Security for Distributed ComputingSecurity Issues for Distributed ComputingSecurity for Distributed Applications Comprised of DBs, Legacy, COTS, etc.Identifying Key Security Requirements What are Major Security Concepts?Identifying Key Security Requirements What are Underlying Security Concepts?Identifying Key Security Requirements What are Available Security Approaches?Identifying Key Security Requirements Three Categories of QuestionsQuestions on Information Access and FlowSlide 9Questions on Security Handlers/ProcessingSlide 11Slide 12Questions on Legacy/COTS ApplicationsFocusing on DAC and URBSLegacy/COTS ApplicationsSecurity for OO Legacy/COTSSecurity for Non-OO Legacy/COTSA Distributed Security Framework Motivation and IssuesA Distributed Security FrameworkA Distributed Security Framework Interactions and DependenciesDistributed Security Policy Definition, Planning, and ManagementFormal Security Model with Reusable ComponentsSecurity Handlers and Enforcement MechanismContributions of the FrameworkRole-Based Security in a Distributed Resource Environment*OverviewOverview of the Security Process for a Distributed ApplicationGoals of Our Research EffortSun’s JINI TechnologySun’s JINI Technology Key JINI Concepts and TermsSun’s JINI Technology Join, Lookup, and Service InvocationSecurity within JINI Limitations and PotentialRole-Based Security within JINI A Proposed Solution ApproachProposed Software Architecture for Role-Based SecuritySecurity Resources and ServicesDefining a Base Line Security Model for Distributed ComputingSlide 37Slide 38Role-Based Privileges ResourceThe Services of the Role-Based Privilege ResourceAuthorization List ResourceThe Services of the Authorization-List ResourceSecurity Registration ResourceThe Services of the Security Registration ResourceSecurity Client and Resource InteractionsClient Interactions and ProcessingTwo Experimental PrototypesExperimental Prototype One JINI Prototype of Role Based ApproachExperimental Prototype One Execution ProcessExperimental Prototype Two The Security Client PrototypeRecall Security Resources and ServicesExperimental Prototype Two Role-Based Privilege Resource & ServicesExperimental Prototype Two Authorization List Resource & ServicesExperimental Prototype Two Security Registration Resource & ServicesRelated WorkConclusionsFuture WorkSlide 58IFIP 2000-1Profs. Steven A. Demurjian Computer Science & Engineering Department191 Auditorium Road, Box U-155The University of ConnecticutStorrs, Connecticut 06269-3155http://www.engr.uconn.edu/[email protected] Security for Distributed Computing Security for Distributed Computing Security Issues for Distributed ComputingSecurity Issues for Distributed ComputingA Proposed Distributed Security FrameworkA Proposed Distributed Security FrameworkRole-Based Security in a Distributed Resource Role-Based Security in a Distributed Resource EnvironmentEnvironmentIFIP 2000-2Security Issues for Distributed ComputingSecurity Issues for Distributed ComputingBackground and MotivationBackground and MotivationWhat are Key Distributed Security Issues?What are Major/Underlying Security Concepts?What are Available Security Approaches?Identifying Key Distributed Security RequirementsIdentifying Key Distributed Security RequirementsFocusing on Discretionary Access Control (DAC) Focusing on Discretionary Access Control (DAC) and User-Role Based Security (URBS) for OOand User-Role Based Security (URBS) for OOPropose Preliminary Security Techniques to Address Propose Preliminary Security Techniques to Address OO and Non-OO Legacy/COTS Appls.OO and Non-OO Legacy/COTS Appls.IFIP 2000-3Security for Distributed Applications Security for Distributed Applications Comprised of DBs, Legacy, COTS, etc.Comprised of DBs, Legacy, COTS, etc.LegacyLegacyLegacyCOTSCOTSCOTSDatabaseDatabaseNETWORKJavaClientJavaClientHow is Security Handled How is Security Handled for Individual Systems?for Individual Systems?What about Distributed What about Distributed Security?Security?Security Issues for New Clients?Security Issues for New Clients?New Servers? Across Network?New Servers? Across Network?What if Security Never Available What if Security Never Available for Legacy/COTS/Database?for Legacy/COTS/Database?Security Policy, Model, Security Policy, Model, and Enforcement?and Enforcement?IFIP 2000-4Identifying Key Security RequirementsIdentifying Key Security Requirements What are Major Security Concepts? What are Major Security Concepts?AuthenticationAuthenticationIs the Client who S/he Says they are?AuthorizationAuthorizationDoes the Client have Permission to do what S/he Wants?PrivacyPrivacyIs Anyone Intercepting Client/Server Communications?Enforcement MechanismEnforcement MechanismCentralized and Distributed “Code”Enforces Security Policy at RuntimeIFIP 2000-5Identifying Key Security RequirementsIdentifying Key Security Requirements What are Underlying Security Concepts? What are Underlying Security Concepts?AssuranceAssuranceAre the Security Privileges for Each Client Adequate to Support their Activities?Do the Security Privileges for Each Client Meet but Not Exceed their Capabilities?ConsistencyConsistencyAre the Defined Security Privileges for Each Client Internally Consistent?Least-Privilege Principle: Just Enough AccessAre the Defined Security Privileges for Related Clients Globally Consistent?Mutual-Exclusion: Read for Some-Write for OthersIFIP 2000-6Identifying Key Security RequirementsIdentifying Key Security Requirements What are Available Security Approaches? What are Available Security Approaches?Mandatory Access Control (MAC)Mandatory Access Control (MAC)Bell/Lapadula Security ModelSecurity Levels for Data ItemsAccess Based on Clearance of UserDiscretionary Access Control (DAC)Discretionary Access Control (DAC)Richer Set of Access ModesFocused on Application Needs/RequirementsUser-Role Based Security (URBS)User-Role Based Security (URBS)Variant of DACResponsibilities of Users Guiding FactorFacilitate User Interactions while Simultaneously Protecting Sensitive DataIFIP 2000-7Identifying Key Security RequirementsIdentifying Key Security Requirements Three Categories of Questions Three Categories of QuestionsQuestions on Information Access and FlowQuestions on Information Access and FlowUser Privileges key to Security PolicyInformation for Users and Between
View Full Document