ifip 2000-1 profs. steven a. demurjian and t.c. ting j. balthazar, h. ren, and c. phillips computer...
TRANSCRIPT
IFIP 2000-1
Profs. Steven A. Demurjian and T.C. TingJ. Balthazar, H. Ren, and C. Phillips
Computer Science & Engineering Department191 Auditorium Road, Box U-155
The University of ConnecticutStorrs, Connecticut 06269-3155
http://www.engr.uconn.edu/[email protected]
Role-Based Security in a Distributed Role-Based Security in a Distributed Resource Environment*Resource Environment*
Dr. Paul BarrThe MITRE Corp145 Wyckoff Road
Eatontown, New Jersey [email protected]
*This work supported in part by a research contract from the Mitre Corporation (Eatontown, NJ) and a research grant from AFOSR
IFIP 2000-2
OverviewOverview
Goals of Our Research EffortGoals of Our Research Effort Sun’s JINI TechnologySun’s JINI Technology A Software Architecture for Role-Based SecurityA Software Architecture for Role-Based Security
Proposed Software Architecture Security Resources and Services Security Client and Resource Interactions Client Interactions and Processing
Experimental Prototypes Experimental Prototypes JINI Prototype of Role Based Approach Security Client Prototype
Related WorkRelated Work Conclusions and Future WorkConclusions and Future Work
IFIP 2000-3
Goals of Our Research EffortGoals of Our Research Effort
Incorporation of Role-Based Approach within Incorporation of Role-Based Approach within Distributed Resource EnvironmentDistributed Resource Environment Highly-Available Distributed Applications
Constructed Using Middleware Tools Demonstrate Use of JINI to Provide Selective
Access of Clients to Resources Based on Role Propose Software Architecture and Role-Based Propose Software Architecture and Role-Based
Security Model forSecurity Model for Authorization of Clients Based on Role Authentication of Clients and Resources Enforcement so Clients Only Use Authorized
Services (of Resource) Propose Security Solution for Distributed Propose Security Solution for Distributed
Applications for Clients and Services (Resources)Applications for Clients and Services (Resources)
IFIP 2000-4
Sun’s JINI TechnologySun’s JINI Technology
Construct Distributed Applications Using JINI by Construct Distributed Applications Using JINI by Federating Groups of Users Resources Provide Services for Users
A A ResourceResource Provides a Set of Services for Use by Provides a Set of Services for Use by Clients (Users) and Other Resources (Services)Clients (Users) and Other Resources (Services)
A A ServiceService is Similar to a Public Method is Similar to a Public Method Exportable - Analogous to API Any Entity Utilized by Person or Program Samples Include:
Computation, Persistent Store, Printer, Sensor Software Filter, Real-Time Data Source
Services: Concrete Interfaces of Components Services Register with Services Register with Lookup ServiceLookup Service
IFIP 2000-5
Sun’s JINI TechnologySun’s JINI TechnologyKey JINI Concepts and TermsKey JINI Concepts and Terms
RegistrationRegistration of Services via of Services via Leasing MechanismLeasing Mechanism Resource Leases Services to Lookup Service Resources Renew Services Prior to Expiration If not, Services Become Unavailable Lookup Service Maintains Registry Services as Available “Components”
Leasing Supports High-AvailabilityLeasing Supports High-Availability Registration and Renewal Process Upon Failure, Services Removed from Registry
Clients, Resources, Lookup Can Occupy Same or Clients, Resources, Lookup Can Occupy Same or Different Computing NodesDifferent Computing Nodes
IFIP 2000-6
Sun’s JINI TechnologySun’s JINI TechnologyJoin, Lookup, and Service InvocationJoin, Lookup, and Service Invocation
ClientResource
Service ObjectService Attributes
Lookup ServiceRequestServiceAddCourse(CSE900)
ReturnService
Proxy toAddCourse( )
Join
Register & Lease Services CourseDB ClassContains Method AddCourse ( )
1. Client Invokes AddCourse(CSE900) on Resource2. Resource Returns Status of Invocation
Service Invocation via Proxy by Transparent RMI Call
Service Object
Service Attributes
Registry of Entries
IFIP 2000-7
Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security
Many Current Lookup ServicesMany Current Lookup Services Successfully Dictates Service Utilization Requires Programmatic Solution for Security Does Not Selectively and Dynamically Control
Access Based on Client Role Security of a Distributed Resource Should Security of a Distributed Resource Should
Selectively and Dynamically Control Client Access Selectively and Dynamically Control Client Access to Services Based on the Roleto Services Based on the Role
Our ApproachOur Approach Define Dedicated Resources to Authorize,
Authenticate, and Enforce Security by Role Proposed Resources
Role-Based Privileges, Authorization List, Security Registration
IFIP 2000-8
Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security
Resources Provide ServicesClients Using Services
Figure 3.1: General Architecture of Clients and Resources.
Role-BasedPrivileges
AuthorizationList
Security Registration
Legacy
COTS
COTS
Database
Database
LookupService
LookupService
JavaClient
JavaClient
LegacyClient
DatabaseClient
SoftwareAgent
COTSClient
IFIP 2000-9
Security Resources and ServicesSecurity Resources and Services
Role-Based Privileges ResourceRole-Based Privileges Resource Define User-role Grant/Revoke Access of Role to Resource Register Services
Authorization List ResourceAuthorization List Resource Maintains Client Profile (Many Client Types) Client Profile and Authorize Role Services
Security Registration ResourceSecurity Registration Resource Register Client Service Identity Registration at Startup Uses IP Address
Services of ResourceServices of Resource Functionally Separated and Organized Resemble Method Definitions (OO)
IFIP 2000-10
The Services of theThe Services of theRole-Based Privilege ResourceRole-Based Privilege Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
IFIP 2000-11
The Services of theThe Services of theAuthorization-List ResourceAuthorization-List Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
IFIP 2000-12
The Services of theThe Services of theSecurity Registration ResourceSecurity Registration Resource
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
IFIP 2000-13
Security Client and Resource InteractionsSecurity Client and Resource Interactions
Figure 3.3: Security Client and Database Resource Interactions.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
SecurityClient
Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Discover Service Return Proxy
GeneralResource
Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Find_All_Clients_UR(UR);
Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id); Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(UR,R_Id); Find_AllUR_Service(UR,R_Id,S_Id); Find_AllUR_Method(UR,R_Id,S_Id,M_Id); Find_UR_Privileges(UR);
Register_Resource(R_Id); Register_Service(R_Id, S_Id);Register_Method(R_Id, S_Id, M_Id);UnRegister_Resource(R_Id);UnRegister_Service(R_Id, S_Id);UnRegister_Method(R_Id, S_Id, M_Id);
Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
IFIP 2000-14
8. Check_Privileges(UR,R_Id,S_Id,M_Id);
Client Interactions and ProcessingClient Interactions and Processing
DatabaseResource
Figure 3.4: Client Interactions and Service Invocations.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
GUIClient
1. Register_Client(C_Id, IP_Addr,UR);
2. Verify_UR_Client(UR,C_Id);
Discover Service Return Proxy
3. Client OK?
4. Registration OK?
5. ModifyAttr(C_ID,UR,Value)
6.IsClient_Registered(C_ID)
7. Registration OK?
9. Privileges OK?
10. Modification OK?
IFIP 2000-15
Two Experimental PrototypesTwo Experimental Prototypes
JINI Prototype of Role Based ApproachJINI Prototype of Role Based Approach University Database (UDB) Initial GUI for Sign In (Authorization List) Student/faculty GUI Client (Coursedb) Access to Methods Limited Based on Role
(Ex: Only Student Can Enroll in a Course) Security Client Prototype Security Client Prototype
Generic Tool Uses Three Resources and Their Services
Role-Based Privileges Authorization-List Security Registration
IFIP 2000-16
Experimental Prototype OneExperimental Prototype One JINI Prototype of Role Based Approach JINI Prototype of Role Based Approach
Figure 4.1: An Architecture of URBS based on JINI Technology.
JavaGUI
Client1
JINILookupService
Author.List Res.(copy 2)
Author.List Res.(copy 1)
Role-BasedPrivileges &
Sec. Reg.
JavaGUI
Client2
CourseDBResource(copy 1)
CourseDBResource(copy 2)
Role-BasedPrivileges &
Sec. Reg.
DBServer Service GetClasses(); PreReqCourse(); GetVacantClasses(); EnrollCourse(); AddCourse(); RemoveCourse(); UpdateCourse().
IFIP 2000-17
Experimental Prototype OneExperimental Prototype OneExecution ProcessExecution Process
Figure 4.2: Execution Process for Architecture.
JavaGUI
Client1
JINILookupService
Role-BasePrivileges &
Sec. Reg.
1a, 5a
1b, 5b
2
4
6
CourseDBResource
8a
9a 8b
9b10
7a 7b
Author.List Res.
3aa3b
1a. Discover Register_Client Service1b. Return Service Proxy2. Register the Client3a. Is Client Authorized?3b. Succeed - return Role4. Return Success or Failure5a. Discover CourseDB Service5b. Return Service Proxy6. Invoke a Method, e.g., Invoke EnrollCourse()7a. Discover Role-Based Priv. & Sec. Reg. Services7b. Return Service Proxies8a. Is Client Registered?8b. Return Yes or No9a. Can Client Invoke Method?10. addCourse() or do nothing
IFIP 2000-18
Experimental Prototype TwoExperimental Prototype TwoThe Security Client PrototypeThe Security Client Prototype
Figure 4.3: Initial Security Client Screen.
IFIP 2000-19
RecallRecallSecurity Resources and ServicesSecurity Resources and Services
Figure 3.2: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Authorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);
User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
Role-Based Privileges Services
IFIP 2000-20
Experimental Prototype TwoExperimental Prototype TwoRole-Based Privilege Resource & ServicesRole-Based Privilege Resource & Services
Figure 4.4: The Role-Based Privileges Services Screen
IFIP 2000-21
Experimental Prototype TwoExperimental Prototype Two Authorization List Resource & Services Authorization List Resource & Services
Figure 4.5: The Authorization-List Services Screen.
IFIP 2000-22
Experimental Prototype TwoExperimental Prototype Two Security Registration Resource & Services Security Registration Resource & Services
Figure 4.6: The Security Registration Services Screen.
IFIP 2000-23
Related WorkRelated Work
Security Policy & Security Policy & Enforcement (OS Security)Enforcement (OS Security) Security Filters and
Screens Header Encryption User-level Authen. IP Encapsulation Key Mgmt. Protocols Browser Security
Use of EncryptionUse of Encryption Access Control Securing Comm.
Channel Establishing a Trusted
Computer Base Network Services
Kerberos and Charon
Security: Mobile AgentsSecurity: Mobile Agents Saga Security
Architecture Access Tokens Control Vectors Security Monitor
Concordia Storage Protection Transmission
Protection Server Resource
Protection Other Topics
Trust Appraisal Metric Analysis Short-lived Certificates Seamless Object
Authentication
IFIP 2000-24
ConclusionsConclusions
For a Distributed Resource EnvironmentFor a Distributed Resource Environment Proposed & Explained a Role-Based Approach Authorize, Authenticate, and Enforce
Presented an Software Architecture ContainingPresented an Software Architecture Containing Role-Based Security Model for a Distributed
Resource Environment Security Registration, Authorization-List, and
Role-based Privileges Resources Developed Two Independent PrototypesDeveloped Two Independent Prototypes
JINI-Based Prototype for Role-Based Security Model that Allows Clients to Access Resources Based on Role
Security Client for Establishing Privileges
IFIP 2000-25
Future WorkFuture Work
Negative PrivilegesNegative Privileges Chaining of Resource Invocations Client Uses S1 on R1 that Calls S2 on R2 Client Authorized to S1 but Not S2
Multiple Security ClientsMultiple Security Clients What Happens When Multiple Security Clients
Attempt to Modify Privileges at Same Time? Is Data Consistency Assured?
Leasing Concept available with JINILeasing Concept available with JINI Leasing Allows Services to Expire Can Role-Based Privileges Also Expire?
IFIP 2000-26
Future WorkFuture Work
Location of Client vs. Affect on ServiceLocation of Client vs. Affect on Service What if Client in on Local Intranet? What if Client is on WAN? Are Privileges Different?
Tracking Computation for Identification PurposesTracking Computation for Identification Purposes Currently Require Name, Role, IP Addr, Port # How is this Tracked when Dynamic IP
Addresses are Utilized? Integration of the the Two PrototypesIntegration of the the Two Prototypes
Combining Both Prototypes into Working System
Likely Semester Project during Fall 2000