Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21."— Presentation transcript:

1 Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21

2 Foundations, Theory, and Practice Software Architecture 2 Outline Security Design Principles Architectural Access Control u Access Control Models u Connector-Centric Architectural Access Control Trust Trust Model u Reputation-based Systems u Architectural Approach to Decentralized Trust Management

3 Foundations, Theory, and Practice Software Architecture 3 Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” u National Institute of Standards and Technology

4 Foundations, Theory, and Practice Software Architecture 4 Confidentiality, Integrity, and Availability Confidentiality u Preserving the confidentiality of information means preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information. I.e., secrecy. Integrity u Maintaining the integrity of information means that only authorized parties can manipulate the information and do so only in authorized ways. Availability u Resources are available if they are accessible by authorized parties on all appropriate occasions.

5 Foundations, Theory, and Practice Software Architecture 5 Design Principles for Computer Security Least Privilege: give each component only the privileges it requires Fail-safe Defaults: deny access if explicit permission is absent Economy of Mechanism: adopt simple security mechanisms Complete Mediation: ensure every access is permitted Design: do not rely on secrecy for security

6 Foundations, Theory, and Practice Software Architecture 6 Design Principles for Computer Security (cont’d) Separation of Privilege: introduce multiple parties to avoid exploitation of privileges Least Common Mechanism: limit critical resource sharing to only a few mechanisms Psychological Acceptability: make security mechanisms usable Defense in Depth: have multiple layers of countermeasures

7 Foundations, Theory, and Practice Software Architecture 7 Security for Microsoft IIS --from [Wing, 2003]

8 Foundations, Theory, and Practice Software Architecture 8 Architectural Access Control Models Decide whether access to a protected resource should be granted or denied Discretionary access control u Based on the identity of the requestor, the resource, and whether the requestor has permission to access Mandatory access control u Policy based

9 Foundations, Theory, and Practice Software Architecture 9 Discretionary Access Control Database AComponent QInterface F AliceRead-Write; Always BendYes BobRead-Write; Between 9 and 5 FoldNo CharlesNo accessSpindleNo DaveNo accessMutilateYes EveRead-only; Always NoneNo

10 Foundations, Theory, and Practice Software Architecture 10 Mandatory Access Control Bob: Secret Alice: Confidential Tom: Top Secret Arrows show access (read/write) privileges What about just appending?

11 Foundations, Theory, and Practice Software Architecture 11 Connector-Centric Architectural Access Control Decide what subjects the connected components are executing for Regulate whether components have sufficient privileges to communicate through the connectors Provide secure interaction between insecure components Propagate privileges in architectural access check Participate in deciding architectural connections Route messages according to established policies Static analysis of architectures coupled with dynamic checking

12 Foundations, Theory, and Practice Software Architecture 12 Decentralization No centralized authority to coordinate and control entities Independent peers, with possibly conflicting goals, interact with each other and make local autonomous decisions Presence of malicious peers in open decentralized applications Need for measures to protect peers against malicious attacks

13 Foundations, Theory, and Practice Software Architecture 13 Trust management can serve as a potential countermeasure u Trust relationships help peers establish confidence in other peers Some Threats of Decentralization Impersonation: Mallory says she is Bob to Alice Fraudulent Actions: Mallory doesn’t complete transactions Misrepresenting Trust: Mallory tells everyone Bob is evil Collusion: Mallory and Eve tell everyone Bob is evil Addition of Unknowns: Alice has never met Bob

14 Foundations, Theory, and Practice Software Architecture 14 Marvin (malicious) Carol Bob Alice Mallory (malicious) Decentralized Auctioning Decentralized Auctioning Open decentralized application Independent buyers/sellers Potentially malicious participants Need to counter threats

15 Foundations, Theory, and Practice Software Architecture 15 Bob Alice Mallory (malicious) “I am Bob” Bob is reliable and everyone has a good opinion about Bob Impersonation

16 Foundations, Theory, and Practice Software Architecture 16 Alice “buyer” Alice pays for the items Marvin “seller” (malicious) Marvin does not ship the items Fraudulent Actions

17 Foundations, Theory, and Practice Software Architecture 17 Bob Alice Mallory (malicious) “Bob is unreliable” Bob is reliable and everyone has a good opinion about Bob Misrepresentation

18 Foundations, Theory, and Practice Software Architecture 18 Bob Alice Mallory (malicious) “Bob is unreliable” Bob is reliable and everyone has a good opinion about Bob Marvin (malicious) Collusion

19 Foundations, Theory, and Practice Software Architecture 19 Carol (new entrant in the system) Bob Alice Bob has no information about Carol; he is not sure whether to interact with Carol Carol is new and does not know Alice; she is not sure whether to interact with Alice Addition of Unknowns

20 Foundations, Theory, and Practice Software Architecture 20 Background: Trust Management Trust u Trust is a particular level of the subjective probability with which an agent assesses that another agent will perform a particular action in a context that affects his actions [Gambetta, 1990] Reputation u Expectation about an entity’s behavior based on past behavior [Abdul-Rahman, 2000] u May be used to determine trust Two types of trust management systems u Credential and Policy-based u Reputation-based

21 Foundations, Theory, and Practice Software Architecture 21 Role of Trust Management Each entity (peer) must protect itself against these threats Trust Management can serve as a potential countermeasure u Trust relationships between peers help establish confidence Two types of decentralized trust management systems u Credential and policy-based u Reputation-based

22 Foundations, Theory, and Practice Software Architecture 22 Architecture and Trust Management Decentralized trust management has received a lot of attention from researchers [Grandison and Sloman, 2000] u Primary focus has been on developing new models But how does one build a trust-enabled decentralized application? u How do I pick a trust model for a given application? u And, how do I incorporate the trust model within each entity?

23 Foundations, Theory, and Practice Software Architecture 23 Approach Select a suitable reputation-based trust model for a given application Describe this trust model precisely Incorporate the model within the structure (architecture) of an entity u Software architectural style for trust management (PACE) Result – entity architecture consisting of u components that encapsulate the trust model u additional trust technologies to counter threats

24 Foundations, Theory, and Practice Software Architecture 24 Key Insights Trust u Cannot be isolated to one component u Is a dominant concern in decentralized applications and should be considered early on during application development u Having an explicit architecture is one way to consistently address the cross-cutting concern of trust Architectural styles u Provide a foundation to reason about specific goals u Facilitate reuse of design knowledge u Allow known benefits to be leveraged and induce desirable properties

25 Foundations, Theory, and Practice Software Architecture 25 Design Guidelines: Approach Identify threats of decentralization Use the threats to identify guiding principles that help defend against the threats Incorporate these principles within an architectural style focused on decentralized trust management

26 Foundations, Theory, and Practice Software Architecture 26 ThreatsStrategies ImpersonationDigital identities, signature-based verification Fraudulent ActionsExplicit trust, comparable trust MisrepresentationExplicit trust, comparable trust, separation of internal and external data CollusionExplicit trust, comparable trust, separation of internal and external data Addition of unknownsImplicit trust of user Design Guidelines

27 Foundations, Theory, and Practice Software Architecture 27 PACE Architectural Style Basis: C2, a layered event-based style u Allows the natural structuring of the four functional units according to their dependencies u Facilitates reuse u Extensive tool support The resultant architectural style is called PACE (Practical Architectural approach for Composing Egocentric trust)

28 Foundations, Theory, and Practice Software Architecture 28 Functional Units Communication u Responsible for external interaction with other peers including data collection and transmission; does not depend upon data storage or analysis Information u Store all data including internal beliefs and reported information Trust u Responsible for trust computation and managing credentials; depends upon internal data for computation Application u Application-specific components including user interface; Builds upon services provided by the other three

29 Foundations, Theory, and Practice Software Architecture 29 Application Layer Communication Layer Information Layer Trust Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credentia l Manager A P P L I C A T I O N PACE Components

30 Foundations, Theory, and Practice Software Architecture 30 PACE: Communication Layer Multiple protocol handlers. Translate internal events into external messages and vice-versa Creates and manages protocol handlers Signs requests and verifies notifications Communication Layer Information Layer Trust Layer Application Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credential Manager A P P L I C A T I O N

31 Foundations, Theory, and Practice Software Architecture 31 Communication Layer Information Layer Trust Layer Application Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credential Manager A P P L I C A T I O N Separates internal beliefs from reported information Stores internal beliefs persistently PACE: Information Layer

32 Foundations, Theory, and Practice Software Architecture 32 Communication Layer Information Layer Trust Layer Application Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credential Manager A P P L I C A T I O N Incorporates different trust models and algorithms; can assign trust values to notifications received Generates unique public-private key pairs Maintains local cache of other peers’ identities; requests public keys from peers and responds to revocations PACE: Trust Layer

33 Foundations, Theory, and Practice Software Architecture 33 PACE: Application Layer Domain-specific trust rules; includes context of trust User-interface and application- specific components Communication Layer Information Layer Trust Layer Application Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credential Manager A P P L I C A T I O N

34 Foundations, Theory, and Practice Software Architecture 34 Communication Layer Information Layer Trust Layer Application Layer Communication Manager External Information Internal Information Key Manager Signature Manager Trust Manager Application Trust Rules HTTP SenderCustom ProtocolsMulticast Manager Multicast Handler Credential Manager A P P L I C A T I O N Countering Fraudulent Actions User sends request for trust information Others respond Responses are verified and tagged with trust values User sees these messages and makes an informed decision Post-interaction, user can change trust information

35 Foundations, Theory, and Practice Software Architecture 35 Carol Bob Alice Marvin (malicious) Mallory (malicious) Decentralized Auctioning Trust-enabled entity architecture Trust-enabled entity architecture Trust-enabled entity architecture Result: Decentralized Auctioning

Download ppt "Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21."

Similar presentations

Operating System Security

Operating System Security
Software Connectors Software Architecture. Importance of Connectors Complex, distributed, multilingual, modern software system functionality and managing.

Software Connectors Software Architecture. Importance of Connectors Complex, distributed, multilingual, modern software system functionality and managing.
PACE: An Architectural Style for Trust Management in Decentralized Applications Girish Suryanarayana Justin Erenkrantz Scott Hendrickson.

PACE: An Architectural Style for Trust Management in Decentralized Applications Girish Suryanarayana Justin Erenkrantz Scott Hendrickson.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 7, Pertemuan 13 Security Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Key Management in Cryptography

Key Management in Cryptography
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.

Chapter 19 Security Transparencies. 2 Chapter 19 - Objectives Scope of database security. Why database security is a serious concern for an organization.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.

Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Understanding Android Security Yinshu Wu William Enck, Machigar Ongtang, and PatrickMcDaniel Pennsylvania State University.

Similar presentations

Ads by Google