The request-response paradigm used for access control solutions commonly leads to point-to-point (PTP) architectures with security enforcement logic obtaining decisions from the authorization servers through remote procedure calls. In massive-scale and complex enterprises, PTP authorization architectures result in fragile and subefficient solutions. The architectures also fail to exploit virtually free CPU resources and network bandwidth. This paper proposes to leverage publish-subscribe architectures for increasing failure resilience and efficiency by flooding delivery channels with speculatively pre-computed authorizations and recycling them on just-in-time basis.
Flooding and Recycling Authorizations
↧
↧
On the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should not be expected to cope with complex policy languages and evaluation engines or to develop custom engines from scratch. In this paper, we discuss the benefits of policy engines designed as component frameworks with a mix of parameterized pre-built and custom logic composed to implement complex policies. To provide an example of such a design approach, we present an authorization architecture for ASP.NET Web services that has been implemented in a real-world system.
↧
A Security Analysis of the IEEE 1588 Standard
↧
Experience Report: Design and Implementation of a Component-Based Protection Architecture for ASP.NET Web Services
This report reflects, from a software engineering perspective, on the experience of designing and implementing protection mechanisms for ASP.NET Web services. The limitations of Microsoft ASP.NET container security mechanisms render them inadequate for hosting enterprise-scale applications that have to be protected according to diverse and/or complex applicationspecific security policies. In this paper we report on our experience of designing and implementing a component-based architecture for protecting enterprisegrade Web service applications hosted by ASP.NET. Due to its flexibility and extensibility, this architecture enables the integration of ASP.NET into the organizational security infrastructure with less effort by Web service developers. The architecture has been implemented in a real-world security solution. This paper also contributes a best practice on constructing flexible and extensible authentication and authorization logic for Web services by using Resource Access Decision and Attribute Function (AF) architectural styles. Furthermore, the lessons learned from our design and implementation experiences are discussed throughout the paper.
↧
CITI Fault Report Classification and Encoding for Vulnerability and Risk Assessment of Interconnected Infrastructures
Effective functionalities of many of the critical infrastructures depend on Communication and Information Technology Infrastructure (CITI). As such, any fault in CITI can disrupt the operation of these infrastructures. Understanding the origin of these faults, their propagation pattern and their impact on other infrastructures can be very valuable for secure and reliable infrastructures design and operation. However, up to now there is no well-defined technique to comprehend these interinfrastructure fault scenarios. Public domain CITI fault reports can serve as a useful source to identify vulnerability patterns and impact of those vulnerabilities on other infrastructures. But, as most of these reports are unstructured description of fault events, this make their use limited and ineffective for formal research. Until now, not much work was done to methodically classify and interpret these reports. However, such classification could give infrastructure research community huge benefit to explore this massive amount of open source information. In this paper, we propose a classification method and a report layout format, which will enable meaningful analysis of these fault reports and will enable selective query and filtering when kept in a database. We have demonstrated our method by classifying and analyzing some of those reports and have explained the results in the context of interdependency research.
↧
↧
A Method for Assessing the Trustworthiness of an Entity by Cooperating Authorities
In this thesis a Model of Trust based on Bayesian Networks is introduced. The model determines the trustworthiness of a new or hitherto unknown entity by utilizing information exchanged with cooperative authorities. Results from different trust models using individual evaluation techniques to assess the trustworthiness of an entity can only be utilized using specific conversion methods or not at all. However, utilizing results from other authorities is always needed if an authority cannot evaluate an entity on its own. This would be the case, for instance, if no previous interactions with an entity have taken place and hence no experience is available for an evaluation of an entity's trustworthiness. This trust model addresses this problem and introduces a method to enable information exchange with cooperative authorities to assess a new or unknown entity, even if they use different evaluation techniques. The method is based on the exchange of trust relations. This means, rather than using absolute values reflecting the degree of confidence in an entity, this model makes use of a relative notion of trust. An entity is hereby seen as being equally or more trustworthy than another entity. The trust relations are modelled using the structure and inference algorithms of Bayesian Networks. By finally evaluating them, a new or unknown entity's trustworthiness is assessed.
↧
Accountability and Availability
Learning objectives: Comprehend the principles of security accountability and availability. Overview: Key principles of security accountability and availability are outlined and applied to application design, implementation and deployment. The impact of security audit and non-repudiation on accountability is reviewed. General concepts of security, and fault tolerance in particular, are discussed: * errors, * faults, * failures, * failure modes, * the Byzantine generals problem. Exposure to both security attacks designed to hamper the accountability and availability properties of systems, and available countermeasures is provided.
↧
A Framework for Implementing Role-based Access Control Using CORBA Security Service
The paper shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and RBAC1 implementations in the framework of CORBA Security and describe what is required from an implementation of CORBA Security service in order to support RBAC0-RBAC3 models.
↧
A Design of An Authorization Service
Outline: • CORBA security model • What CORBA Access Model does[ not] Cover • Healthcare Resource Access Control (H-RAC) high level view • Authorization Service framework design details
↧
↧
A Framework for Implementing Role-based Access Control Using CORBA Security Service
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and RBAC1 implementations in the framework of CORBA Security and describe what is required from an implementation of CORBA Security service in order to support RBAC0-RBAC3 models. Outline: - CORBA access control model - De nition of CORBA protection state con guration - Framework for implementing RBAC models using CORBA Security Service - Example con gurations of CORBA protection state that support RBAC models
↧
A Framework for Implementing Role-based Access Control Using CORBA Security Service
The presentation shows how role-based access control (RBAC) models could be implemented using CORBA Security service. A configuration of CORBA protection system is defined. We provide definitions of RBAC0 and RBAC1 implementations in the framework of CORBA Security and describe what is required from an implementation of CORBA Security service in order to support RBAC0-RBAC3 models. Outline: - CORBA access control model - Definition of CORBA protection state con guration - Framework for implementing RBAC models using CORBA Security Service - Example con gurations of CORBA protection state that support RBAC models
↧
A Resource Access Decision Service for CORBA-based Distributed Systems
Decoupling authorization logic from application logic allows applications with fine-grain access control requirements to be independent from a particular access control policy and from factors that are used in authorization decisions as well as access control models, no matter how dynamic those polices and factors are. It also enables elaborate and consistent access control policies across heterogeneous systems. We present design of a service for re-source access authorization in distributed systems. The service enables to decouple authorization logic from application functionality. Although the described service is based on CORBA technology, the design approach can be successfully used in any distributed computing environment.
↧
A Study of Three Workstation-Server Architectures for Object Oriented Database Systems
It presents a paper by David DeWitt, et al \"A Study of Three Workstation-Server Architectures for Object Oriented Database Systems\".
↧
↧
Access Control
Learning objectives: Comprehend the principles behind access control mechanisms used in today\\\\\\\'s: * operating systems, * middleware, * virtual machines. Overview: In this module, the principles behind access control mechanisms and policies employed in todays operating systems, middleware, and virtual machines are studied. Two key principles are at the basis of all protection mechanisms: * the Trusted Computing Base (TCB) * the Reference Monitor. Generic representations of access control policies follow: * Lampson Access Matrix, and its optimized forms, * Access Control Lists (ACLs) * Capabilities. The focus shifts to the main types of access control policies: * owner-based Discretionary Access Control (DAC), * lattice-based Mandatory Access Control (MAC), * Chinese Wall model, * Clark-Wilson model, and * role-based access control (RBAC).
↧
Access Control Architectures: COM+ vs. EJB
This tutorial provides an overview of access control mechanisms in two most popular commercial middleware technologies, COM+ and EJB. Three main aspects of the mechanisms are explained: a) how enforcement of the access control policies is done, b) the main elements of each technology access control model, and c) the types of policies supported. The technologies are compared, in respect to access control, against each other. Their advantages and disadvantages are discussed.
↧
Supporting end-to-end Security Across Proxies with Multiple-Channel SSL
Security system architecture governs the composition of components in security systems and interactions between them. It plays a central role in the design of software security systems that ensure secure access to distributed resources in networked environment. To this end, the security system must not only make constituent components work together, but also ensure that the components as a whole behave consistently and guarantee certain end-to-end properties. One such critical property is that the system as a whole must consistently assure security policies that it supposes to enforce. However, there is currently no rigorous and systematic ways to predict and assure such critical properties in security system design. In this paper, a systematic approach is introduced to address the problem. We present a methodology to model security system architectures and to verify whether required security constraints are assured by the composition of its components. We introduce the concept of security constraint patterns, which formally specify the generic form of security policies that all implementations of the system architecture must enforce. The analysis of the architecture is driven by the propagation of the global security constraints onto the components in an incremental process. We show that our methodology is both flexible and scalable. It is argued that such a methodology not only ensures the integrity of critical early design decisions, but also provides a framework to guide correct implementations of the design. We demonstrate the methodology through a case study, in which we model and analyze the architecture of the Resource Access Decision (RAD) Facility, an OMG standard for application-level authorization service.
↧
An Overview of The Ongoing Research at LERSSE
This presentation provides an overview of the research projects undergoing at the Laboratory for Education and Research in Secure Systems Engineering (LERSSE).
↧
↧
Analysis of Scalable Security – MC-SSL Savings
This paper investigates how MC-SSL can alleviate the CPU requirements of secure web transactions by using multiple channels, each with its own, different, cipher suite, and switching the channel based on the data’s security requirements.
↧
Applicability of CORBA Security to the Healthcare Problem Domain
This paper suggests directions OMG Healthcare Domain Task Force (CORBAmed) could take in proposing OMG standards related to security in the healthcare vertical domain. The ideas are based on the experience gained from Computerized Patient Record (CPR) security analysis and design modeling.
↧
Applying Aspect-Orientation in Designing Security Systems: A Case Study
As a security policy model evolves, the design of security systems using that model could become increasingly complicated. It is necessary to come up with an approach to guide the development, reuse and evolution of the design. In this paper, we propose an aspect-oriented design approach to designing flexible and extensible security systems. A case study demonstrates that such an approach has multifold benefits and is worth further exploration.
↧
More Pages to Explore .....
