Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Slides:

Advertisements

Similar presentations

Chapter 13 Review Questions

Advertisements

Connect. Communicate. Collaborate Click to edit Master title style MODULE 1: perfSONAR TECHNICAL OVERVIEW.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB JavaForum.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Vakgroep Informatietechnologie – IBCN Software Architecture Prof.Dr.ir. F. Gielen Quality Attributes & Tactics (4) Modifiability.

Chapter 22 Object-Oriented Design

PRESENTED BY SANGEETA MEHTA EECS810 UNIVERSITY OF KANSAS OCTOBER 2008 Design Patterns.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

Incorporating database systems into a secure software development methodology Eduardo B. Fernandez, Jan Jurjens, Nobukazu Yoshioka, and Hironori Washizaki.

Enterprise Resource Planning

Client/Server Software Architectures Yonglei Tao.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse 2.

B USINESS LAYER SAMANVITHA RAMAYANAM 4 th MARCH 2010 CPE 691.

Enterprise Systems & Architectures. Enterprise systems are mainly composed of information systems. Business process management mainly deals with information.

Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 12 Slide 1 Distributed Systems Architectures.

CGW 2003 Institute of Computer Science AGH Proposal of Adaptation of Legacy C/C++ Software to Grid Services Bartosz Baliś, Marian Bubak, Michał Węgiel,

Secure Systems Research Group - FAU Aspects and mobile applications Sergio Soares Paulo Borba, “PaDA: A Pattern for Distribution Aspects” In Second Latin.

An Introduction to Software Architecture

Supporting Heterogeneous Users in Collaborative Virtual Environments using AOP CoopIS 2001 September 5-7, Trento, Italy M. Pinto, M. Amor, L. Fuentes,

Fundamentals of Database Chapter 7 Database Technologies.

Architecting Web Services Unit – II – PART - III.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

Secure Systems Research Group - FAU Classifying security patterns E.B.Fernandez, H. Washizaki, N. Yoshioka, A. Kubo.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Design Patterns CSCI 5801: Software Engineering. Design Patterns.

SCALABLE EVOLUTION OF HIGHLY AVAILABLE SYSTEMS BY ABHISHEK ASOKAN 8/6/2004.

Architectural pattern: Interceptor Source: POSA II pp 109 – 140POSA II Environment: developing frameworks that can be extended transparently Recurring.

Software Design Patterns (1) Introduction. patterns do … & do not … Patterns do... provide common vocabulary provide “shorthand” for effectively communicating.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 14 Database Connectivity and Web Technologies.

A Secure JBoss Platform Nicola Mezzetti Acknowledgments: F. Panzieri.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Secure Systems Research Group - FAU A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

Design Patterns CSIS 3701: Advanced Object Oriented Programming.

Chapter 2 Database System Concepts and Architecture Dr. Bernard Chen Ph.D. University of Central Arkansas.

Update on CORBA Support for Babel RMI Nanbor Wang and Roopa Pundaleeka Tech-X Corporation Boulder, CO Funded by DOE OASCR SBIR.

Rational Unified Process Fundamentals Module 7: Process for e-Business Development Rational Unified Process Fundamentals Module 7: Process for e-Business.

Dynamic and Selective Combination of Extension in Component-based Applications Eddy Truyen, Bart Vanhaute, Wouter Joosen, Pierre Verbaeten, Bo N. Jørgensen.

University of Toronto at Scarborough © Kersti Wain-Bantin CSCC40 system architecture 1 after designing to meet functional requirements, design the system.

Secure Systems Research Group - FAU 1 A Trust Model for Web Services Ph.D Dissertation Progess Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

SDN Management Layer DESIGN REQUIREMENTS AND FUTURE DIRECTION NO OF SLIDES : 26 1.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Authorization GGF-6 Grid Authorization Concepts Proposed work item of Authorization WG Chicago, IL - Oct 15 th 2002 Leon Gommans Advanced Internet.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Michał Jankowski, Paweł Wolniewicz, Jiří Denemark, Norbert Meyer,

Developing Product Line Components Jan Bosch Professor of Software Engineering University of Groningen, Netherlands

Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.

CS 5150 Software Engineering Lecture 16 Program Design 3.

Slide 1 2/22/2016 Policy-Based Management With SNMP SNMPCONF Working Group - Interim Meeting May 2000 Jon Saperia.

ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.

Data Sharing Service Kiran Devaram Samatha Gangapuram Harish Maringanti Prashant Shanti Kumar Pradeep Tallogu.

Context-Aware Middleware for Resource Management in the Wireless Internet US Lab 신현정.

1 Distributed Systems Architectures Distributed object architectures Reference: ©Ian Sommerville 2000 Software Engineering, 6th edition.

Distributed Systems Architectures Chapter 12. Objectives  To explain the advantages and disadvantages of different distributed systems architectures.

Software Reuse. Objectives l To explain the benefits of software reuse and some reuse problems l To discuss several different ways to implement software.

Chapter 2 Database System Concepts and Architecture

Architecting Web Services

Architecting Web Services

Decorator Design Pattern

Object Oriented Design Patterns - Structural Patterns

Analysis models and design models

An Introduction to Software Architecture

SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691

Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi

Presentation transcript:

Secure middleware patterns E.B.Fernandez

Middleware security Architectures have been studied and several patterns exist Security aspects have not been studied in detail Architectures are complex and a source of many possibilities

Patterns selected initially How to store and execute a business enterprise model. Business models are handled through component frameworks, typically using an object-oriented model. Part of this model may consume or provide web services. Its distributed systems architecture. Distribution is handled through distributed objects or web services protocols.

Component patterns The Component Configurator lets an application dynamically attach and detach components or processes. The Interceptor allows the transparent addition of services to an application or framework. These services are automatically invoked when certain events occur. The Extension Interface defines multiple interfaces for a component. The Home pattern separates the management of components from their use by defining an interface for creating instances of components.

Hiding patterns The Façade provides a unified, higher-level interface to a set of interfaces in a subsystem. The Adapter converts the interface of an existing class into a more convenient interface. The Wrapper Facade encapsulates the functions and data provided by existing subsystems or levels and defines a higher-level interface.

Security aspects The Component Configurator can be used to reduce the time when modules are exposed to attacks. Also, modules with different degrees of security could be used in the presence of attacks or for critical applications. The Interceptor is useful to add security to a framework, e.g. a CORBA-based system, if the original implementation did not have it. The Extension Interface can be used to define views that let a user or role access only some parts of the information in specific ways, according to their authorizations.

Adding security to components

More security The Home pattern can be used to apply authorization rules to control the creation of objects in components as it has been done in operating systems [Fer03]. The Façade can hide implementation details that could be exploited by hackers and can apply security checks in the operations of the Façade. The Adapter can be used to define a new interface with fewer operations for some uses according to their security restrictions or to map database security constraints to application constraints. The Wrapper Façade can be used to hide the implementation of the lower levels. This prevents attackers form taking advantage of implementation flaws. A higher-level interface restricts the possibilities of a hacker.

Interface security

Approach To add security to a pattern, compose it with other patterns that correspond to appropriate security mechanisms The mechanisms selected depend on the expected attacks and institution policies

Adding security to the Broker

Security services Client Authorization Authentication Broker Client-side Proxy Servant Authorization Cryptography ServerSide Proxy Adapter 1 ** * * * *

Conclusions Secure Broker pattern—Pat Morrison We need to complete the other patterns Several conference papers with specific patterns A journal paper with the whole approach Combine with AOP Proposal NSF, DARPA