Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Published byMildred Boyd Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been."— Presentation transcript:

1 Secure middleware patterns E.B.Fernandez

2 Middleware security Architectures have been studied and several patterns exist Security aspects have not been studied in detail Architectures are complex and a source of many possibilities

3

4 Patterns selected initially How to store and execute a business enterprise model. Business models are handled through component frameworks, typically using an object-oriented model. Part of this model may consume or provide web services. Its distributed systems architecture. Distribution is handled through distributed objects or web services protocols.

5 Component patterns The Component Configurator lets an application dynamically attach and detach components or processes. The Interceptor allows the transparent addition of services to an application or framework. These services are automatically invoked when certain events occur. The Extension Interface defines multiple interfaces for a component. The Home pattern separates the management of components from their use by defining an interface for creating instances of components.

6 Hiding patterns The Façade provides a unified, higher-level interface to a set of interfaces in a subsystem. The Adapter converts the interface of an existing class into a more convenient interface. The Wrapper Facade encapsulates the functions and data provided by existing subsystems or levels and defines a higher-level interface.

7 Security aspects The Component Configurator can be used to reduce the time when modules are exposed to attacks. Also, modules with different degrees of security could be used in the presence of attacks or for critical applications. The Interceptor is useful to add security to a framework, e.g. a CORBA-based system, if the original implementation did not have it. The Extension Interface can be used to define views that let a user or role access only some parts of the information in specific ways, according to their authorizations.

8 Adding security to components

9 More security The Home pattern can be used to apply authorization rules to control the creation of objects in components as it has been done in operating systems [Fer03]. The Façade can hide implementation details that could be exploited by hackers and can apply security checks in the operations of the Façade. The Adapter can be used to define a new interface with fewer operations for some uses according to their security restrictions or to map database security constraints to application constraints. The Wrapper Façade can be used to hide the implementation of the lower levels. This prevents attackers form taking advantage of implementation flaws. A higher-level interface restricts the possibilities of a hacker.

10 Interface security

11 Approach To add security to a pattern, compose it with other patterns that correspond to appropriate security mechanisms The mechanisms selected depend on the expected attacks and institution policies

12 Adding security to the Broker

13 Security services Client Authorization Authentication Broker Client-side Proxy Servant Authorization Cryptography ServerSide Proxy Adapter 1 ** * * * * 1 11 11 1 11 1

14 Conclusions Secure Broker pattern—Pat Morrison We need to complete the other patterns Several conference papers with specific patterns A journal paper with the whole approach Combine with AOP Proposal NSF, DARPA

Download ppt "Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been."

Similar presentations

Chapter 13 Review Questions

Chapter 13 Review Questions
Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Vakgroep Informatietechnologie – IBCN Software Architecture Prof.Dr.ir. F. Gielen Quality Attributes & Tactics (4) Modifiability.

Vakgroep Informatietechnologie – IBCN Software Architecture Prof.Dr.ir. F. Gielen Quality Attributes & Tactics (4) Modifiability.
Chapter 22 Object-Oriented Design

Chapter 22 Object-Oriented Design
PRESENTED BY SANGEETA MEHTA EECS810 UNIVERSITY OF KANSAS OCTOBER 2008 Design Patterns.

PRESENTED BY SANGEETA MEHTA EECS810 UNIVERSITY OF KANSAS OCTOBER 2008 Design Patterns.
Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.
Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.

Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.
Enterprise Resource Planning

Enterprise Resource Planning
Client/Server Software Architectures Yonglei Tao.

Client/Server Software Architectures Yonglei Tao.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.
B USINESS LAYER SAMANVITHA RAMAYANAM 4 th MARCH 2010 CPE 691.

B USINESS LAYER SAMANVITHA RAMAYANAM 4 th MARCH 2010 CPE 691.
Enterprise Systems & Architectures. Enterprise systems are mainly composed of information systems. Business process management mainly deals with information.

Enterprise Systems & Architectures. Enterprise systems are mainly composed of information systems. Business process management mainly deals with information.
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.
CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,

CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,

Similar presentations

Ads by Google