PRIME Concepts used in BluES’n Demonstration and Briefing Meeting 17/18 November 2005 in Dresden.

Slides:



Advertisements
Similar presentations
INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
Advertisements

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Grid Security. Typical Grid Scenario Users Resources.
Haga clic para cambiar el estilo de título Haga clic para modificar el estilo de subtítulo del patrón DIRAC Framework A.Casajus and R.Graciani (Universitat.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Introduction To Windows NT ® Server And Internet Information Server.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
SACMAT02-1 Security Prototype Defining a Signature Constraint.
Lecture 7 Access Control
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
A Product of Corporate Instant Messenger Enterprise Communication and Collaboration with Secure Instant Messaging Copyright © ANGLER.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: Author: Cristina Nucuta.
Computation for Physics 計算物理概論 Introduction to Linux.
Databases and the Internet. Lecture Objectives Databases and the Internet Characteristics and Benefits of Internet Server-Side vs. Client-Side Special.
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Client-Server & Peer-to-Peer Networks
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
Microsoft DirectAccess & Work Folders NICHOLAS A. HAY MONROE COUNTY ISD
Database Application Security Models Database Application Security Models 1.
OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
IMAP QUOTA extension draft-cridland-imap-quota-00 Dave Cridland Alexey Melnikov November 21, 2002.
Chapter 8: Virtual LAN (VLAN)
Security+ All-In-One Edition Chapter 19 – Privilege Management Brian E. Brzezicki.
Report task. Security risks such as hacking, viruses and id theft Security prevention such as Firewalls, SSL and general security standards The laws which.
Module 9: Fundamentals of Securing Network Communication.
Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.
Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
11 Restricting key use with XACML* for access control * Zack’-a-mul.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
Advanced Authentication Campus-Booster ID: Copyright © SUPINFO. All rights reserved Kerberos.
February 1999T. Haupt, DATORR meeting1 Gateway System New Generation of WebFlow.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
Introduction Chapter 1. Uses of Computer Networks Business Applications Home Applications Mobile Users Social Issues.
Scheduler CSE 403 Project SDS Presentation. What is our project? We are building a web application to manage user’s time online User comes to our webpage.
Distributed Systems Ryan Chris Van Kevin. Kinds of Systems Distributed Operating System –Offers Transparent View of Network –Controls multiprocessors.
Wednesday, August 7 th 2013 By the Improvisors.  An Internet Protocol (IP) address is a protocol rule which contains the address of a digital device.
B2access.eudat.eu B2ACCESS User Training How to register with B2ACCESS Version 1 February 2016 This work is licensed under the Creative Commons.
Port Based Network Access Control
Viewing the GDPR Through a De-Identification Lens
Module 8: Securing Network Traffic by Using IPSec and Certificates
Automated user administration for Landmark and LSF with IPA
Client / Server Correlation Values
THE STEPS TO MANAGE THE GRID
IS3440 Linux Security Unit 6 Using Layered Security for Access Control
Laws for Secure Credentialing
K!M SAA LOGICAL SECURITY Strong Adaptive Authentication
Module 8: Securing Network Traffic by Using IPSec and Certificates
(Authentication / Authorization)
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

PRIME Concepts used in BluES’n Demonstration and Briefing Meeting 17/18 November 2005 in Dresden

PRIME concepts used in BluES'n Client / Server communication Access control based on policies and on credentials usage of the sanitization enhancement Context management management / switching partial identities (and thus pseudonyms of a context)

Communication using PRIME Any BluES'n client/server communication use the PRIME IPv1 infrastructure BluES'n communicates by „value objects“ contains the application specific data resources like structures, texts, pictures, etc... serialized by client/server layer of BluES'n transferred by PRIME responsible for secure transfer (encryption,... ) de serialized by client/server layer of BluES'n

Access control by access control list (ACL) or capability ? Traditional Each user gets an unique login Associated roles (in general: membership in groups) Access control is based on these logins/roles/groups (ACL) bad: actions of a user can be tracked and linked user is well known by the system, because of his unique login Well, we don't want unique user logins! but we want to be able to restrict access, where necessary concept: binding rights to resources of the user to the user! using policies & credentials of PRIME (like a capability system)

Server side access control |1 Credentials certified values of data BluES'n server issues credentials to the owner/creator of resources Server side access control policies access rules to resources (in RDF) --> subject, object, condition ( any_body, BluES'n specific resource ID, credential is required) access types to resources: (read), write, add, remove no granting of rights to other users implemented (will be!)

Server side access control |2

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.