Agent Approaches to Role-Based SecurityOverview of PresentationDistributed and Web-Based ApplicationsSoftware Agent Computing ParadigmSlide 5Influence of Previous and Related WorkSlide 7Architecture for Baseline Agent ApproachComponents and AgentsSlide 10User Agent (UA)Information Retrieval Agent (IRA)Object Security Agent (OSA)Architecture for Hierarchical Agent ApproachSlide 15IRA ProcessingSlide 17Architecture for Object-Security Manager Agent ApproachOSA ManagerAglets - Java AgentsArchitecture for Agent ImplementationVersion of Baseline ApproachIllustration of Aglet Interaction CodeSlide 24Bitmap from Experimental PrototypeConcluding RemarksCSE300Agent-1.1Agent Approaches to Role-Based SecurityAgent Approaches to Role-Based SecurityS. Demurjian, Y. He, T.C. Ting, and M. SabaComputer Science & Engineering DepartmentThe University of ConnecticutStorrs, Connecticut 06269-3155{steve, ting, saba}@engr.uconn.eduhttp://www.engr.uconn.edu/~steve(860) 486 - 4818Work Presented Herein atWork Presented Herein atIFIP WG 11.3 13th Conference on DatabaseIFIP WG 11.3 13th Conference on DatabaseSecurity, Seattle, WA, 1999.Security, Seattle, WA, 1999.CSE300Agent-1.2Overview of PresentationOverview of PresentationBackground and MotivationBackground and MotivationDistributed and Web Based ApplicationsSoftware Agent Computing ParadigmPrevious and Related WorkAgent Approaches to Role-Based SecurityAgent Approaches to Role-Based SecurityExperimental Prototype via Java Aglets Experimental Prototype via Java Aglets Concluding Remarks and Future WorkConcluding Remarks and Future WorkCSE300Agent-1.3Distributed and Web-Based ApplicationsDistributed and Web-Based ApplicationsUtilize New and Existing Info. InnovativelyUtilize New and Existing Info. InnovativelyDistributed/Web-Based Applications are:Distributed/Web-Based Applications are:Combo of Legacy, COTS, DBs, New C/SElectronic Banking/CommerceInformation Dissemination (Push/Pull)Leverage Computing and Network ResourcesLeverage Computing and Network ResourcesTranscend Available AlternativesTranscend Available AlternativesMAC, DAC, Role-BasedEmploy as “Local” Solutions?New Computing Paradigms EmergingNew Computing Paradigms EmergingSoftware AgentsVarious ImplementationsCSE300Agent-1.4Software Agent Computing ParadigmSoftware Agent Computing ParadigmWhat is an Agent?What is an Agent?Acts on Behalf of Individuals(Users) on TaskState and Behavior in Runtime EnvironmentFour Mandatory PropertiesFour Mandatory PropertiesSense/React to Environment ChangesAutonomously Control Own State/BehaviorProactive to Specific User GoalsConstantly Executing in Runtime EnvironmentStationary Agent: Limited to Single NodeStationary Agent: Limited to Single NodeMobile Agent: Migrate Across Network to Mobile Agent: Migrate Across Network to Accomplish Required TasksAccomplish Required TasksCSE300Agent-1.5Software Agent Computing ParadigmSoftware Agent Computing ParadigmAgents Akin to ObjectsAgents Akin to ObjectsCreated and DestroyedInteract by Passing MessagesRemote Method Invocation ProhibitedAttractiveness of Agents for SecurityAttractiveness of Agents for SecurityAgents Created by Client to Carry Out Secure Access to Remote ClientsVisit Multiple Nodes to Satisfy “Request”Specificity of Role Dictates Agent BehaviorCaveat: Mobile Agents Significant Security Caveat: Mobile Agents Significant Security Concern Due to Potential Ability to Act as Threat!Concern Due to Potential Ability to Act as Threat!CSE300Agent-1.6Influence of Previous and Related WorkInfluence of Previous and Related WorkOur Previous Efforts inOur Previous Efforts inSoftware Architectural Alternatives with Limited DistributionJava’s Impact and Potential on Distributed Computing/SecurityRelated work by Related work by Hale 1998Secure Distributed Object and Language Programming Framework for Internet-Based Apps.Tari 1998Distributed Object Kernel as Framework to Design and Implement Distributed Security PoliciesCSE300Agent-1.7Agent Approaches to Role-Based SecurityAgent Approaches to Role-Based SecurityDistributed/Web-Based Applications to Access Distributed/Web-Based Applications to Access Remote Objects of Legacy, COTs, DBs, C/S, etc.Remote Objects of Legacy, COTs, DBs, C/S, etc.Orthogonal GoalsOrthogonal GoalsSecurity to Control/Limit InteractionsDistributed/Web-Based Computing to Enable Interoperation/Facilitate AccessPropose and Discuss Three Agent ArchitecturesPropose and Discuss Three Agent ArchitecturesBaseline Agent ApproachHierarchical Agent ApproachObject-Security Manager Agent ApproachAssume a Role-Based Context, but Other Security Assume a Role-Based Context, but Other Security Approaches may also ApplyApproaches may also ApplyCSE300Agent-1.8Architecture for Baseline Agent ApproachArchitecture for Baseline Agent ApproachClientApplicationUAIRAIRAOSAObjectClientServerKey: UA: User Agent IRA: Information Retrieval Agent OSA: Object Security AgentCSE300Agent-1.9Components and AgentsComponents and AgentsClient Application (CA)Client Application (CA)GUI/Software Tool for UserUser Limited to Single Role at Any TimeRole/User Request Passed to UAUsers Modify Single Remote Object/RequestCA Manages Multiple Requests in SerialUser Agent (UA)User Agent (UA)Stationary Agent Created by CA for UserUA Receives Request from CAUA Transforms Request and Creates IRAUA Forwards Request to IRA and Waits UA Receives Response for IRA and Transforms for Return to CACSE300Agent-1.10Components and AgentsComponents and AgentsInformation Retrieval Agent (IRA)Information Retrieval Agent (IRA)Mobile Agent Created by UALimited to Interacting with UA and OSAIRA Created and Dispatched by UAIRA Moves from Client to Server to ClientInteract with Remote Object and Return ResultObject Security Agent (OSA)Object Security Agent (OSA)Stationary Agent (or Collection of Security Objects) or a Mobile AgentEnforce Security Policy for Remote ObjectBased on Permissible Actions by RoleObjectObjectRemote Object Provides Services to CACSE300Agent-1.11User Agent (UA)User Agent (UA)UA Arbitrates Interaction of CA and IRAUA Arbitrates Interaction of CA and IRAUA Allocation StrategiesUA Allocation StrategiesUser-Based Allocation (UBA)UA Dedicated to Each User, Created Upon Login, Lives During
View Full Document