Security Issues for Distributed ComputingOverviewSecurity for Distributed ApplicationsRecall Dynamic CoalitionsDC for Military Deployment/EngagementDC for Medical EmergencySecurity Issues: Confidence in SecuritySecurity for CoalitionsFour Categories of QuestionsSoftware Development Process QuestionsSlide 11Information Access and Flow QuestionsSlide 13Security Handlers/Processing QuestionsSecurity Handlers/Processing QuestionsSlide 16Legacy/COTS Applications QuestionsFocusing on MAC, DAC and RBACLegacy/COTS ApplicationsA Distributed Security FrameworkSlide 21Interactions and DependenciesPolicy Definition, Planning, ManagementThree-Pronged Security EmphasisSecure Software Design - T. DoanRBAC/MAC at Design LevelSecure Software Design - J. PavlichAspects for Security in UMLA Role-Slice for ProfessorsA Role Slide for StudentsMiddleware-Based Security - C. PhillipsProcess-Oriented ViewSecurity for XML DocumentsConcluding RemarksSECISS-1CSE333Prof. Steven A. Demurjian Computer Science & Engineering Department191 Auditorium Road, Box U-155The University of ConnecticutStorrs, Connecticut 06269-3155http://www.engr.uconn.edu/[email protected] Security Issues for Distributed Computing Security Issues for Distributed ComputingSECISS-2CSE333OverviewOverviewBackground and MotivationBackground and MotivationWhat are Key Distributed Security Issues?What are Major/Underlying Security Concepts?What are Available Security Approaches?Identifying Key Distributed Security RequirementsIdentifying Key Distributed Security RequirementsFrame the Solution ApproachFrame the Solution ApproachOutline UConn Research Emphasis:Outline UConn Research Emphasis:Secure Software Design (UML and AOSD)Middleware-Based Realization (CORBA/JINI)Information Exchange via XMLSECISS-3CSE333Security for Distributed ApplicationsSecurity for Distributed ApplicationsLegacyLegacyLegacyCOTSCOTSCOTSDatabaseDatabaseNETWORKJavaClientJavaClientHow is Security Handled How is Security Handled for Individual Systems?for Individual Systems?What about Distributed What about Distributed Security?Security?Security Issues for New Clients?Security Issues for New Clients?New Servers? Across Network?New Servers? Across Network?What if Security Never Available What if Security Never Available for Legacy/COTS/Database?for Legacy/COTS/Database?Security Policy, Model, Security Policy, Model, and Enforcement?and Enforcement?SECISS-4CSE333Recall Dynamic CoalitionsRecall Dynamic CoalitionsCrisisCrisis Any Situation Requiring Natl. or I’Natl. AttentionCoalitionCoalition Alliance of OrganizationsMilitary, Civilian, International or any CombinationDynamicDynamic CoalitionCoalition Formed in a Crisis and Changes as Crisis Develops Key Concern Being the Most Effective way to Solve the CrisisDynamic Coalition Problem (DCP)Dynamic Coalition Problem (DCP) Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being FormedSECISS-5CSE333FADDAFATDSGCCS-AMCSASASCSSCSOtherABCSU.N.U.S.ANGO/PVONATOMarine CorpsNavyAir ForceArmyGCCSBattle ManagementSystemJointCommandSystemArmy Battle CommandSystemCombatOperationsSystemU.S. Global C2 SystemsDC for Military Deployment/EngagementDC for Military Deployment/EngagementLFCSCanadaSICF FranceHEROS GermanySIACCON ItalyOBJECTIVES: Securely Leverage Information in a Fluid EnvironmentProtect Information While Simultaneously Promoting the CoalitionSecurity Infrastructure in Support of DCPSECISS-6CSE333DC for Medical EmergencyDC for Medical EmergencyGovt.TransportationMilitaryMedicsLocalHealthCareCDCISSUES: Privacy vs. Availability in Medical RecordsSupport Life-Threatening Situations via Availability of Patient Data on DemandPharma.CompaniesGovt.MDs w/oBordersRedCrossRNsEMTsMDsStateHealthOtherSECISS-7CSE333Security Issues: Confidence in SecuritySecurity Issues: Confidence in SecurityAssuranceAssuranceAre the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?What Guarantees are Given by the Security Infra-structure of DC in Order to Attain:Safety: Nothing Bad Happens During ExecutionLiveness: All Good Things can Happen During ExecutionConsistencyConsistencyAre the Defined Security Privileges for Each User Internally Consistent? Least-Privilege PrincipleAre the Defined Security Privileges for Related Users Globally Consistent? Mutual-ExclusionSECISS-8CSE333Security for CoalitionsSecurity for CoalitionsDynamic Coalitions will play a Critical Role in Dynamic Coalitions will play a Critical Role in Homeland Security during Crisis SituationsHomeland Security during Crisis SituationsCritical to Understand the Security Issues for Users Critical to Understand the Security Issues for Users and System of Dynamic Coalitionsand System of Dynamic CoalitionsMulti-Faceted Approach to SecurityMulti-Faceted Approach to SecurityAttaining Consistency and Assurance at Policy Definition and EnforcementCapturing Security Requirements at Early Stages via UML Enhancements/ExtensionsProviding a Security Infrastructure that Unifies RBAC and MAC for Distributed SettingSECISS-9CSE333Four Categories of QuestionsFour Categories of QuestionsQuestions on Software Development ProcessQuestions on Software Development ProcessSecurity Integration with Software DesignTransition from Design to DevelopmentQuestions on Information Access and FlowQuestions on Information Access and FlowUser Privileges key to Security PolicyInformation for Users and Between UsersQuestions on Security Handlers and ProcessorsQuestions on Security Handlers and ProcessorsManage/Enforce Runtime Security PolicyCoordination Across EC NodesQuestions on Needs of Legacy/COTS Appls.Questions on Needs of Legacy/COTS Appls.Integrated, Interoperative Distributed Application will have New Apps., Legacy/COTS, Future COTSSECISS-10CSE333Software Development Process QuestionsSoftware Development Process QuestionsWhat is the Challenge of Security for Software What is the Challenge of Security for Software Design?Design?How do we Integrate Security with the Software Design Process?What Types of Security Must be Available?How do we Integrate Security into OO/Component How do we Integrate Security into OO/Component Based Design?Based Design?Integration into OO Design?Integration into UML Design?What Guarantees Must be Available in Process?What Guarantees Must be Available in
View Full Document