holder, and may be signed by a certifying authority. A signature is sometimes spoken of as binding an identity of a holder to a key in a certificate. As a practical matter, a certificate may be very valuable in determining some level of confidence in keys associated with encryption.
Government authorities throughout the world have interests in controlling the use of cryptographic algorithms and keys. Many nations have specific policies directed to creation, use, import, and export of cryptographic devices and software. Numerous policies may exist within a single government. Moreover, these policies are periodically undergoing constant change.
When using cryptographic methods, the only part that may be required to remain secret is the cryptographic key. The algorithms, key sizes, and file formats can be made public without compromising security. One example of security service providers are the set of Cryptographic Security Providers that can be invoked using the Microsoft Cryptographic API (Crypto API). Another example of security service providers are the set of Cryptographic Security Providers that can be invoked in accordance with the Java Cryptography Extension (JCE), which currently include JCE 1.2-compliant offerings from RSA, Inc., and Entrust Technologies. Application developers can use any of these cryptographic providers to manually add cryptography and certificate functionality.
Despite the foregoing techniques, systems 100 such as that shown in Prior Art FIG. 1 often fail as a result of a run-time software or hardware fault, or an intrusion by a hacker. In such situations, the system 100 often provides a notification of the problem, and allows the user to react. In response to the notification, a user has little choice but to re-instantiate the security service provider 108, or manually xe2x80x9cplug-inxe2x80x9d a different security service provider 108. This provides for a very static, cumbersome solution.
There is therefore a need for a system that allows for a more dynamic, fault-tolerant means of providing secure communication over networks.
A system, method and computer program product are provided for managing the use of a plurality of security service providers during network communication. A first security service provider is utilized for affording secure communication between applications using a network. During operation, the system is monitored for events relating to the secure communication between the applications. Upon the detection of an event, a second security service provider is utilized for affording secure communication between the applications using the network.
In one preferred embodiment, the event is a security-related event including a run-time error and/or an intrusion by a hacker. As an option, the use of the first security service provider may be discontinued in response to the detection of the event. Further, a notification may be generated in response to the detection of the event.
In another preferred embodiment, the second security service provider may be of a type similar to that of the first security service provider. Further, the second security service provider may be executed on a host different from that of the first security service provider. In still yet another preferred embodiment, the second security service provider may be of a type different from that of the first security service provider.
In order to prevent a failure from affecting the applications, an address space of the applications may be different from that of the security service providers. Further, a host on which each of the applications is executed may be different from a host on which each of the security service providers is executed.
In another aspect of the preferred embodiments, a method may be provided for initially establishing secure communication over a network using a plurality of security service providers. First, an indication is received that communication is to be established on a network between a first application and a second application. In response thereto, at least one of a plurality of security service providers may be chosen for affording secure communication between the first application and the second application. During operation, the chosen security service provider may be used for affording secure communication between the first application and the second application utilizing the network.
The security service provider may be chosen by exchanging a set of acceptable security service providers between the first application and the second application utilizing the network. Subsequently, at least one of the security service providers may be chosen from the set.
As such, the security service provider may be chosen based on whether it is acceptable to both the first application and the second application. In the alternative, the security service provider may be chosen based on security requirements associated with the secure communication between the first application and the second application.
In still another preferred embodiment, each of the security service providers may use a single, common network provider for affording secure communication between the first application and the second application. In the alternative, separate network providers may be employed by each of the security service providers. Similarly, a single, common network connection or separate network connections may be employed by each of the security service providers.