This report describes application domain, design and usage of Kernel Organization Zappy Environment for Linux (KOZEL, pronounced “kozz’jol”) developed during a term project for Expert Systems cource CEN5120 tought by Dr. Pelin in Spring of 1997 at School of Computer Science, Florida International University. We present the problem the system is designed to solve, discuss a conceptual view of the system architecture, give a detailed picture of its implementation and describe usage of the system.
KOZEL: Kernel Organization Zappy Environment for Linux
↧
↧
Mastering Web Services Security
We present material on how to use the architectures and technologies and how to understand the specifications that are available to build a secure Web Services system. Since this technology is rapidly changing, we present the theory behind the models and explain the thinking behind many of the security specifications that are at the forefront of the technology today. Our emphasis is on showing you how to build and understand the complexities of a secure end-to-end Web Services system. This book gives you both a detailed technical understanding of the major components of an end-to-end enterprise security architecture and a broad description of how to deploy and use Web Services security technologies to protect your corporation and its interaction with the outside world.
↧
Method and System for Authorization and Access to Protected Resources
The present invention relates to the access of data resources using a Resource Access Decision Facility (RAD), preferably a CORBA RAD. More particularly, embodiments of the present invention provide enhancements to a RAD that allow additional query capabilities and faster resource access.
↧
Middleware and Web Services Security
Challenges of designing secure distributed applications are due to distribution, scale and object orientation. We will discuss the functionalities and capabilities of the security mechanisms of today middleware and web services technologies, such as EJB, COM+, and ASP.NET, that allow addressing these challenges.
↧
Middleware and Web Services Security Mechanisms
Learning objectives: Gain a working knowledge of the security mechanisms of current Middleware and Web Services technologies. Overview: Challenges of designing secure distributed applications are due to distribution, scale and object orientation. The functionalities and capabilities of the security mechanisms of today Middleware and Web Services technologies, such as EJB, COM+, and ASP.NET, are cases suited to addressing these challenges.
↧
↧
Object Security Attributes: Enabling Application-specific Access Control in Middleware
This paper makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.
↧
Object Security Attributes: Enabling Application-specific Access Control in Middleware
This presentation makes two primary contributions toward establishing support for application-specific factors in middleware security mechanisms. First, it develops a simple classification framework for reasoning about the architecture of the security mechanisms in distributed applications that follow the decision-enforcement paradigm of the reference monitor. It uses the framework to demonstrate that the existing solutions lack satisfying trade-offs for a wide range of those applications that require application-specific factors to be used in security decisions while mediating access requests. Second, by introducing attribute function in addition to decision and enforcement functions, it proposes a novel scheme for clean separation among suppliers of middleware security, security decision logic, and application-logic, while supporting application-specific protection policies. To illustrate the scheme on a concrete example, we describe its mapping into CORBA Security.
↧
Official Requirements and Recommendations from Various Organizations on Security for Baptist Health Systems of South Florida
This report describes recommendations and official requirements from various organizations that guide architecture of CPR security at BHSSF.
↧
On the Benefits of Decomposing Policy Engines into Components
In order for middleware systems to be adaptive, their properties and services need to support a wide variety of application-specific policies. However, application developers and administrators should not be expected to cope with complex policy languages and evaluation engines or to develop custom engines from scratch. In this paper, we discuss the benefits of policy engines designed as component frameworks with a mix of parameterized pre-built and custom logic composed to implement complex policies. To provide an example of such a design approach, we present an authorization architecture for ASP.NET Web services that has been implemented in a real-world system.
↧
↧
Overview of CORBA Security
Outline: • Introduction into computer security • Security in OO systems • CORBA security model overview • Application access control in CORBA • Resource Access Decision Facility • Further Information
↧
Overview of Reference Model of Open Distributed Processing (RM-ODP)
Outline: - Why Languages for Enterprises? - Introduction - RM-ODP goal - What it de nes - Viewpoints - Modeling in RM-ODP - Languages - Analysis of RM-ODP - Summary - Additional Information
↧
Performance Considerations for a CORBA-based Application Authorization Service
Resource Access Decision (RAD) Service allows separation of authorization from application functionality in distributed application systems by providing a logically centralized authorization control mechanism. RAD has attractive features such as decoupling of authorization logic from application logic, simplicity, generality, flexibility, support for complex application level access control, and ease of policy administration in heterogeneous, distributed systems. However, there is a concern of performance penalty for obtaining authorization decisions from a possibly remote server on each application request. We describe our work in measuring run-time performance of a CORBA-based Application Authorization Service (CAAS), which is compliant with the OMG specification of Resource Access Decision Facility, and draw conclusions about performance considerations in implementation of RAD compliant authorization services. We identify factors, which affect overall run-time performance of the approach and suggest possible solutions.
↧
Preview: Mastering Web Services Security
This presentation gives an overview of the upcoming book on Mastering Web Services Security that I co-authored with my colleagues at Quadrasis.
↧
↧
Recycling Authorizations: Toward Secondary and Approximate Authorizations Model (SAAM)
In large and complex enterprises, obtaining authorizations could be communicationally and/or computationally expensive, and, due to infrastructure failures, some times even impossible. This paper establishes the concept of recycling previously made authorizations for serving new authorization requests. It introduces secondary and approximate authorizations model (SAAM) with the semantics of matching best suitable approximate authorizations.
↧
Requirements for Access Control: US Healthcare Domain
Roles are important factors in authorization rules. However, other information is essential in order to make authorization decisions at healthcare enterprises. An effective authorization language that would incorporate concepts of roles, a liation, location, relationships and time is needed.
↧
Requirements for Access Control: US Healthcare Domain
Roles are important factors in authorization rules. However, other information is essential in order to make authorization decisions at healthcare enterprises. An effective authorization language that would incorporate concepts of roles, a liation, location, relationships and time is needed.
↧
Resource Access Decision Facility: Overview
Outline: • Why you need Resource Access Decision Facility • Main aspects of RAD specification design • Main design decisions made by RAD submission team
↧
↧
Resource Access Decision Server: Design and Performance Considerations
Presentation on the design and the conducted performance measurements of RAD server prototype built at CADSE. Outline: • Introduction • RAD Specification Overview • RAD Prototype Design • Performance Measurements – Model, Measurements, Results – Implementation Considerations • Conclusions
↧
Resource Names for Resource Access Decision (Facility)
Presentation given to the joint SecSIG/CORBAmed session on Resource Access Decision facility, as part of the presentation on the revised submission to the OMG Healthcare Resource Access Control RFP. Outline: • Resource names are units of access control • Data structure of resource names • Related administrative operations • Grouping of resource names • Healthcare resource names RFP requirement • Existing, in progress, and future CORBAmed specifications and RAD resource names
↧
Security Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and error-prone to build, deploy, and integrate, b) complex and error-prone to operate and administer, and still c) far from being adequate to the real-life problems. Drawing on my academic and industrial experiences, I will discuss several recently invented techniques that can improve engineering of security mechanisms for distributed systems. I will specifically talk about improving those mechanisms that are based on the decision-enforcement paradigm, and will use access control as a representative example. I will also briefly describe other relevant projects at the Department of Electrical and Computer Engineering, the University of British Columbia.
↧
Security Engineering for Large Scale Distributed Applications
The way security mechanisms for large-scale distributed applications are engineered today has a number of serious drawbacks. As a result, secure distributed applications are a) very expensive and error-prone to build, deploy, and integrate, b) complex and error-prone to operate and administer, and still c) far from being adequate to the real-life problems. Drawing on my academic and industrial experiences, I will discuss several recently invented techniques that can improve engineering of security mechanisms for distributed systems. I will specifically talk about improving those mechanisms that are based on the decision-enforcement paradigm, and will use access control as a representative example. I will examine in detail one particular method, Attribute Function, which enables the use of application-specific data in authorization decisions while keeping distributed applications security unaware. The talkl was given at the following organizations: * Departement Computerwetenschappen, Katholieke Universiteit Leuven, on June 19, 2003. * Department of Electrical and Computer Engineering, University of British Columbia, on March 7, 2003. * The Department of Computing and Software, McMaster University, on February 25, 2003. * Faculty of Computer Science, Dalhousie University, on January 28, 2003.
↧
↧
Security Requirements in Healthcare
Presentation on requirements in US healthcare organizations to security vendors, given to the joint SecSIG/CORBAmed session. Outline: • Risks • Requirements – Security requirements to the healthcare organizations – functional and non-functional requirements for security architectures • BHSSF example to illustrate
↧
Software Engineering at ECE
This talk gives a brief overview of the Software Engineering teaching and research at the Department of Electrical and Computer Engineering, the University of British Columbia.
↧
SPAPI: A Security and Protection Architecture for Physical Infrastructures and Its Deployment Strategy Using Sensor Networks
In recent years, concerns about the safety and security of critical infrastructures have increased enormously. The se infrastructures can easily become subjects of physical and cyber attacks. In this paper, we propose a software architecture named Security and Protection Architecture for Physical Infrastructures (SPAPI) for the protection of these critical infrastructures and for other non-military uses. SPAPI has hierarchical, loosely coupled, autonomous management modules for authentication, monitoring and the policy-based control of their respective domains. Due to their autonomous design, each management module works independently according to their predefined policies. In this paper we discuss the design and application of SPAPI in the context of a hypothetical chemical process facility.
↧
Supporting Relationships in Access Control Using Role Based Access Control
The Role Based Access Control (RBAC) model and mechanism have proven to be useful and effective. This is clear from the many RBAC implementations in commercial products. However, there are many common examples where access decisions must include other factors, in particular, relationships between entities, such as, the user, the object to be accessed, and the subject of the information contained within the object. Such relationships are often not efficiently represented using traditional static security attributes centrally administered. Furthermore, the extension of RBAC models to include relationships obscures the fundamental RBAC metaphor. This paper furthers the concept of relationships for use in access control, and it shows how relationships can be supported in role based access decisions by using the Object Management Group’s (OMG) Resource Access Decision facility (RAD). This facility allows relationship information, which can dynamically change as part of normal application processing, to be used in access decisions by applications. By using RAD, the access decision logic is separate from application logic. In addition, RAD allows access decision logic from different models to be combined into a single access decision. Each access control model is thus able to retain its metaphor.
↧
↧
More Pages to Explore .....
