Presentation on theme: "Secure Systems Research Group - FAU Secure Pipes & Filters Pattern."— Presentation transcript:
Secure Systems Research Group - FAU Secure Pipes & Filters Pattern
Secure Systems Research Group - FAU Pre requisites Pipes & Filters: Provides a structure for system that process a stream of data RBAC: Assign rights to users according to their roles in an institution.
Secure Systems Research Group - FAU Intro The Secure Pipes and Filters pattern provides secure handling of data streams. Each processing step applies some data transformation or filtering. The rights to perform the filtering and the movement of data are controlled.
Secure Systems Research Group - FAU Example Law Firm
Secure Systems Research Group - FAU Context Processing data streams in different stages, with different levels of responsibility and rights, used to control who can perform data transformations.
Secure Systems Research Group - FAU Problem Different stages are needed before data reaches the final stage, this happens for several reasons: every component performs specialized functions over the data, the global architecture or hierarchical organization requires this flow and this approach makes the system more flexible. Every time the data reach a different stage, exclusive functions are applied. In the previous example the secretary can create the legal document, but privileges such as inserting legal advisory or signing the document are restricted to her level. In this kind of system, we may need the flexibility to reorder the steps of the process or change the processing steps. In the example above a new lawyer may be assigned to the case, but the responsibilities and privileges should remain intact.
Secure Systems Research Group - FAU Problem The design of the system has to consider the following forces: The information can go in either direction in the system. Filtering can be applied in each case. The system needs to assign privileges according to each stage of processing and roles involved. We might require using signatures or authentication between stages. The right to reconfigure the stages within the data flow must be controlled
Secure Systems Research Group - FAU Solution The Secure Pipes and filters pattern provides a secure way to divide the processing of data to different sequential stages or steps. The exchange of information between stages is secured. In the figure below we can observe one approach to add security, implementing RBAC.
Secure Systems Research Group - FAU Solution Class Diagram op1 op2 Filter i op1 op2 Right op1 Right op1 op2 op3 Filter j op1 op2 Right Pipeline i configure Right Authentication Information « role » Role2 « role » Role1 « role » Role4 check 1 1 Authentication Information check 1 1 « role » Role3
Secure Systems Research Group - FAU Dynamics Sequence Diagram :Subject :RefMonitor:Right :Filter i:Data Source:Data Sink data checkRights request_op1 decision request_op1 read op1 write
Secure Systems Research Group - FAU Example Resolved Class Diagram Document Creation Right read Right read write sign Right Pipeline i configure Right Authentication Information « role » Secretary « role » Assistant Lawyer « role » Principal Lawyer check 1 1 Authentication Information check 1 1 « role » Administrator Document Registration read write sign read addTemplate write read addTemplate write
Secure Systems Research Group - FAU Known Uses XML Pipeline Definition Language (XPL) Role-Based Trust-Management Markup Language (RTML) xoRBAC SeMoA
Secure Systems Research Group - FAU Consequences The use of this pattern yields to the following benefits: The system assigns privileges according to each stage of processing. The use of operations over the data, is now restricted with the implementation of either RBAC or Access Matrix models. The use of encryption between stages is possible, adding the possibilities of secure messages and digital signatures. The Administrator role controls the reconfiguration of stages. Applying this pattern imposes the following liabilities: The general performance of the system worsens due to the overhead of the security checks.
Secure Systems Research Group - FAU References [Bus96]F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, M. Stal. Pattern-Oriented Software Architecture: A System of Patterns, Volume 1, West Sussex, England: John Wiley & Sons, 1996. [Fer01a]E. B. Fernandez and R. Pan,“ A Pattern Language for security models”, Procs. of the 8th Annual Conference on Pattern Languages of Programs (PLoP 2001), 11-15 September 2001, Allerton Park Monticello, Illinois, USA, 2001. Also available from: http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions [Sch06]M. Schumacher, E.B.Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, West Sussex, England: John Wiley & Sons 2006. [Xpl] http://www.orbeon.com/ops/doc/reference-xpl-pipelineshttp://www.orbeon.com/ops/doc/reference-xpl-pipelines [Rtm] http://xml.coverpages.org/ni2004-04-05-a.htmlhttp://xml.coverpages.org/ni2004-04-05-a.html [Xor] http://wi.wu-wien.ac.at/home/mark/xoRBAC/index.htmlhttp://wi.wu-wien.ac.at/home/mark/xoRBAC/index.html [Sem] http://www.semoa.org/docs/features.htmlhttp://www.semoa.org/docs/features.html