1. Role-Based Security in a Distributed Resource Environment*
Profs. Steven A. Demurjian and T.C. Ting
J. Balthazar, H. Ren, and C. Phillips
Computer Science & Engineering Department
191 Auditorium Road, Box U-155
The University of Connecticut
Storrs, Connecticut
Dr. Paul Barr
The MITRE Corp
145 Wyckoff Road
Eatontown, New Jersey 07724
*This work supported in part by a research contract from the
Mitre Corporation (Eatontown, NJ) and a research grant from AFOSR

2. Overview Goals of Our Research Effort Sun’s JINI Technology
A Software Architecture for Role-Based Security
Proposed Software Architecture
Security Resources and Services
Security Client and Resource Interactions
Client Interactions and Processing
Experimental Prototypes
JINI Prototype of Role Based Approach
Security Client Prototype
Related Work
Conclusions and Future Work

3. Goals of Our Research Effort
Incorporation of Role-Based Approach within Distributed Resource Environment
Highly-Available Distributed Applications Constructed Using Middleware Tools
Demonstrate Use of JINI to Provide Selective Access of Clients to Resources Based on Role
Propose Software Architecture and Role-Based Security Model for
Authorization of Clients Based on Role
Authentication of Clients and Resources
Enforcement so Clients Only Use Authorized Services (of Resource)
Propose Security Solution for Distributed Applications for Clients and Services (Resources)

4. Sun’s JINI Technology Construct Distributed Applications Using JINI by
Federating Groups of Users
Resources Provide Services for Users
A Resource Provides a Set of Services for Use by Clients (Users) and Other Resources (Services)
A Service is Similar to a Public Method
Exportable - Analogous to API
Any Entity Utilized by Person or Program
Samples Include:
Computation, Persistent Store, Printer, Sensor
Software Filter, Real-Time Data Source
Services: Concrete Interfaces of Components
Services Register with Lookup Service

5. Sun’s JINI Technology Key JINI Concepts and Terms
Registration of Services via Leasing Mechanism
Resource Leases Services to Lookup Service
Resources Renew Services Prior to Expiration
If not, Services Become Unavailable
Lookup Service Maintains Registry
Services as Available “Components”
Leasing Supports High-Availability
Registration and Renewal Process
Upon Failure, Services Removed from Registry
Clients, Resources, Lookup Can Occupy Same or Different Computing Nodes

6. Sun’s JINI Technology Join, Lookup, and Service Invocation
Lookup Service
Request
Service
AddCourse(CSE900)
Service Object
Service Attributes
Registry of Entries
Return
Service
Proxy to
AddCourse( )
Join
Register & Lease Services
CourseDB Class
Contains Method
AddCourse ( )
Client
Resource
Service Object
Service Attributes
Service Invocation via Proxy
by Transparent RMI Call
1. Client Invokes AddCourse(CSE900) on Resource
2. Resource Returns Status of Invocation

7. Proposed Software Architecture for Role-Based Security
Many Current Lookup Services
Successfully Dictates Service Utilization
Requires Programmatic Solution for Security
Does Not Selectively and Dynamically Control Access Based on Client Role
Security of a Distributed Resource Should Selectively and Dynamically Control Client Access to Services Based on the Role
Our Approach
Define Dedicated Resources to Authorize, Authenticate, and Enforce Security by Role
Proposed Resources
Role-Based Privileges, Authorization List, Security Registration

8. Proposed Software Architecture for Role-Based Security
Clients Using Services
Resources Provide Services
Role-Based
Privileges
Authorization
List
Security
Registration
Lookup
Service
Java
Client
Legacy
Database
Software
Agent
COTS
Legacy
COTS
Database
Figure 3.1: General Architecture of Clients and Resources.

9. Security Resources and Services
Role-Based Privileges Resource
Define User-role
Grant/Revoke Access of Role to Resource
Register Services
Authorization List Resource
Maintains Client Profile (Many Client Types)
Client Profile and Authorize Role Services
Security Registration Resource
Register Client Service
Identity Registration at Startup
Uses IP Address
Services of Resource
Functionally Separated and Organized
Resemble Method Definitions (OO)

10. The Services of the Role-Based Privilege Resource

11. The Services of the Authorization-List Resource

12. The Services of the Security Registration Resource

13. Security Client and Resource Interactions
Find_Client(C_Id, IP_Addr);
Find_All_Active_Clients();
Security
Registration
Security
Client
Grant_UR_Client(UR_Id, C_Id);
Revoke_UR_Client(UR, C_Id);
Find_AllUR_Client(C_Id);
Find_All_Clients_UR(UR);
Create_New_Client(C_Id);
Delete_Client(C_Id);
Find_Client(C_Id);
Find_All_Clients();
Authorization
List
Lookup
Service
Create_New_Role(UR_Name, UR_Disc, UR_Id);
Delete_Role(UR_Id);
Find_UR_Name(UR_Name);
Find_UR_Id(UR_Id);
Grant_Resource(UR_Id, R_Id);
Grant_Service(UR_Id, R_Id, S_Id);
Grant_Method(UR_Id, R_Id, S_Id, M_Id);
Revoke_Resource(UR, R_Id);
Revoke_Service(UR, R_Id, S_Id);
Revoke_Method(UR, R_Id, S_Id, M_Id);
Find_AllUR_Resource(UR,R_Id);
Find_AllUR_Service(UR,R_Id,S_Id);
Find_AllUR_Method(UR,R_Id,S_Id,M_Id);
Find_UR_Privileges(UR);
Discover
Service Return
Proxy
Register_Resource(R_Id);
Register_Service(R_Id, S_Id);
Register_Method(R_Id, S_Id, M_Id);
UnRegister_Resource(R_Id);
UnRegister_Service(R_Id, S_Id);
UnRegister_Method(R_Id, S_Id, M_Id);
General
Resource
Role-Based Privileges
Figure 3.3: Security Client and Database Resource Interactions.

14. Client Interactions and Processing
1. Register_Client(C_Id, IP_Addr,UR);
Security
Registration
GUI
Client
2. Verify_UR_Client(UR,C_Id);
4. Registration OK?
3. Client OK?
6.IsClient_Registered(C_ID)
Authorization
List
10. Modification OK?
Lookup
Service
7. Registration OK?
Discover
Service Return
Proxy
5. ModifyAttr(C_ID,UR,Value)
8. Check_Privileges(UR,R_Id,S_Id,M_Id);
Database
Resource
Role-Based Privileges
9. Privileges OK?
Figure 3.4: Client Interactions and Service Invocations.

15. Two Experimental Prototypes
JINI Prototype of Role Based Approach
University Database (UDB)
Initial GUI for Sign In (Authorization List)
Student/faculty GUI Client (Coursedb)
Access to Methods Limited Based on Role (Ex: Only Student Can Enroll in a Course)
Security Client Prototype
Generic Tool
Uses Three Resources and Their Services
Role-Based Privileges
Authorization-List
Security Registration

16. Experimental Prototype One JINI Prototype of Role Based Approach
Privileges & Sec. Reg.
Role-Based
Privileges & Sec. Reg.
Java
GUI
Client1
Java
GUI
Client2
DBServer Service
GetClasses();
PreReqCourse();
GetVacantClasses();
EnrollCourse();
AddCourse();
RemoveCourse();
UpdateCourse().
JINI
Lookup
Service
Author.
List Res.
(copy 1)
Author.
List Res.
(copy 2)
CourseDB
Resource
(copy 1)
CourseDB
Resource
(copy 2)
Figure 4.1: An Architecture of URBS based on JINI Technology.

17. Experimental Prototype One Execution Process
1a. Discover Register_Client
Service
1b. Return Service Proxy
2. Register the Client
3a. Is Client Authorized?
3b. Succeed - return Role
4. Return Success or Failure
5a. Discover CourseDB
5b. Return Service Proxy
6. Invoke a Method, e.g.,
Invoke EnrollCourse()
7a. Discover Role-Based Priv.
& Sec. Reg. Services
7b. Return Service Proxies
8a. Is Client Registered?
8b. Return Yes or No
9a. Can Client Invoke
Method?
10. addCourse() or do
nothing 2
Role-Base
Privileges & Sec. Reg.
Java
GUI
Client1 4
1a, 5a
1b, 5b
JINI
Lookup
Service 8a 9a 8b 9b 10 6 3b
3aa 7a 7b
Author. List Res.
CourseDB
Resource
Figure 4.2: Execution Process for Architecture.

18. Experimental Prototype Two The Security Client Prototype
Figure 4.3: Initial Security Client Screen.

19. Recall Security Resources and Services

20. Experimental Prototype Two Role-Based Privilege Resource & Services
Figure 4.4: The Role-Based Privileges Services Screen

21. Experimental Prototype Two Authorization List Resource & Services
Figure 4.5: The Authorization-List Services Screen.

22. Experimental Prototype Two Security Registration Resource & Services
Figure 4.6: The Security Registration Services Screen.

23. Related Work Security Policy & Enforcement (OS Security)
Security Filters and Screens
Header Encryption
User-level Authen.
IP Encapsulation
Key Mgmt. Protocols
Browser Security
Use of Encryption
Access Control
Securing Comm. Channel
Establishing a Trusted Computer Base
Network Services
Kerberos and Charon
Security: Mobile Agents
Saga Security Architecture
Access Tokens
Control Vectors
Security Monitor
Concordia
Storage Protection
Transmission Protection
Server Resource Protection
Other Topics
Trust Appraisal
Metric Analysis
Short-lived Certificates
Seamless Object Authentication

24. Conclusions For a Distributed Resource Environment
Proposed & Explained a Role-Based Approach
Authorize, Authenticate, and Enforce
Presented an Software Architecture Containing
Role-Based Security Model for a Distributed Resource Environment
Security Registration, Authorization-List, and Role-based Privileges Resources
Developed Two Independent Prototypes
JINI-Based Prototype for Role-Based Security Model that Allows Clients to Access Resources Based on Role
Security Client for Establishing Privileges

25. Future Work Negative Privileges Chaining of Resource Invocations
Client Uses S1 on R1 that Calls S2 on R2
Client Authorized to S1 but Not S2
Multiple Security Clients
What Happens When Multiple Security Clients Attempt to Modify Privileges at Same Time?
Is Data Consistency Assured?
Leasing Concept available with JINI
Leasing Allows Services to Expire
Can Role-Based Privileges Also Expire?

26. Future Work Location of Client vs. Affect on Service
What if Client in on Local Intranet?
What if Client is on WAN?
Are Privileges Different?
Tracking Computation for Identification Purposes
Currently Require Name, Role, IP Addr, Port #
How is this Tracked when Dynamic IP Addresses are Utilized?
Integration of the the Two Prototypes
Combining Both Prototypes into Working System
Likely Semester Project during Fall 2000