tutorial security patterns and secure systems design
play

Tutorial: Security patterns and secure systems design using UML - PowerPoint PPT Presentation

Jan 13, 2023 •418 likes •2.27k views

Tutorial: Security patterns and secure systems design using UML Eduardo B. Fernandez and Maria M. Larrondo Petrie Dept. of Computer Science and Eng. Florida Atlantic University www.cse.fau.edu/~security {ed, maria}@cse.fau.edu ICWMC/ICCGI

  1. Business Workflow Catalog and Web Services Description WS1 WS2 Registry Communications . . . HEADER PAYLOAD Document Storage Transports . . . DBMS . . . HTTP SSL OS TCP/IP processes memory file system Web services layers Supporting structures ICWMC/ICCGI 2007 29 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  2. Agents • Autonomous software that moves through the Internet • Can perform predefined tasks, e.g. search for a book and buy it if the price is right • No general standards until now ICWMC/ICCGI 2007 30 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  3. • Methods • Types ICWMC/ICCGI 2007 31 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  4. Pero a veces me encontraba perdido en la oscuridad o tenia la impresion de enemigos escondidos…Quienes eran esas gentes y que querian? E. Sabato, “El tunel” (Seix Barral, 1978, p. 58) ICWMC/ICCGI 2007 32 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  5. Malicious code (malware) • Trojan Horses —A Trojan Horse is an apparently useful program that has harmful hidden functions (spyware) • Viruses – A virus is a program that attaches itself to another program, propagates, and usually causes some data destruction. • Worms —A worm is a program that propagates itself without infecting the host. ICWMC/ICCGI 2007 33 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  6. Direct attacks • To the operating system • To the database system • To the application (increasing) • Done through the network • Almost no attacks to the messages in the network (low payoff and cryptography works) ICWMC/ICCGI 2007 34 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  7. Attackers • Insiders -- According to studies about half of the attacks to a system come from insiders. • Hackers -- Usually try to show off their ability by penetrating systems • Spies -- Industrial or government spionage ICWMC/ICCGI 2007 35 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  8. Vulnerabilities • Attacks can exploit vulnerabilities to misuse information • A threat is a potential attack • An exploit or incident is a specific occurrence of an attack • Complexity brings along more vulnerabilities ICWMC/ICCGI 2007 36 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  9. Current situation • The Internet is an insecure place and attacks keep occuring • One of the main reasons is the poor quality of the software used in systems and application software • We need a systematic way to build secure software ICWMC/ICCGI 2007 37 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  10. Identifying attacks • We need to know what kind of attacks to expect. • We relate attacks to attacker goals • We study systematically all the possible attacks to each activity in a use case • Use cases define all functional interactions ICWMC/ICCGI 2007 38 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  11. Use cases as starting point • Attacker is not interested in changing a few bits or destroying a message • Attacker wants to accomplish some objective, e.g., steal money, steal identity • This is applying the principle of defining security at the semantic levels • We also need to comply with standards ICWMC/ICCGI 2007 39 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  12. A financial institution UC1 Open Account UC2 Manager Close Account Customer UC3 Receive Trade Order UC4 Broker Perform trade Auditor UC5 Check Trade Info ICWMC/ICCGI 2007 40 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  13. Customer Manager Provide Personal Info :Customer Check Credit Create Account1: Account Initial deposit Create :Card1 Authorization Create Authorization ICWMC/ICCGI 2007 41 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  14. External External Customer Customer Manager Manager Attacker Attacker Imposter Imposter Imposter Imposter Provide Provide False False Personal Personal info info Info Info :Customer :Customer Disseminate Disseminate Info Info Illegally Illegally Check Check Credit Credit Create Create Spurious Spurious Account Account Create Create Account1: Account1: Account Account Account2: Account2: Initial Initial Deposit Deposit Transfer Transfer Money Money Create Create Account3: Account3: Authorization Authorization Issue Issue Spurious Spurious Issue Issue Card Card Card Card Card1: Card1: ICWMC/ICCGI 2007 42 Card2: Card2: Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  15. Possible attacks • A1.The customer is an impostor and opens an account in the name of another person • A2.The customer provides false information and opens an spurious account • A3.The manager is an impostor and collects data illegally • A4.The manager collects customer information to use illegally • A5.The manager creates a spurious account with the customer’s information • A6.The manager creates a spurious authorization card to access the account • A7.An attacker tries to prevent the customers to access their accounts • A8.An attacker tries to move money from an account to her own account ICWMC/ICCGI 2007 43 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  16. • Security is a nonfunctional aspect that must be satisfied in addition to functional aspects • We cannot show absence of security flaws • We must use good development methods and hope for the best • Add-on security is not the way ICWMC/ICCGI 2007 44 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  17. Trabajo desde hace an~os en la Unesco y otros organismos internacionales, pese a lo cual conservo algun sentido del humor y especialmente una notable capacidad de abstraccion, es decir que si no me gusta un tipo lo borro del mapa con solo decidirlo. De la misma manera si me gusta una chica puedo abstraerle la ropa apenas entra en mi campo visual,… Julio Cortazar, “Historias de cronopios y de famas”, Edhasa, 1970 ICWMC/ICCGI 2007 45 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  18. Approach attempted in the past • Define a security kernel: includes all security-related functions • Verify kernel: possible only for relatively simple systems • Requires special languages and special operating systems • Not practical for general systems, valid for specific parts ICWMC/ICCGI 2007 46 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  19. Applying the principles • Security should start where the application semantics is understood • Security is an all-levels problem • We should start from high-level policies and map them to the lower levels • We need precise models to guide system development ICWMC/ICCGI 2007 47 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  20. B A Metalayer classes C a:A b:B Application objects layer c:C executing System layer a. m1 b. m2 c. m3 processes (OS/DBMS) Node1 Node2 Distribution nodes layer CPU1 CPU2 CPU3 Hardware processors Configuration network Protocol ICWMC/ICCGI 2007 48 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  21. Secure systems development methodology • Apply security principles throughout the whole software lifecycle • Use of object-oriented design • Use cases identify attacks and define rights for roles • Patterns build a secure conceptual model • Multilayer architecture extends the model to the lower architectural levels ICWMC/ICCGI 2007 49 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  22. Software lifecycle Security verification and testing Requirements Analysis Design Implementation Secure UCs Authorization rules in Rule enforcement Language enforcement conceptual model through architecture Security test cases ICWMC/ICCGI 2007 50 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  23. Use of object-oriented modeling • Strong conceptual modeling capability , applicable to hardware, software, applications, authorization rules • Abstraction from irrelevant details • Intuitive , graphic, semiformal approach • Can be enhanced with formal specifications ICWMC/ICCGI 2007 51 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  24. OO and UML • UML is an object-oriented language for specifying, constructing, visualizing, and documenting a software design. • Basically a notation and its corresponding meaning , not a process. • OMG standard (www.omg.org) • Known and maybe used by many developers ICWMC/ICCGI 2007 52 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  25. Use of patterns • A pattern is a recurring combination of meaningful units that occurs in some context • Patterns embody experience and good design practices • Prevent errors, save time • Can apply principles implicitly ICWMC/ICCGI 2007 53 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  26. Security patterns • Analysis and design patterns are well established • There are many principles of good design that have been developed to build secure systems • It is possible to develop a collection of patterns that can be used to build secure systems • Patterns can be used to build or evaluate secure systems or for teaching security ICWMC/ICCGI 2007 54 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  27. We can use patterns at all levels • Patterns for models define the highest level • At each lower level we refine the patterns at the previous level to consider the specific aspects of each level ICWMC/ICCGI 2007 55 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  28. We start from policies • The policies of an institution define its way of accomplishing its objectives • Security policies define its way to protect its information • Without policies we don’t know what we should protect ICWMC/ICCGI 2007 56 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  29. Institution policies • Laws, rules, and practices that regulate how an institution manages and protects resources. Another definition is: high-level guidelines concerning information security. Computer mechanisms should enforce these policies. ICWMC/ICCGI 2007 57 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  30. Some security policies • Open/closed systems--In a closed system everything is forbidden unless explicitly allowed • Need-to-know (Least privilege)-- Give enough rights to perform duties • Information belongs to the institution versus private ownership • Authorization-- access types, small units of access ICWMC/ICCGI 2007 58 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  31. Security policies II • Obligation—What has to be done before accessing data • Separation of duty—Separate critical functions into parts to be done by different people or systems • Content-dependent access control—Access decision are based on the values of the data • Authenticate all transactions—needed for accountability and access control ICWMC/ICCGI 2007 59 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  32. Example of university policies • An instructor can look at all the information about the course he is teaching. • An instructor can change the grades of the students in the course he is teaching • A student may look at her grades in a course she is taking • The department head can add/delete course offerings • The registrar can add/delete students from course offerings • Faculty members can look at information about themselves ICWMC/ICCGI 2007 60 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  33. Use of policies • Secure systems must be closed but sometimes open access to information is more important, e.g., libraries, data warehouses, … • The need-to-know principle must be applied with an appropriate granularity, many attacks happen because of too many rights ICWMC/ICCGI 2007 61 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  34. Use case analysis leads to policies • A1. A3. Mutual authentication. Every interaction across system nodes is authenticated. • A2. Verify source of information. • A4. Logging. Since the manager is using his legitimate rights we can only log his actions for auditing at a later time. • A5. A6. Separation of administration from use of data. For example, a manager can create accounts but should have no rights to withdraw or deposit in the account. • A7. Protection against denial of service. We need some redundancy in the system to increase its availability. • A8. Authorization. If the user is not explicitly authorized he should not be able to move money from any account. ICWMC/ICCGI 2007 62 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  35. Use cases can also be used to find actor rights (policies) • Use cases describe all possible uses of the system • All use cases define all possible and legal accesses • Each actor can be given its needed rights to perform its functions ICWMC/ICCGI 2007 63 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  36. Scenarios to determine rights method j method j+1 . . . method j+m actor_i object_k object_k + 1 Authorized actions for actor_i in UseCase_q ICWMC/ICCGI 2007 64 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  37. Role rights for financial institution • Customers can open/close accounts • Customers can initiate trade • Broker can perform trade • Auditor can inspect (read) trade transactions ICWMC/ICCGI 2007 65 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  38. Methodology • Use case activities define attacks • Attacks lead to policies to stop them • Use cases define needed actor rights • Access matrix or RBAC models formalize these rights ICWMC/ICCGI 2007 66 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  39. Standards • Orange Book • Common Criteria (NIST) • IEEE • IETF (Internet Engineering Task Force) • OASIS (Open Applications…) • W3C • Industry ad hoc groups: IBM, Microsoft,… ICWMC/ICCGI 2007 67 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  40. Standards for web services • A variety of standards to cover all levels • May overlap or be in conflict • XACML, WS-Security, SAML, SOAP security, privacy standards • Confusing for vendors and users ICWMC/ICCGI 2007 68 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  41. Business WS-Federation BPEL4WS Workflow WS-SecureC onversation WS-Authorization WSCI WSPL WS-Trust WS-P olicy WSDL C atalog and Web Services Description WS-Privacy UD DI security UDDI WS1 WS2 ebXML sec ebXML Registry C omm unicatio ns SAM L X ML SAML . . . Encr yption H EADE R P AYLOAD XML Encryption - X ACML XML Signature XML SOA P XKMS D ocu ment S OAP Storage XML WS-Security Transports . . . D BM S HTTP SS L OS TCP/IP processes memory file system Web services lay ers Standards Supporting structures Security Standards/ Specificatio ns ICWMC/ICCGI 2007 69 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  42. • Classification • Access matrix • Role-Based Access Control • Multilevel security ICWMC/ICCGI 2007 70 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  43. Classification of security models • Multilevel --users and data are assigned security levels • Access matrix -- subject has specific type of access to data objects • Mandatory --access rules defined only by administrators • Discretionary -- users own data and can grant access to other users ICWMC/ICCGI 2007 71 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  44. Access matrix authorization rules • Basic rule ( s, o, t ) , where s is a subject (active entity), t is an access type, and o is an object • Extended rule ( s, o , t , p, f) , where p is a predicate (access condition or guard) and f is a copy flag • This, and the other models, can be described by patterns ICWMC/ICCGI 2007 72 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  45. Authorization/access matrix Subject ProtectionObject isAuthorizedFor * * id id name name Right accessType checkRights ICWMC/ICCGI 2007 73 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  46. Extended access matrix Subject * Authorization_rule * ProtectionObject id id Right access_type predicate copy_flag checkRights ICWMC/ICCGI 2007 74 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  47. Authorization mapping protection subjects objects F 1 U 1 . . r / w f = T U i F i r f = F m i U j r / w f = T ICWMC/ICCGI 2007 75 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  48. Reference Monitor • Each request for resources must be intercepted and evaluated for authorized access • Abstract concept, implemented as memory access manager, file permission checks, CORBA adapters, etc. ICWMC/ICCGI 2007 76 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  49. Reference monitor pattern Set_of_ makesRequestTo exists Reference Subject Authorization_ * * * * Monitor Rules Request prot_Object * access_type Concrete Authorization Reference Monitor ICWMC/ICCGI 2007 77 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  50. Enforcing access control :CurrentProcess :RefMonitor :Set_of_AuthorizationRules :Authorization :Prot_Object <<actor>> request (acc_type prot_object) exists?(rule) exists exists request ICWMC/ICCGI 2007 78 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  51. Role-Based Access Control • Users are assigned roles according to their functions and given the needed rights (access types for specific objects) • When users are assigned by administrators, this is a mandatory model • Can implement least privilege and separation of duty policies ICWMC/ICCGI 2007 79 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  52. Basic RBAC pattern User * MemberOf * Role * Authorization_rule * ProtectionObject id id id name name name Right access_type predicate copy_flag checkRights ICWMC/ICCGI 2007 80 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  53. Extended RBAC • Concept of session • Separation of administrative roles • Composite roles • Groups of users ICWMC/ICCGI 2007 81 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  54. Extended RBAC pattern MemberOf Group * * * MemberOf AuthorizationRule * * * * User Role ProtectionObject * 1 * Right Activated Composite Simple From Role Role Subset * AdminRole AdminRight WorksOn * Session ICWMC/ICCGI 2007 82 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  55. Attribute-Based Access Control • In the Internet we need to deal with non- registered users • Determine effective subjects and objects based on attribute values ICWMC/ICCGI 2007 83 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  56. Metadata-based access control Subject Object * * AttributeValue PropertyValue value value Right accessType * * 1 1 * * Subject Object Attribute Property Descriptor Descriptor isAuthorized For 1 1 * * Attribute Property Qualifier Qualifier * * operator operator value value ICWMC/ICCGI 2007 84 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  57. Multilevel model • In this model users and data are assigned classifications or clearances • Classifications include levels (top secret, secret,…), and compartments (engDept, marketingDept,…) • For confidentiality, access of users to data is based on rules defined by the Bell-LaPadula model, while for integrity, the rules are defined by Biba’s model ICWMC/ICCGI 2007 85 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  58. Multilevel security model AssignLevel AssignLevel TrustedProcess * * * * CanAccess * * Subject Data SS_property *_property 1 1 * * Clearance Classification Category Category Level Level ICWMC/ICCGI 2007 86 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  59. Access control variations Basic condition Authorization Content-based á = Role CopyFlag Authorization á or É = attribute values Delegatable Basic Authorization RBAC authorizer ABAC Explicitly Granted session Authorization session Session-based Session-based uses uses Access Session RBAC ABAC ICWMC/ICCGI 2007 87 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  60. Methodology • Use case activities define attacks • Attacks lead to policies to stop them • Use cases define needed actor rights • Access matrix or RBAC models formalize these rights • Lower levels (defined by more patterns) enforce the rights ICWMC/ICCGI 2007 88 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  61. To stop or mitigate the attacks we need the following policies • A1. A3. Mutual authentication. Every interaction across system nodes is authenticated. • A2. Verify source of information. • A4. Logging. Since the manager is using his legitimate rights we can only log his actions for auditing at a later time. • A5. A6. Separation of administration from use of data. For example, a manager can create accounts but should have no rights to withdraw or deposit money in the account. • A7. Protection against denial of service. We need some redundancy in the system to increase its availability. Intrusion detection and filtering policies should also be useful • A8. Authorization. If the user is not explicitly authorized he should not be able to move money from any account. ICWMC/ICCGI 2007 89 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  62. Layered architecture • The lower layers implement concrete versions of these models and enforce them • We will look at several of these layers • First example is from the boundary between the network layer and the operating system layers • Example illustrates pattern templates ICWMC/ICCGI 2007 90 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  63. Anatomy of a pattern • Patterns are described by templates • Templates have a fixed set of sections that describe the pattern in a standard way • We use the POSA template, there are two more: the GOF and the Alexandrian • Remote Authenticator/Authorizer • The LACCEI paper shows another example, a Firewall pattern ICWMC/ICCGI 2007 91 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  64. Remote Authenticator/Authorizer • Intent: Provide facilities for authentication and authorization when accessing shared resources in a loosely-coupled distributed system • Example: A multinational corporation may have employees, say in the US and Brazil. The user authentication and authorization information necessary to support an employee in the US is stored in the US servers and the information to support that of a Brazilian Employee is stored in Brazil servers. Now assume that an employee from the US is traveling to Brazil and has the need to access some data from the Brazilian database servers. There are two possible ways to achieve this Replicate the user information of the employee in the Brazilian Server and give her the proper authorizations to access the data. Borrow the username of an employee in Brazil who has similar rights and use that username to access the required information. Both of these solutions have their disadvantages. The system administrators will be faced with creating and managing user accounts within each of the multiple systems to be accessed in a coordinated manner in order to maintain the consistency of the security policy enforcement. If the username of another employee is borrowed, accountability is compromised ICWMC/ICCGI 2007 92 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  65. Remote authenticator II • Context: Loosely-coupled distributed systems such as the Internet, that consist of a variety of computational nodes, and where some nodes need to share resources. For example, a company with several divisions in different countries. • Problem: How can we provide authentication and authorization in a distributed environment without the need for redundant user login information? In the past few years, telecommuting, the Internet, and electronic commerce have developed from an alternative means of doing business to become increasingly mainstream consumer activities. The concern for corporate data security has grown tremendously and the need for single user sign on to multiple domains and multiple services is becoming more of a necessity than a luxury. A system with a centralized sign-on can provide easy management, more accountability and secure authentication. ICWMC/ICCGI 2007 93 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  66. Forces • Storing user authentication and authorization information at multiple locations makes them redundant, difficult to administer, and prone to inconsistencies. • Although the authentication information may be stored anywhere, this location should be transparent to the users. • Users typically work in the context of some role and these roles should be standard across a variety of domains, at least within a company or institution. • Borrowing the login rights of a local user makes it impossible to make the user accountable, we need a way to keep the user id when he is accessing resources anywhere. ICWMC/ICCGI 2007 94 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  67. Solution • Set up a single entry point that can transparently redirect the user to the correct server where his user login and access information can be validated. • Use a specialized authentication/authorization server. This server is used for embedded network devices such as routers, modem servers, switches, etc. The authentication servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. The Client makes a request for a service through a Proxy Server that represents the actual server that contains the user login information. The request is routed to the Remote Server, which validates it, based on the Role of the Subject of the request and the Rights of this role with respect to the Protection Object. ICWMC/ICCGI 2007 95 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  68. Client AuthenticationServer request +request() +request() * * ProxyServer 1 * RemoteServer Subject Validate Request represents +request() +request() +validate() 1 * 1 has * Role ProtectionObject +createRole() * * +getRole() Right ICWMC/ICCGI 2007 96 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  69. :ProxyServer :RemoteServer :Role :ProtectionObject :Client Access Request() check local user() Access Request() Access Challenge() Access Challenge() Calculate Response() Challenge Access Request: () Challenge Access Request() Accept Accept: () Accept Accept() Request Protected Object() Request Protected Object() check role() role has access rights() Access Protection Object() Protection Object() Protection Object() Protection Object() ICWMC/ICCGI 2007 97 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  70. Consequences This pattern has the following advantages: • Roaming permits two or more administrative entities to allow each other's users to dial in to either entity's network for service. • Storing the user login and access rights at a single location makes it more secure and easy to maintain. • The user's login ID, password etc. are stored in the internal radius database or can be accessed from an SQL Database. • The location where the user information is stored is transparent to the user. • Roles and access rights have to be standard across locations. • Both servers and clients should support the base protocol. • Units such as active cards [ACS] allow complex request/challenge interactions. There are also some liabilities: • The additional messages used increase overhead, thus reducing performance for simple requests. • The system is more complex than a system that directly validates clients. ICWMC/ICCGI 2007 98 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  71. Remote Authenticator • Implementation: An authentication server can function as both a forwarding server and a remote server, serving as a forwarding server for some realms and a remote server for other realms. One forwarding server can act as a forwarder for any number of remote servers. A remote server can have any number of servers forwarding to it and can provide authentication for any number of realms. One forwarding server can forward to another forwarding server to create a chain of proxies. A lookup service is necessary to find the remote server. • Example resolved : When the US employee travels to Brazil he logs in a Remote Authenticator/Authorizer which reroutes her requests to the US server that stores her login information. ICWMC/ICCGI 2007 99 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

  72. Known Uses Rem ote Authentication Dial-In User Service (RA DIUS) is a widely deployed IETF protocol enabling centralized authentication, authorization, and accounting for netw ork access [Has02, Rig00]. Originally developed for dial-up rem ote access, RADIUS is now supported by virtual private netw ork (VPN ) servers, wireless access points, authenticating Ethernet switches, Digital Subscriber Line (DSL) access, and other network access types [Hil]. Figure 3 shows the typical authentication sequence of a client in a RA DIUS server using a challenge response approach.. W ith proxy RA DIUS, one RA DIUS server receives an authentication (or accounting) request from a RADIUS client (such as a NAS), forwards the request to a rem ote RADIUS server, receives the reply from the rem ote server, and sends that reply to the client. A com m on use for proxy RADIUS is roaming. Roam ing perm its tw o or m ore adm inistrative entities to allow each other's users to dial in to either entity's network for service. ICWMC/ICCGI 2007 100 Guadaloupe, French Caribbean, IARIA, 4-9 March 2007

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distrustful Decomposition Engineering Secure Software Last Revised: September 18, 2020 SWEN-331:

Distrustful Decomposition Engineering Secure Software Last Revised: September 18, 2020 SWEN-331:

Distrustful Decomposition Engineering Secure Software Last Revised: September 18, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Software Security Design Patterns Software security design patterns do exist Typically just

238 views • 23 slides
Design Patterns Applications Programming What is design patterns? The design patterns are

Design Patterns Applications Programming What is design patterns? The design patterns are

10/26/2011 G52APR Design Patterns Applications Programming What is design patterns? The design patterns are language- Design Patterns 1 independent strategies for solving common object-oriented design problems. Jiawei Li (Michael)

316 views • 8 slides
More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns

More Design Patterns Horstmann ch.10.1,10.4 Design patterns Structural design patterns Adapter Composite Decorator Proxy Behavioral design patterns Iterator Observer Strategy Template method

777 views • 16 slides
Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are

Design Patterns in Eiffel Dr. Till Bay design patterns? [Design Patterns] are descriptions of communicating objects and classes that are customized to solve a general design problem in a particular context. Design Patterns,

1.44k views • 69 slides
Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of

Chapter 4 Map Reduce and Design Patterns Lecture 4 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March 31, 2015 1 /

131 views • 10 slides
Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of

Chapter 5 Map Reduce and Design Patterns Lecture 5 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, April 7, 2015 1 /

458 views • 7 slides
Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful)

Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful)

Design Patterns 1 What are Design Patterns? Design patterns describe common (and successful) ways of building software. 2 What are Design Patterns? A pattern describes a problem that occurs often, along with a tried solution to the

727 views • 48 slides
Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of

Chapter 1 Chapter 2 Map Reduce and Design Patterns Lecture 1 Fang Yu Software Security Lab. Department of Management Information Systems College of Commerce, National Chengchi University http://soslab.nccu.edu.tw Cloud Computation, March

794 views • 14 slides
Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction

Outline More secure design principles Software engineering for security CSci 5271 Introduction to Computer Security Secure use of the OS Defensive programming and design, contd Announcements intermission Stephen McCamant Bernsteins

535 views • 8 slides
Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P.

Security Patterns M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Bushmann, and P. Sommerlad, Security Patterns: Integrating Security and Systems Engineering, John Wiley and Sons Ltd., 2006 Lecture outline What is pattern? What is

1.04k views • 83 slides
Patterns 2020/4/12 Structural Design Patterns Creational Structural Behavioral Design

Patterns 2020/4/12 Structural Design Patterns Creational Structural Behavioral Design

Poly- mor- phism Abstra ction Class OOP Inheri -tance En- capsu- lation Structural Design Kuan-Ting Lai Patterns 2020/4/12 Structural Design Patterns Creational Structural Behavioral Design Patterns Design Patterns Design

931 views • 30 slides
Design Principles for Secure Systems Systems Driving Ideas for Security Principles Saltzer

Design Principles for Secure Systems Systems Driving Ideas for Security Principles Saltzer

1 Design Principles for Secure Systems Systems Driving Ideas for Security Principles Saltzer and Schroeder (1975) defined 8 principles that are based on the ideas of simplicity and restriction are based on the ideas of simplicity and

468 views • 17 slides
Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern

Secure Coding Patterns @andhallberg TrueSec Trust Domain-Driven Security The Untrusted Pa7ern Immutability The Inverse Life Coach Pa7ern Trust The founda&gt;on of so?ware security 1. Hello! Im Businessman Bob! 2. Hello! Im the bank!

877 views • 69 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides
Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted

Secure Coding Patterns Andreas Hallberg, TrueSec Trust Domain-Driven Security The Untrusted Pattern Immutability The Inverse Life Coach Pattern Trust The foundation of software security 1. Hello! Im Businessman Bob! 2. Hello! Im the

666 views • 66 slides
ECE444: Software Engineering Design Patterns 3 Shurui Zhou OO Design Principles Building stable

ECE444: Software Engineering Design Patterns 3 Shurui Zhou OO Design Principles Building stable

ECE444: Software Engineering Design Patterns 3 Shurui Zhou OO Design Principles Building stable and flexible systems the GoF book Elements of Reusable Object-Oriented Software 23 OO patterns Design Patterns Design Patterns

1.38k views • 44 slides
By: Scott M. Lepak, Attorney Barna, Guzy &amp; Steffen, Ltd. (763) 783-5129 slepak@bgs.com Mental

By: Scott M. Lepak, Attorney Barna, Guzy &amp; Steffen, Ltd. (763) 783-5129 slepak@bgs.com Mental

By: Scott M. Lepak, Attorney Barna, Guzy &amp; Steffen, Ltd. (763) 783-5129 slepak@bgs.com Mental health issues in the workplace present significant legal and practical issues. This session will focus on these management techniques: How to

639 views • 32 slides
Fitness Business Playbook for Growth ThriveHive helps people working in local business do what

Fitness Business Playbook for Growth ThriveHive helps people working in local business do what

Fitness Business Playbook for Growth ThriveHive helps people working in local business do what they love by combining actual human guidance with easy-to-use technology to make marketing your business easy, effective, and affordable. With

490 views • 27 slides
WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations

WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations

WIRELESS INDUSTRY FIGHTS BACK AGAINST PREPAID PHONE TRAFFICKING Cell phone trafficking operations siphon millions of dollars from the wireless industry and its customers every year. Until recently, little could be done to fight back, but a

387 views • 3 slides
OMERS: Comprehensive Plan Review and the Fight to Protect Guaranteed Indexing Speakers Notes for

OMERS: Comprehensive Plan Review and the Fight to Protect Guaranteed Indexing Speakers Notes for

OMERS: Comprehensive Plan Review and the Fight to Protect Guaranteed Indexing Speakers Notes for PowerPoint Presentation SLIDE 1: Introduce yourself. At their most basic, your pension is deferred wages. Youve earned them and

424 views • 7 slides
CORE CURRICULUM AND MAJORS August 5, 2015 KNOWLEDGE FOR ACTION MBA Program Academic Affairs

CORE CURRICULUM AND MAJORS August 5, 2015 KNOWLEDGE FOR ACTION MBA Program Academic Affairs

CORE CURRICULUM AND MAJORS August 5, 2015 KNOWLEDGE FOR ACTION MBA Program Academic Affairs Lisa Rudi Michael Peterson Natalya Levina Amy Miller, Academic Advisor Academic Advisor Academic Advisor Academic Advisor Cluster 1 Cluster 2

616 views • 46 slides
SILVERDALE ECONOMIC ACTION PLAN How to Incentivize Achieving Silverdales Future

SILVERDALE ECONOMIC ACTION PLAN How to Incentivize Achieving Silverdales Future

SILVERDALE ECONOMIC ACTION PLAN How to Incentivize Achieving Silverdales Future SILVERDALES HISTORY SILVERDALE TODAY SILVERDALE REGIONAL CENTER Plan Adopted in 2016 Comp Plan Promotes housing and employment growth in Silverdales

278 views • 16 slides
Jo de Silva, Hugh Grant and David Headberry The whole purpose of tariff reform was to enable

Jo de Silva, Hugh Grant and David Headberry The whole purpose of tariff reform was to enable

Presentation by David Headberry AERs Consumer Challenge Panel (CCP) sub -panel 4 Jo de Silva, Hugh Grant and David Headberry The whole purpose of tariff reform was to enable end users to vary their usage of electricity and so reduce the

372 views • 6 slides
Street Project July 13, 2016 Where did this idea come from? Prior Public Involvement

Street Project July 13, 2016 Where did this idea come from? Prior Public Involvement

Monroe Street Project July 13, 2016 Where did this idea come from? Prior Public Involvement Workshop #1 - 10/10/13 Workshop #2 11/14/13 Business Outreach Event 4/17/14 Final Plan presentation - 6/12/14 Planning

586 views • 40 slides

More recommend