2. Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR ALI

3. Outline 1.Introduction to Domain 2.Problem Statement 3.Related Work 4.Our Product 5.Main Features 6.Scope 7.Deliverable and Milestones 8.Future Prospects 9.Conclusion

4. Introduction to Domain Domain : Group Secure Information Sharing (g-SIS)  It envision agile and secure group management as well cryptographic sharing of resources  Group Secure Resource Sharing  Secure Group Management  Encryption & Decryption  Key Management and Distribution  Access Control Policies and delegation  Role Based Access Control (RBAC)  Attribute Based Access Control (ABAC)  Usage Based Access Control (UCON)

5. Problem Statement “Existing Software solutions do not provide Dynamic and Secure Group Information Sharing as per user requirement”

6. Related Work & Literature Survey Related Products in Market  LMS  EasyChair  FirstClass  Dspace  Google drive  DropBox

7. Related Work & Literature Survey Related Papers: ○ A Temporal Model for Group-Centric Secure Information Sharing ○ An Extended Authorization Model for Group-Centric Secure Information Sharing ○ Enforcement Architecture and Implementation Model for Group-Centric Information Sharing ○ RFC 4535 GSAKMP: Group Secure Association Key Management Protocol. (selected section). ○ XACML:extensible Access control markup Language.

8. Our Product: Dynasis Dynasis is a user friendly, secure information sharing web based system for individuals and organizations, to manage secure groups and share encrypted data.

9. Main Features ◦KeyFeatures: ◦Secure group information Sharing ◦Time and Event Based Groups. ◦Dynamic Roles and Access Control ◦Additional Features: ◦Open Source ◦Cloud based system ◦User Friendly ◦Desktop Integration

10. Secure Group Information Sharing ● It will use Group Secure Association Key Management protocol (GSAKMP) for cryptographic group managment. ● Access to authorized users. ● Encrypted resources ● Confidentiality ● Hashing and system logging ● Integrity

11. Dynamic Roles and Access Control Policies ● Roles and corresponding access control policies can be defined according to organizational structure. ● It will use XACML for Attribute based Access Control (ABAC) for defining dynamic policies

12. Task and Event based group Management ● User’s can manage different types Groups based on attributes o Time o Event o Task Groups will be expired, disasemble and user right will be revoked.

13. Technology: ◦Spring MVC And Hibernate

14. Security and testability

15. Scope ● Knowledge Areas o Research on Group Secure Information Sharing o Cloud Security o Open Source Development ● End Users o Individual Users o Organizations and Institutes

16. Deliverables ◦Documentation ◦SRS ◦SDS ◦Development ◦Basic Infrastructure Development ◦Secure Groups Implementation (GSAKMP Integration) ◦Access control policy (XACML implementation) ◦Different Types of Groups. ◦Integration ◦Testing

17. Future Prospects ● Other Resources like Videos etc. sharing. ● Online Secure Editing of resources. ● Secure Email communication. ● Secure chat.

18. Demo

19. Conclusion: ◦Our product ◦Meeting Functional and Nonfunctional Requirements ◦Developed using latest technologies ◦follow the professional standards. ◦Best of Best Features

20. References www.google.com/trends/explore#q=%2Fm%2F0dhx5b%2C %2Fm%2F026mhl&cmpt=q http://zeroturnaround.com/rebellabs/java-tools-and-technologies-landscape-for-2014/ http://zeroturnaround.com/rebellabs/the-2014-decision-makers-guide-to-java-web-frameworks/3/ http://blog.websitesframeworks.com/2013/03/wahner-categorization-and-comparison-of-web-frameworks-229/ http://zeroturnaround.com/rebellabs/top-4-java-web-frameworks-revealed-real-life-usage-data-of-spring-mvc-vaadin-gwt-and-jsf/ http://blog.websitesframeworks.com/2013/03/web-frameworks-benchmarks-192/ https://spreadsheets.google.com/pub?key=0AtkkDCT2WDMXdC1HOEtnUHpCejJMbUhGeGJWUmh5dVE&hl=en&output=html

21. Thanks

23. Work Progress ● Studied HEC Proposal Document ● Studied research papers: ○ A Temporal Model for Group-Centric Secure Information Sharing ○ An Extended Authorization Model for Group-Centric Secure Information Sharing ○ Enforcement Architecture and Implementation Model for Group- Centric Information Sharing ○ RFC 4535 GSAKMP: Group Secure Association Key Management Protocol. (selected section).

24. ● JSF vs Spring framework comparison. ● Project Proposal ● SRS Study ● SDS Making ( On going)

25. Research Papers 1. A Temporal Model for Group-Centric Secure Information Sharing ◦Time based files access control ◦Time based group management ◦Group members join/re-join leave ◦Access control on basis of time of join/re-join and leave. ◦Access on basis of time intervals

26. Research Papers contd. 2. An Extended Authorization Model for Group-Centric Secure Information Sharing Authorizations are also influenced by the privileges of subject except for the temporal ordering of subject and object group membership. Assumptions: Objects are read only Super distribution used (single key encryption). Access control on client side by trusted computing Offline access also available Administrator may or may not be member of the group No effect on remaining users on join/re-join or leaving of group member Temporal as well as role of users.

27. Research Papers contd. 3. Enforcement Architecture and Implementation Model for Group-Centric Information Sharing Architecture and TPM-based implementation model for a group-centric SIS (g-SIS) problem that enables Super-Distribution. Key points: Super distribution and micro distribution. Temporal model followed

28. JSF vs Spring

29. World Wide Wait

30. Complexity comparison

33. Scalability cost

37. Security

38. Testability

39. Feedback Thanks ! Any Questions??