This preview shows page 1-2-3-4-5-6-7-8-9-10-70-71-72-73-74-75-76-77-78-79-141-142-143-144-145-146-147-148-149-150 out of 150 pages.
User Role Based Security for Object-Oriented Systems/ApplicationsOverview of PresentationAn Object-Oriented Design ModelOTs, Attributes, and MethodsEncapsulation and HidingProfiles to Track Design DataAttribute ProfileMethod ProfileObject Type ProfileSlide 10Inheritance VariantsFour T-LEVEL CombinationsWhat Dictates Correct Variant?C++ Equivalents for VariantsImpact on Code GenerationSlide 16Three I-LEVEL CombinationsSlide 18C++: (REGULAR, FULL) InheritanceC++: (LEAF, RESTR1) InheritanceGlossary of Protection and Security TermsSlide 22Slide 23Slide 24Review Fundamental Security IssuesReview Policy & MechanismReview AuthenticationReview AuthorizationReview User AuthenticationReview Network AuthenticationReview What are Available Security Approaches?Security in Software Applications Focusing on DAC and URBSMotivation User-Role Based Security for OOFocusing on DAC and URBSWhat are Key Security Concepts?URBS for OO Systems/ApplicationsWhat is User-Role Based Security(URBS)?Motivating Security for OO ParadigmWhy is URBS Needed?Slide 40What is URBS Approach?FYI: The ADAM EnvironmentOO Design Model EnhancementsThe Health Care Application - OTsSlide 45Slide 46The Health Care Application - RTsThe User Role Definition HierarchyUser Role Definition Hierarchy for HCAUser Role Definition Hierarchy for HTSSPrivilege Definition ProcessPrivilege Acquisition ProcessNode Profiles and PrivilegesNode Descriptions Examples from HCARole Security Requirements Examples from HCAAssignment of Methods Positive Privileges for NodesImplied Methodology for AssignmentTwo Important ConceptsProhibited Methods Non-Allowed Actions/Negative PrivilegesConsistency Criteria Relationships Between URDH NodesA Complete Node ProfileThe Software Development Environment (SDE) ExampleThe SDE URDHNotation: Extending PPI ConceptsThe SDE URDH with Assigned Methods āLousyā AssignmentOverview: Assigned MethodsDetailed Scope and Rational How are Flaws Identified/Corrected?Revising Privileges via URDHSlide 69Revising Privileges via OTsThe SDE URDH with Assigned Methods Revised āBetterā AssignmentLast Thoughts on SDE ExampleSecurity Issues for OO ParadigmEncapsulation, Hiding, and InheritanceWhat's in an OO Application?Slide 76Polymorphism, Dispatching, Overloading All Three Embody Security Concepts!Object-Oriented Paradigm ClaimsSecurity Issues and ApproachesRelated Work -- All Examine Generated Code to Realize SecurityCore Level URBS ApproachesGeneral Solution IssuesGoals for URBS Enforcement MechanismSlide 84Slide 85Quantifying URBS ApproachesBrute Force ApproachSlide 88User-Role Subclassing ApproachSlide 90Slide 91Slide 92Slide 93User-Role Subclassing Approach Application Code Still UR SpecificURDH Class Library ApproachURDH Class Library Approach Partial Class Hierarchy for URDHURDH Class Library Approach URDH ClassesURDH Class Library Approach Impact on Application ClassesSlide 99Slide 100Slide 101Comments on URDH Class Library ApproachCompare/Contrast the Three ApproachesAdvanced URBS ApproachesGeneric URSA (GURSA)The Item.h FileThe Prescription.h FileThe Staff RN Prescription.h File (s_pres.h)The Attending MD.h File (a_pres.h)Generic_Prescription TemplateThe Main Program - GURSASlide 112Comments on GURSAMinimizing Conditional What are Problems Here?Basic Exception Approach (BEA)Modifications to Prescription ClassPrescription Implementation Pseudo-Code to Illustrate Conceptsmain() Program for BEASlide 119Comments on BEAGeneric Exception Approach (GEA)Generic Security TemplateGeneric Security ImplementationThe Item Header ClassThe Prescription Header ClassPrescription ImplementationComments on GEAAdvanced Exception HandlingRevised Generic Security TemplateSlide 130Slide 131Compare/Contrast the Four Exception Handling Based ApproachesSoftware Architectures for Consistency and Assurance of URBS PoliciesContext and ObjectivesBackground and ObjectivesFocusOverviewAssurance, Consistency, and AnalysesConsistency for User-Roles URs for OO Systems are DynamicConsistency for End User Authorizations URs for OO Systems are DynamicConcepts and DefinitionsLayered System Version 1 LS1: Application-Based ApproachLayered System Version 2 LS2: Class-Based ApproachCommunicating Processes Version 1 CP1: Single Process, Base Case, no C/SCommunicating Processes Version 2 CP2: Multi-Process/Shared AppCLCommunicating Processes Version 3 CP3: Multi Process/Shared SCL/AppCLCommunicating Processes Version 4 CP4: C/S, Replctd SCL/Shared AppCLComparison of VariantsCritique of Variants Summary/Assessment of 6 VariantsConcluding Remarks on SW ArchitecturesCSE333URBSOO-1User Role Based SecurityUser Role Based Securityfor Object-Oriented Systems/Applicationsfor Object-Oriented Systems/ApplicationsM.-Y. Hu, S. Demurjian, T.C. TingComputer Science & Engineering DepartmentThe University of ConnecticutStorrs, Connecticut 06269-3155{steve, [email protected]://www.engr.uconn.edu/~steve(860) 486 - 4818CSE333URBSOO-2Overview of PresentationOverview of PresentationļObject-Oriented Design Model ConceptsObject-Oriented Design Model ConceptsļReview: Approaches/Concepts of SecurityReview: Approaches/Concepts of SecurityļMotivation of URBS for OOMotivation of URBS for OOļUser Role Based Security for Discretionary User Role Based Security for Discretionary Access ControlAccess Controlļ±Concepts and Issuesļ±URBS Example for SDEsļ±Security Issues for OO Paradigmļ±URBS Approaches - OO and C++ļ±Advanced Security Code Generationļ±Software Architectures for URBSļReflections and CommentsReflections and CommentsCSE333URBSOO-3An Object-Oriented Design ModelAn Object-Oriented Design ModelļAssumptions of OO Design ModelAssumptions of OO Design ModelļVocabulary:Vocabulary:ļ±What are Object Types? ļ±Attributes? ļ±Methods?ļPublic Interface vs. Hidden ImplementationPublic Interface vs. Hidden ImplementationļConcept of a ProfileConcept of a ProfileļInheritance and its VariantsInheritance and its VariantsCSE333URBSOO-4OTs, Attributes, and MethodsOTs, Attributes, and MethodsCSE333URBSOO-5Encapsulation and HidingEncapsulation and HidingCSE333URBSOO-6Profiles to Track Design DataProfiles to Track Design DataļProfiles Contain Detailed Requirements on the Profiles Contain Detailed Requirements on the Semantic Contex(n)t for All Constructs of Semantic Contex(n)t for All Constructs of ApplicationApplicationļForce SWEs to Supply Detailed Design Info. As Force SWEs to Supply Detailed Design Info. As Application is DesignedApplication is
View Full Document