Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECISS-1 CSE333 Prof. Steven A. Demurjian Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs,

Published byGordon Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "SECISS-1 CSE333 Prof. Steven A. Demurjian Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs,"— Presentation transcript:

1 SECISS-1 CSE333 Prof. Steven A. Demurjian Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155 http://www.engr.uconn.edu/~steve steve@engr.uconn.edu Security Issues for Distributed Computing Security Issues for Distributed Computing

2 SECISS-2 CSE333Overview  Background and Motivation  What are Key Distributed Security Issues?  What are Major/Underlying Security Concepts?  What are Available Security Approaches?  Identifying Key Distributed Security Requirements  Frame the Solution Approach  Outline UConn Research Emphasis:  Secure Software Design (UML and AOSD)  Middleware-Based Realization (CORBA/JINI)  Information Exchange via XML

3 SECISS-3 CSE333 Security for Distributed Applications Legacy COTS Database NETWORK Java Client Java Client How is Security Handled for Individual Systems? What about Distributed Security? Security Issues for New Clients? New Servers? Across Network? What if Security Never Available for Legacy/COTS/Database? Security Policy, Model, and Enforcement?

4 SECISS-4 CSE333 Recall Dynamic Coalitions  Crisis  Any Situation Requiring Natl. or I’Natl. Attention  Coalition  Alliance of Organizations  Military, Civilian, International or any Combination  Dynamic Coalition  Formed in a Crisis and Changes as Crisis Develops  Key Concern Being the Most Effective way to Solve the Crisis  Dynamic Coalition Problem (DCP)  Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed

5 SECISS-5 CSE333 FADD AFATDS GCCS-A MCS ASAS CSSCS Other ABCS U.N. U.S.A NGO/ PVO NATO Marine Corps NavyAir Force Army GCCS Battle Management System Joint Command System Army Battle Command System Combat Operations System U.S. Global C2 Systems DC for Military Deployment/Engagement LFCS Canada SICF France HEROS Germany SIACCON Italy OBJECTIVES: Securely Leverage Information in a Fluid Environment Protect Information While Simultaneously Promoting the Coalition Security Infrastructure in Support of DCP

6 SECISS-6 CSE333 DC for Medical Emergency Govt. Transportation Military Medics Local Health Care CDC ISSUES: Privacy vs. Availability in Medical Records Support Life-Threatening Situations via Availability of Patient Data on Demand Pharma. Companies Govt. MDs w/o Borders Red Cross RNs EMTs MDs State Health Other

7 SECISS-7 CSE333 Security Issues: Confidence in Security  Assurance  Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?  What Guarantees are Given by the Security Infra- structure of DC in Order to Attain:  Safety: Nothing Bad Happens During Execution  Liveness: All Good Things can Happen During Execution  Consistency  Are the Defined Security Privileges for Each User Internally Consistent? Least-Privilege Principle  Are the Defined Security Privileges for Related Users Globally Consistent? Mutual-Exclusion

8 SECISS-8 CSE333 Security for Coalitions  Dynamic Coalitions will play a Critical Role in Homeland Security during Crisis Situations  Critical to Understand the Security Issues for Users and System of Dynamic Coalitions  Multi-Faceted Approach to Security  Attaining Consistency and Assurance at Policy Definition and Enforcement  Capturing Security Requirements at Early Stages via UML Enhancements/Extensions  Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting

9 SECISS-9 CSE333 Four Categories of Questions  Questions on Software Development Process  Security Integration with Software Design  Transition from Design to Development  Questions on Information Access and Flow  User Privileges key to Security Policy  Information for Users and Between Users  Questions on Security Handlers and Processors  Manage/Enforce Runtime Security Policy  Coordination Across EC Nodes  Questions on Needs of Legacy/COTS Appls.  Integrated, Interoperative Distributed Application will have New Apps., Legacy/COTS, Future COTS

10 SECISS-10 CSE333 Software Development Process Questions  What is the Challenge of Security for Software Design?  How do we Integrate Security with the Software Design Process?  What Types of Security Must be Available?  How do we Integrate Security into OO/Component Based Design?  Integration into OO Design?  Integration into UML Design?  What Guarantees Must be Available in Process?  Assurance Guarantees re. Consistent Security Privileges?  Can we Support Security for Round-Trip and Reverse Engineering?

11 SECISS-11 CSE333 Software Development Process Questions  What Techniques are Available for Security Assurance and Analysis?  Can we Automatically Generate Formal Security Requirements?  Can we Analyze Requirements for Inconsistency and Transition Corrections Back to Design?  How do we Handle Transition from Design to Development?  Can we Leverage Programming Language Approaches in Support of Security for Development?  Subject-Oriented Programming?  Aspect-Oriented Programming?  Other Techniques?

12 SECISS-12 CSE333 Information Access and Flow Questions  Who Can See What Information at What Time?  What Are the Security Requirements for Each User Against Individual Legacy/cots Systems and for the Distributed Application?  What Information Needs to Be Sent to Which Users at What Time?  What Information Should Be “Pushed” in an Automated Fashion to Different Users at Regular Intervals?

13 SECISS-13 CSE333 Information Access and Flow Questions  What Information Needs to Be Available to Which Users at What Time?  What Information Needs to Be “Pulled” On- demand to Satisfy Different User Needs in Time- critical Situations  How Are Changing User Requirements Addressed Within the Distributed Computing Application?  Are User Privileges Static for the Distributed Computing Application?  Can User Privileges Change Based on the “Context” and “State” of Application?

14 SECISS-14 CSE333 Security Handlers/Processing Questions  What Security Techniques Are  Needed to Insure That the Correct Information Is Sent to the Appropriate Users at Right Time?  Necessary to Insure That Exactly Enough Information and No More Is Available to Appropriate Users at Optimal Times?  Required to Allow As Much Information As Possible to Be Available on Demand to Authorized Users?

15 SECISS-15 CSE333 Security Handlers/Processing Questions  How Does the Design by Composition of a Distributed Computing Application Impact on Both the Security and Delivery of Information?  Is the Composition of Its “Secure” Components Also Secure, Thereby Allowing the Delivery of Information?  Can We Design Reusable Security Components That Can Be Composed on Demand to Support Dynamic Security Needs in a Distributed Setting?  What Is the Impact of Legacy/cots Applications on Delivering the Information?

16 SECISS-16 CSE333 Security Handlers/Processing Questions  How Does Distribution Affect Security Policy Definition and Enforcement?  Are Security Handlers/enforcement Mechanisms Centralized And/or Distributed to Support Multiple, Diverse Security Policies?  Are There Customized Security Handlers/enforcement Mechanisms at Different Levels of Organizational Hierarchy?  Does the Organizational Hierarchy Dictate the Interactions of the Security Handlers for a Unified Enforcement Mechanism for Entire Distributed System?

17 SECISS-17 CSE333 Legacy/COTS Applications Questions  When Legacy/cots Appls. Are Placed Into Distributed, Interoperable Environment:  At What Level, If Any, Is Secure Access Available?  Does the Application Require That Secure Access Be Addressed?  How Is Security Added If It Is Not Present? What Techniques Are Needed to Control Access to Legacy/COTS?  What Is the Impact of New Programming Languages (Procedural, Object-oriented, Etc.) And Paradigms?

18 SECISS-18 CSE333 Focusing on MAC, DAC and RBAC  For OO Systems/Applications, Focus on Potential Public Methods on All Classes  Role-Based Approach:  Role Determines which Potential Public Methods are Available  Automatically Generate Mechanism to Enforce the Security Policy at Runtime  Allow Software Tools to Look-and-Feel Different Dynamically Based on Role  Extend in Support of MAC (Method and Data Levels) and DAC (Delegation of Authority)

19 SECISS-19 CSE333 Legacy/COTS Applications  Interoperability of Legacy/COTS in a Distributed Environment  Security Issues in Interoperative, Distributed Environment  Can MAC/DAC/RBAC be Exploited?  How are OO Legacy/COTS Handled?  How are Non-OO Legacy/COTS Handled?  How are New Java/C++ Appls. Incorporated?  Can Java Security Capabilities be Utilized?  What Does CORBA/ORBs have to Offer?  What about other Middleware (e.g. JINI)?  Explore Some Preliminary Ideas on Select Issues

20 SECISS-20 CSE333 A Distributed Security Framework  What is Needed for the Definition and Realization of Security for a Distributed Application?  How can we Dynamically Construct and Maintain Security for a Distributed Application?  Application Requirements Change Over Time  Seamless Transition for Changes  Transparency from both User and Distributed Application Perspectives  Support MAC, RBAC and DAC (Delegation)  Cradle to Grave Approach  Earliest Stages (UML) to Programming (Aspects)  Information Exchange (XML)  Middleware Environments - Inter-operating Artifacts and Clients

21 SECISS-21 CSE333 A Distributed Security Framework  Distributed Security Policy Definition, Planning, and Management  Integrated with Software Development: Design (UML) and Programming (Aspects)  Include Documents of Exchange (XML)  Formal Security Model with Components  Formal Realization of Security Policy  Identifiable “Security” Components  Security Handlers & Enforcement Mechanism  Run-time Techniques and Processes  Allows Dynamic Changes to Policy to be Seamless and Transparently Made

22 SECISS-22 CSE333 Distributed Security Policy L + SH DB + SH Java Client Java Client Legacy Client DB Client COTS Client L + SH CO+ SHDB + SH Server + SHL + SH CO+ SH Server + SH DB + SH Formal Security Model Security Components Enforcement Mechanism Collection of SHs L: Legacy CO: COTS DB: Database SH: Security Handler Interactions and Dependencies

23 SECISS-23 CSE333 Policy Definition, Planning, Management  Interplay of Security Requirements, Security Officers, Users, Components and Overall System  Minimal Effort in Distributed Setting - CORBA Has Services for  Confidentiality, Integrity, Accountability, and Availability  But, No Cohesive CORBA Service Ties Them with Authorization, Authentication, and Privacy  Difficult to Accomplish in Distributed Setting  Must Understand All Constituent Systems  Interplay of Stakeholders, Users, Sec. Officers

24 SECISS-24 CSE333 Three-Pronged Security Emphasis Secure Software Design via UML with MAC/RBAC Secure Information Exchange via XML with MAC/RBAC Secure MAC/RBAC Interactions via Middleware in Distributed Setting Assurance MAC Properties: Simple Integrity, Simple Security, etc. Safety Liveness

25 SECISS-25 CSE333 Other Possibilities: Reverse Engineer Existing Policy to Logic Based Definition UML Model with Security Capture all Security Requirements! Extending UML for the Design and Definition of Security Requirements Address Security in Use-Case Diagrams, Class Diagrams, Seqiemce Diagrams, etc. Formal Security Policy Definition using Existing Approach (Logic Based Policy Language) Iterate, Revise Bi-Directional Translation - Prove that all UML Security Definitions in UML in Logic- Based Policy Language and vice-versa Security Model Generation RBAC99 GMU RBAC/MAC UConn Oracle Security Must Prove Generation Captures all Security Requirements Secure Software Design - T. Doan

26 SECISS-26 CSE333 RBAC/MAC at Design Level  Security as First Class Citizen in the Design Process  Use Cases and Actors (Roles) Marked with Security Levels  Dynamic Assurance Checks to Insure that Connections Do Not Violate MAC Rules

27 SECISS-27 CSE333 Secure Software Design - J. Pavlich  What are Aspects?  System Properties that Apply Across an Entire Application  Samples: Security, Performance, etc.  What is Aspect Oriented Programming?  Separation of Components and Aspects from One Another with Mechanisms to Support Abstraction and Composition for System Design  What is Aspect Oriented Software Design?  Focus on Identifying Components, Aspects, Compositions, etc.  Emphasis on Design Process and Decisions

28 SECISS-28 CSE333 Aspects for Security in UML  Consider the Class Diagram below that Captures Courses, Documents, and Grade Records  What are Possible Roles?  How can we Define Limitations of Role Against Classes?

29 SECISS-29 CSE333 A Role-Slice for Professors

30 SECISS-30 CSE333 A Role Slide for Students

31 SECISS-31 CSE333 Legacy COTS GOTS Database NETWORK Java Client Legacy Client Database Client COTS Client Middleware-Based Security - C. Phillips  Artifacts: DB, Legacy, COTS, GOTS, with APIs  New/Existing Clients use APIs  Can we Control Access to APIs (Methods) by …  Role (who)  Classification (MAC)  Time (when)  Data (what)  Delegation Security Authorization Client (SAC) Security Policy Client (SPC) Security Registration Services Unified Security Resource (USR) Security Policy Services Security Delegation Client (SDC) Security Analysis and Tracking (SAT) Security Authorization Services Working Prototype Available using CORBA, JINI, Java, Oracle

32 SECISS-32 CSE333 Process-Oriented View Analyses of RBAC/MAC Model/Framework Against SSE-CMM Evaluation of RBAC/MAC Model Using DCP Unified RBAC/MAC Security Model RBAC/MAC Enforcement Framework Security Middleware Security Administrative and Management Tools Security Policy Definition Run Time Security Assurance Design Time Security Assurance

33 SECISS-33 CSE333 Security for XML Documents  Emergence of XML for Document/Information Exchange  Extend RBAC/MAC to XML  Collection of Security DTDs  DTDs for Roles, Users, and Constraints  Capture RBAC and MAC  Apply Security DTDs to XML Documents  Result: Each XML Document Appears Differently Based on Role, MAC, Time, Value  Security DTD Filters Document  Ongoing: H. Wang, C. Ju, C.Slamka, and J. Boysen Security DTDs  Role DTD  User DTD  Constraint DTD Application Application DTDs Application XML Files Appl_Role.xml Appl _User.xml Appl_Constraint.xml Security Officer Generates Security XML files for the Application DTDs and XML User’s Role Determines the Scope of Access to Each XML Document

34 SECISS-34 CSE333 Concluding Remarks  Objective is for Everyone to Think about the Range, Scope, and Impact of Security  Question-Based Approach Intended to Frame the Discussion  Proposed Solution for Distributed Environment  Current UConn Foci  Secure Software Design  Middleware Realization  XML Document Customization  Consider These and Other Issues for DCP

Download ppt "SECISS-1 CSE333 Prof. Steven A. Demurjian Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs,"

Similar presentations

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
CS3773 Software Engineering Lecture 01 Introduction.

CS3773 Software Engineering Lecture 01 Introduction.
Object-Oriented Application Development Using VB.NET 1 Chapter 5 Object-Oriented Analysis and Design.

Object-Oriented Application Development Using VB.NET 1 Chapter 5 Object-Oriented Analysis and Design.
UConnBI-BC-1 Security Issues for Bioinformatics Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department.

UConnBI-BC-1 Security Issues for Bioinformatics Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department.
1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-

1 Steve Chenoweth Friday, 10/21/11 Week 7, Day 4 Right – Good or bad policy? – Asking the user what to do next! From malware.net/how-to-remove-protection-system-
L4-1-S1 UML Overview © M.E. Fayad 2000 -- 2005 SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.

L4-1-S1 UML Overview © M.E. Fayad SJSU -- CmpE Software Architectures Dr. M.E. Fayad, Professor Computer Engineering Department, Room #283I.
R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.

R R R CSE870: Advanced Software Engineering (Cheng): Intro to Software Engineering1 Advanced Software Engineering Dr. Cheng Overview of Software Engineering.
Copyright 2002 Prentice-Hall, Inc. Chapter 1 The Systems Development Environment 1.1 Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer.

Copyright 2002 Prentice-Hall, Inc. Chapter 1 The Systems Development Environment 1.1 Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer.
Software Engineering General Project Management Software Requirements

Software Engineering General Project Management Software Requirements
Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.

Integration of Applications MIS3502: Application Integration and Evaluation Paul Weinberg Adapted from material by Arnold Kurtz, David.
DCP-1 CSE5095 Information Sharing and Security in Dynamic Coalitions Information Sharing and Security in Dynamic Coalitions Steven A. Demurjian Computer.

DCP-1 CSE5095 Information Sharing and Security in Dynamic Coalitions Information Sharing and Security in Dynamic Coalitions Steven A. Demurjian Computer.
1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.

1 Software Testing and Quality Assurance Lecture 30 – Testing Systems.
IS550: Software requirements engineering Dr. Azeddine Chikh 4. Validation and management.

IS550: Software requirements engineering Dr. Azeddine Chikh 4. Validation and management.
Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.

Role Based Access control By Ganesh Godavari. Outline of the talk Motivation Terms and Definitions Current Access Control Mechanism Role Based Access.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Enterprise Architecture

Enterprise Architecture
Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.

Romaric GUILLERM Hamid DEMMOU LAAS-CNRS Nabil SADOU SUPELEC/IETR ESM'2009, October 26-28, 2009, Holiday Inn Leicester, Leicester, United Kingdom.
Basic Concepts The Unified Modeling Language (UML) SYSC 3100 - System Analysis and Design.

Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.

Similar presentations

Ads by Google