Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kelly Whitacre, Kunal Bele, and Mike Gerschefske.

Published byMitchell Lee Modified over 8 years ago

Similar presentations

Presentation on theme: "Kelly Whitacre, Kunal Bele, and Mike Gerschefske."— Presentation transcript:

1 Kelly Whitacre, Kunal Bele, and Mike Gerschefske

2 Secure Role Based IM  Create an IM to cut down on excess chatting  Restrict users to chat only with people with similar roles within department  Provide Mechanism to allow users to request chat outside specific role  Leverage ENforCE 2

3 Policy Enforcement Point Global.asax ASP.NET Application FC4 machine (Firewall) Iptables Control Service B8) Network- resource Access IIS Authentication ISAPI Protected web resources A2) Http request A5) XML response Session policy source A3/ B3) Get User's AC RPS PPS Domain Controller Active Directory B2) Http request A1/B1) User Request Protected Network resources B7) XML response Policy Decision Point Policy Decision Point B6) Open or Close service commands A4/B4) Get Decision The ENforCE System 3

4 Role Based Hierarchy 4

5 What ENforCE Provides  Ability to determine if a user has access to a resource  i.e. user changed jobs, or was fired  Users’ management chains  Yet, Our Policy Enforcement is in our Server rather then Enforce 5

6 Server Algorithm  Check if user 1 can communicate with user 2 via XACML request to ENforCE  If not, ENforCE determines highest manager of user 1 required to get authorization to user 2  Send request to that manager and wait for acceptance  If authorized allow user 1 to send data to user 2 for some period of time  Obtain Public Key of Receiver by AD of ENforCE for Client of Sender  Note:  One way communication  Message sent to manager requiring token to be sent back to acknowledge acceptance 6

7 (Two) One Way Communication Request(s) 7

8 Conceptual Design ENforCE Server BobAlice Bob’s Boss Alice’s Boss AD XACML 8 IIS

9 Clients  Very Simple  Send messages containing  Message  To  Buddy List/Active Directory Browsing could be added  Clients encrypt via destinations public key  Could look into asymmetric crypto 9

10 Progress  Extracted IIS and DC of ENforCE  Recreated FW  Problems with Windows Activation  Problems with VMware Converter removing hardware  Problems with physical Unix machine 10

11 Questions?? 11

Download ppt "Kelly Whitacre, Kunal Bele, and Mike Gerschefske."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.

Make Secure Information Sharing (SIS) Easy and an Reality C. Edward Chow, PI Osama Khaleel Bill Kretschmer C. Edward Chow, PI Osama Khaleel Bill Kretschmer.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.

ACCESS CONTROL MANAGEMENT Project Progress (as of March 3) By: Poonam Gupta Sowmya Sugumaran.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
4/26/2007okhaleel/Enforce1 EN gine FOR C ontrolling E mergent H ierarchical R ole- B ased A ccess (ENforCE HRBAccess) Osama Khaleel Thesis Defense May.

4/26/2007okhaleel/Enforce1 EN gine FOR C ontrolling E mergent H ierarchical R ole- B ased A ccess (ENforCE HRBAccess) Osama Khaleel Thesis Defense May.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System interfaces Updated: November 2014.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Microsoft Networking.

Hussain Ali Department of Computer Engineering KFUPM, Dhahran, Saudi Arabia Microsoft Networking.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Similar presentations

Ads by Google