Data and Applications Security Developments and DirectionsOutlineConcepts in Object Database SystemsExample Class HierarchyExample Composite ObjectSecurity IssuesObjects and SecurityAccess ControlAccess Control HierarchiesSecure Object Relational ModelPolicy EnforcementSample SystemsMultilevel SecuritySome Security PropertiesMultilevel Secure Object Relational SystemsSample MLS Object SystemsObjects for Secure ApplicationsObject ModelingDynamic ModelFunctional ModelUML and PoliciesDistributed Object Management SystemsObject-based InteroperabilityJavasoft’s RMI (Remote Method Invocation)Slide 25Secure Object Request BrokersCORBA (Common Object Request Broker Architecture) SecurityOMG Security SpecificationsSlide 29CORBA (Common Object Request Broker Architecture) Security - 2Dependable Object Request BrokersSecure FrameworksDirectionsData and Applications Security Developments and DirectionsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #14Secure Object SystemsMarch 12, 2006OutlineBackground on object systemsDiscretionary securityMultilevel securityObjects for modeling secure applicationsObject Request BrokersSecure Object Request BrokersSecure frameworksDirectionsConcepts in Object Database SystemsObjects- every entity is an object-Example: Book, Film, Employee, CarClass -Objects with common attributes are grouped into a class Attributes or Instance Variables-Properties of an object class inherited by the object instancesClass Hierarchy-Parent-Child class hierarchyComposite objects-Book object with paragraphs, sections etc. Methods-Functions associated with a classExample Class HierarchyDocumentClassD1D2Book SubclassB1# of ChaptersVolume #Print-doc-att(ID)Method1:JournalSubclassJ1Print-doc(ID)Method2: ID Name Author PublisherExample Composite ObjectCompositeDocumentObjectSection 1ObjectSection 2ObjectParagraph 1ObjectParagraph 2ObjectSecurity IssuesAccess Control on Objects, Classes, Attributes etc.Execute permissions on MethodsMultilevel SecuritySecurity impact on class hierarchiesSecurity impact on composite hierarchiesObjects and SecuritySecure OOMUnified Object Model is EvolvingSecure OODBPersistentdata storeSecure OODADesign and analysisSecure DOMInfrastructure Secure OOPLProgramming languageSecure FrameworksBusiness objectsSecure OOTTechnologiesAccess ControlEMP ClassInstance Variables:SS#, Ename, Salary, D#OID = 100OID = 200OID = 3001, John, 20K, 102, Paul, 30K, 203, Mary, 40K, 20Increase-Salary(OID, Value)Read-Salary(OID, amount)Amount := Amount + ValueWrite-Salary(OID, Amount)DEPT ClassInstance Variables:D#, Dname, MgrOID = 500OID = 60010, Math, Smith20, Physics, JonesAccess Control Rules:John has update access to EMP ClassJane has read access to DEPT ClassJane has update access to object with OID = 500Mary has execute access to Increase Salary methodAccess Control HierarchiesM G RSubclassEN GSubclassEM PClassA ccess Control Rules on Class HierarchyJohn has update access to EM P ClassJohn has read access to M G R ClassBookObjectIntroductionSet of SectionsReferencesAccess C ontrol Rules on A ggregate HierarchyJohn has update access to Introduction and ReferencesJohn has read access to Set of SectionsSecure Object Relational ModelBOOKISBN# Bname Contents1 X 2 Y3 Z+ + + + ########John has update access to Book object with ISBN #1Jane has read access to Book object with ISBN #2Access Control RulesPolicy EnforcementPolicy Enforcement Mechanisms:Query Modification Algorithm on objects and instance variablesRule processing integrated with method execution for enforcing access controlVisualizing access control policies on objects using UML and other specificationsSample SystemsExample Systems:Security forGemstone (originally Servio Logic)Objectstore (originally Object Design)Ontos (originally Ontos Inc)Starburst (IBM Almaden)O2 (Altair Group)ORION (MCC)IRIS (HP Labs)Multilevel SecurityBookObjectBookObjectIntroductionSet of SectionsReferencesUnclassifiedTopSecretSecretSome Security PropertiesSecurity level of an instance must dominate the level of the classSecurity level of a subclass must dominate the level of the superclassClassifying associations between two objectsMethod must execute at a level that dominates the level of the methodMultilevel Secure Object Relational SystemsBOOKISBN# Bname Contents1 X 2 Y3 Z+ + + + ########LevelTopSecretSecretUnclassifiedSample MLS Object SystemsDesign Approaches:SORION (Thuraisingham, MITRE)SO2 (Thuraisingham, MITRE)Millen-Lunt (Millen and Lunt, SRI)SODA (Keefe et al, U. of MN)Morgenstern (Morgenstern, SRI)UFOS (Rosenthal et al, MITRE)Message Passing (Jajodia and Kogan, GMU)Objects for Secure ApplicationsObject Modeling Technique for Secure Database Applications:Object Model: Models the static aspects of the application and security properties using objectsDynamic Model: Models the activities and the security properties of the activitiesFunctional Model: Generates the data flow diagrams and the security levels of the methodsObject ModelingSHIP ClassRange: Unclassified ---- Secret Unclassified Attributes:IDNameGroupSecret AttributesCaptainMissionSHIP InstanceID: YYYName: FloridaGroup: ZZZCaptain: SmithMission: AAADynamic ModelCaptainLevel: UOperational Level CShipLevel: UMission-PlanLevel: UWith U, C and S attributesMissionLevel: UOperational level: SReserve ship:security problem-information flow from C to UReserved statusCarry out missionGet mission detailsMission detailsMission statusProblem: information flow from S to CFunctional ModelSHIPplangood statusMission IDbad statusstatusGET PLANEXECUTE MISSIONCAPTAINRESERVEMISSION PLANUML and PoliciesPolicy A: User has RolesUser Class:Attributes of the UserNameAgeGender- - - - - -Role Class:Attributes of the RoleNameFunctions- - - - - - -HasUser Class:Attributes of the UserNameAgeGender- - - - - -Activity Class:Attributes of the ActivityNameDescription- - - - - - -Carries outPolicy B: User Carries out ActivitiesUser Class:Attributes of the UserNameAgeGender- - - - - -Role Class:Attributes of the RoleNameFunctions- - - - - - -HasActivity Class:Attributes of the ActivityNameDescription- - - - - - -Carries outMerged Policy C: User has Roles andCarries out ActivitiesPolicy A: User has RolesUser Class:Attributes of the UserNameAgeGender- - - - - -Role Class:Attributes of the RoleNameFunctions- - - - - - -HasUser Class:Attributes of the UserNameAgeGender- - - - - -Activity Class:Attributes of
View Full Document