a connector a connector centric approach centric approach
play

A Connector- A Connector- Centric Approach Centric Approach to - PowerPoint PPT Presentation

Dec 05, 2022 •170 likes •917 views

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural Access Control Access Control Jie Ren Department of Informatics University of California, Irvine Outline Overview Architecture and

  1. A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural Access Control Access Control Jie Ren Department of Informatics University of California, Irvine

  2. Outline � Overview – Architecture and Security – Software connectors – Hypotheses, approach, validation, contribution � Architectural Access Control – Model: Subject, Principal, Resource, Privilege, Safeguard, Policy – Language: xADL, XACML, and Secure xADL – Contexts: neighborhood, type, container, architecture – Algorithm: interface access and privilege propagation � Advanced concepts – RBAC, trust, content-based, architectural execution � Tool support � Case studies � Conclusion January 20, 2006 Overview 2

  3. Security Incidents Reported to CERT Incidents 140,000 120,000 100,000 80,000 60,000 40,000 20,000 0 1995 1996 1997 1998 1999 2000 2001 2002 2003 January 20, 2006 Overview 3

  4. 4 Wing, IEEE Security & Privacy, 2003 Re-architecting boosts security! Overview January 20, 2006

  5. Problem � Architectural Access Control: – How can we describe and check access control issues at the software architecture level? January 20, 2006 Overview 5

  6. Main Goal � Integrate security and software architecture – Integrate – Security: integrity through access control – Architecture level: abstraction – Software engineering perspective: how to express, check, and enforce January 20, 2006 Overview 6

  7. Security Overview � Security – confidentiality, integrity, availability � Security policy, model, mechanism � Reference Monitor and Trusted Computing Base – Anderson 1972 January 20, 2006 Overview 7

  8. Classic Discretionary Access Control � Lampson 1971 � Subject � Object � Privilege January 20, 2006 Overview 8

  9. Component and Architecture Security � Component-based Software Engineering – Computer Security Contract, Khan 2001 – cTLA Contract, Herrmann 2003 � Software Architecture – ASTER, Bidan and Issarny 1997 – System Architecture Model, Deng et al. 2003 – SADL, Moriconi et al. 1997 – Law-Governed Architecture, Minsky 1998 � Mostly cryptography, insufficient access control January 20, 2006 Overview 9

  10. Connectors � Why connectors – Model the fundamental communication issue � Should they be first class citizens? – Capture and reuse � Existing work – Taxonomy: Mehta 2000 – Assembly Language: Mehta 2004 – Constructions: Lopes 2003 – Transformation: Spitznagel 2001 � Shortcoming: insufficient access control – Dependability: Spitznagel 2004 January 20, 2006 Overview 10

  11. Hypotheses � Hypothesis 1: An architectural connector may serve as a suitable construct to model architectural access control � Hypothesis 2: The connector-centric approach can be applied to different types of componentized and networked software systems � Hypothesis 3: With connector propagating privileges, the access control check algorithm can check the suitability of accessing interfaces � Hypothesis 4: In an event-based architecture style, connectors can route events in accordance with the secure delivery requirements January 20, 2006 Overview 11

  12. Approach � A connector-centric approach to describe and enforce Architectural Access Control – Combine software architecture and security research – Adopt an integrated access control model: classic, role-based, trust management – Secure xADL, based on xADL and XACML – Architectural contexts – Architectural execution – Connector-centric description and enforcement – Tool support January 20, 2006 Overview 12

  13. Validation � Algorithm analysis – Based on graph reachability � Four case studies – Development of secure coalition � Connector for secure message delivery – Development of Impromptu � Composite connector among heterogeneous components – Modeling of Firefox component security � Algorithm to check critical path with the connector – Modeling of DCOM security � Connectors for networked components January 20, 2006 Overview 13

  14. Contributions � A novel approach to the design and analysis of the access control property for software architectures � A usable formalism for modeling and reasoning about architectural access control � An algorithm for checking whether the architectural model maintains proper access control at design-time � A suite of usable tools to design and analyze secure software January 20, 2006 Overview 14

  15. Architectural Access Control � Basic concepts, applied in architecture – Subject, Principal, Resource, Permission/Privilege/Safeguard, Policy � Secure xADL – xADL – XACML – Language design � Contexts – Neighborhood, type, container, architecture � Check algorithm � Central role of connectors January 20, 2006 Architectural Access Control 15

  16. Running Example: Coalition Message from Message from US France January 20, 2006 Architectural Access Control 16

  17. Concepts: Subject � A subject is the user on whose behalf software executes � Missing from traditional software architecture: – All of its components and connectors execute under the same subject – The subject can be determined at design-time – It generally will not change during runtime, either inadvertently or intentionally – Even if there is a change, it has no impact on the software architecture January 20, 2006 Architectural Access Control 17

  18. Concepts: Principal � A subject can take multiple principals , which encapsulate the credentials that a subject possesses to acquire permissions � Different types of principals � Summary credentials and concrete credentials � Missing from previous architectures January 20, 2006 Architectural Access Control 18

  19. Concepts: Resource � A resource is an entity whose access should be protected � Passive: files, sockets, etc. � Active: components, connectors, interfaces – Relevant to architecture January 20, 2006 Architectural Access Control 19

  20. Concepts: Privilege � Permissions describe a possible operation on an object � Privilege describes what permissions a component possesses depending on the executing subject � Privilege escalation vulnerabilities � Two types of privileges: – Traditional: read file, open sockets, etc. – Architectural: access, instantiation, connection, message routing, introspection, etc. January 20, 2006 Architectural Access Control 20

  21. Concepts: Safeguard � Safeguards are permissions that are required to access the interfaces of the protected components and connectors � Architectural access control check January 20, 2006 Architectural Access Control 21

  22. Concepts: Policy � A policy specifies what privileges a subject, with a given set of principals, should have to access resources protected by safeguards � Numerous existing studies in the security community � We focus on software engineering applicability for architectural modeling January 20, 2006 Architectural Access Control 22

  23. Overview of xADL � XML-based extensible architecture description language � Component and connector � Types � Signatures and interfaces � Sub-architecture � Design-time and run-time � Tool support: ArchStudio � Extensible: configuration, execution January 20, 2006 Architectural Access Control 23

  24. Overview of XACML � Conceptual framework for access control models – Based on set theory and first order logic � Extensible � Formal semantics � Matching rule for request – Policy Enforcement Point (PEP) and Policy Decision Point (PDP) – PolicySet, Policy, Rule – Match on Subject, Resource, Action � Combining algorithms � Open Standard from OASIS January 20, 2006 Architectural Access Control 24

  25. Secure xADL � The first effort to model these security concepts directly in an architectural description language � Viewed from XACML: a profile for the software architecture domain � Viewed from xADL: a new schema with elements necessary for access control January 20, 2006 Architectural Access Control 25

  26. Syntax of Secure xADL <complexType name="SecurityPropertyType"> <sequence> <element name="subject" type="Subject"/> <element name="principals" type="Principals"/> <element name="privileges" type="Privileges"/> <element name="policies" type="Policies"/> </sequence> <complexType> <complexType name="SecureConnectorType"> <complexContent> <extension base="ConnectorType"> <sequence> <element mame="security" type="SecurityPropertyType"/> </sequence> </extension> <!-- similar constructs for component, structure, and instance --> January 20, 2006 Architectural Access Control 26

  27. Rationales for Language Design � Concepts – Architecture, access control � Extensibility – xADL, XACML � XACML flexible in combining policies � Tool support – ArchStudio – Evaluation engine and editor January 20, 2006 Architectural Access Control 27

  28. The Larger Contexts � Access control decisions might be based on entities other than the decision maker and the protected resource. These relationships are the contexts. � XACML’s combining algorithms supply a framework to combine these contexts January 20, 2006 Architectural Access Control 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are

April 2018 1 } HHS 2020 is an transformational approach to the way HHS services and programs are delivered } A modular, enterprise-wide approach } Moving from a program-centric approach to a person-centric approach } Changing the approach on

424 views • 16 slides
Mylyn Industrial Connector Mylyn Industrial Connector 1 Why yet another connector? Mylyn is

Mylyn Industrial Connector Mylyn Industrial Connector 1 Why yet another connector? Mylyn is

Mylyn Industrial Connector Mylyn Industrial Connector 1 Why yet another connector? Mylyn is about yet another connector There are many Mylyn connectors: Bugzilla Connector: Integrates Task List with Bugzilla repository

730 views • 17 slides
A CLIENT CENTRIC APPROACH November 2015 SYZ WEALTH MANAGEMENT IN BRIEF A unique A wide A

A CLIENT CENTRIC APPROACH November 2015 SYZ WEALTH MANAGEMENT IN BRIEF A unique A wide A

A CLIENT CENTRIC APPROACH November 2015 SYZ WEALTH MANAGEMENT IN BRIEF A unique A wide A global corporate spectrum of coverage culture capabilities Client centric Discretionary mandates to cater our clients' Swiss banking group with

590 views • 29 slides
User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining concepts and terms we thought were relevant - We told stories/use cases of user-centric process models in the wild as well as

907 views • 19 slides
Consumer Connector Collaboration May 16, 2017 Webinar Consumer Connector Collaboration Agenda

Consumer Connector Collaboration May 16, 2017 Webinar Consumer Connector Collaboration Agenda

Consumer Connector Collaboration May 16, 2017 Webinar Consumer Connector Collaboration Agenda Review the Idaho consumer connector landscape Review the Consumer Connector Program Certification Requirements Roles &amp;

517 views • 15 slides
Sta Stagecoac gecoach h Sta State te Par ark k BLM BLM Connector Connector Trail ail Pr

Sta Stagecoac gecoach h Sta State te Par ark k BLM BLM Connector Connector Trail ail Pr

Sta Stagecoac gecoach h Sta State te Par ark k BLM BLM Connector Connector Trail ail Pr Proposal oposal PROJECT PARTNERS Proposal Goals The primary goal of this project is to ensure ongoing recreational access to federal public

317 views • 10 slides
An Architecture-Centric Approach for Software Engineering with for Software Engineering with

An Architecture-Centric Approach for Software Engineering with for Software Engineering with

An Architecture-Centric Approach for Software Engineering with for Software Engineering with Situated Multiagent Systems PhD Defense Danny Weyns Katholieke Universiteit Leuven October 11, 2006 Supervisors Tom Holvoet &amp; Pierre Verbaeten

779 views • 48 slides
The Actual, the Counterfactual and the Possible An Oceanic-centric approach to tense and modality

The Actual, the Counterfactual and the Possible An Oceanic-centric approach to tense and modality

The Actual, the Counterfactual and the Possible An Oceanic-centric approach to tense and modality Kilu von Prince AFLA, August 20 2020 Background Three modal domains handle/10900/91242 . https://publikationen.uni-tuebingen.de/xmlui/

983 views • 71 slides
R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online

R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online

R-SUSCEPTIBILITY An IR-Centric Approach to Assessing Privacy Risks for Users in Online Communities Joanna Asia Biega Krishna P . Gummadi, Ida Mele, Dragan Milchevski, Christos Tryfonopoulos, Gerhard Weikum SIGIR 2016 APPROACHING

824 views • 50 slides
Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce

Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce

Platform Demo Salesforce Connector Integration SALESFORCE CONNECTOR INTEGRATION Share data to and from Salesforce Enabled progressive profiling Technical expertise not required SFDC Demo BRIEF OVERVIEW OF CROWNPEAK

595 views • 5 slides
Vibration Performance Comparison Study on Current Fiber Optic Connector Technologies Connector

Vibration Performance Comparison Study on Current Fiber Optic Connector Technologies Connector

Vibration Performance Comparison Study on Current Fiber Optic Connector Technologies Connector Technologies William J. Thomes Jr., Frank V. LaRocca, Robert C. Switzer, Melanie N. Ott, Richard F. Chuska, Shawn L. Macmurphy SPIE Optics +

487 views • 29 slides
Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach

Simulation-based optimization of information security controls: An adversary-centric approach Elmar Kiesling, Andreas Ekelhart, Bernhard Grill, Christine Strau, Christian Stummer December 9, 2013; Washington, DC Funded by the Austrian

1.01k views • 88 slides
Selling a customer-centric approach into a business Changing the culture and approach of Imperial

Selling a customer-centric approach into a business Changing the culture and approach of Imperial

Selling a customer-centric approach into a business Changing the culture and approach of Imperial War Museums Charles Bodsworth, digital consultant Background Introductions to Myself: Charles Bodsworth Imperial War Museums (IWM)

382 views • 13 slides
Objective of Integrated Care Management A proactive, personalized, patient-centric approach .

Objective of Integrated Care Management A proactive, personalized, patient-centric approach .

Objective of Integrated Care Management A proactive, personalized, patient-centric approach . Use of evidence-based practices. Focusing on highly complex populations. 1 Identification: Assessment and Stratification Top 5% of

220 views • 9 slides
Southeast Connector Project Texas Transportation Commission Southeast Connector Project May 28,

Southeast Connector Project Texas Transportation Commission Southeast Connector Project May 28,

Southeast Connector Project Texas Transportation Commission Southeast Connector Project May 28, 2020 May 28, 2020 Minute Order Authorization Summary of Commission Action: Authorize TxDOT to issue a request for proposals (RFP) to design,

448 views • 8 slides
Southeast Connector Project Texas Transportation Commission Southeast Connector Project Oct.

Southeast Connector Project Texas Transportation Commission Southeast Connector Project Oct.

Southeast Connector Project Texas Transportation Commission Southeast Connector Project Oct. 31, 2019 Oct. 31, 2019 Minute Order authorization Sum ummary o y of Commission a n acti tion: Authorize TxDOT to issue a request for

450 views • 8 slides
Perlmutter - A 2020 Pre-Exascale GPU-accelerated System for NERSC - Architecture and Application

Perlmutter - A 2020 Pre-Exascale GPU-accelerated System for NERSC - Architecture and Application

Perlmutter - A 2020 Pre-Exascale GPU-accelerated System for NERSC - Architecture and Application Performance Optimization Nicholas J. Wright Perlmutter Chief Architect GPU Technology Conference San Jose March 21 2019 NERSC is the mission

487 views • 27 slides
NETWORK MANAGEMENT SYSTEM October 2016 Overview Overview Product Product NETWORK

NETWORK MANAGEMENT SYSTEM October 2016 Overview Overview Product Product NETWORK

NETWORK MANAGEMENT SYSTEM October 2016 Overview Overview Product Product NETWORK MANAGEMENT SYSTEM October 2016 Overview Overview Product Product AL Wireless NMS (Network Management System) AL Wireless NMS is a new turn-key Network

463 views • 13 slides
DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security

DIGITAL PLANETS SECURITY SOLUTION INTRODUCTION OUR OFFERED SERVICES Vulnerability Security Information Assessment Brand Operation Consultancy &amp; Security Protection Penetration Awareness Centre Testing External Networks

474 views • 44 slides
YOU SUCCEED Deploying GPUs in Military Ground Vehicles Ross Newman (ross.newman@abaco.com) Abaco

YOU SUCCEED Deploying GPUs in Military Ground Vehicles Ross Newman (ross.newman@abaco.com) Abaco

WE INNOVATE WE DELIVER YOU SUCCEED Deploying GPUs in Military Ground Vehicles Ross Newman (ross.newman@abaco.com) Abaco Systems, spun out from GE in 2015, advances the capabilities of the warfighter by providing game changing embedded

676 views • 33 slides
Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP

Virtual Machine History 1960s Virtual Machine Monitors IBM VM/370 - Mainframe time-sharing 1990s VMware - MPP abstraction / x86 virtualization Sun JVM Application level virtualization Lincoln Uyeda CS 614 -

99 views • 6 slides
U.S. Department of Energy Advanced Research Projects Agency-Energy (ARPA-E) Conner Prochaska

U.S. Department of Energy Advanced Research Projects Agency-Energy (ARPA-E) Conner Prochaska

U.S. Department of Energy Advanced Research Projects Agency-Energy (ARPA-E) Conner Prochaska Senior Advisor &amp; Chief of Staff, ARPA-E June 21, 2018 www.arpa-e.energy.gov History of ARPA-E In 2007, The National Academies recommended

338 views • 9 slides
Overview Dr. Madhav Acharya Technology-to-Market Advisor, ARPA-E June 11, 2018 History of

Overview Dr. Madhav Acharya Technology-to-Market Advisor, ARPA-E June 11, 2018 History of

Advanced Research Projects Agency-Energy Overview Dr. Madhav Acharya Technology-to-Market Advisor, ARPA-E June 11, 2018 History of ARPA-E In 2007, The National Academies recommended Congress establish an Coming Soon Advanced Research

231 views • 19 slides
An Introduction to the ARPA-E GENSETS Program Ji-Cheng (JC) Zhao Program Director Advanced

An Introduction to the ARPA-E GENSETS Program Ji-Cheng (JC) Zhao Program Director Advanced

An Introduction to the ARPA-E GENSETS Program Ji-Cheng (JC) Zhao Program Director Advanced Research Projects Agency Energy (ARPA-E) U.S. Department of Energy WADE DistribuGen Conference, April 8-9, 2015, Houston, TX Outline

228 views • 19 slides

More recommend