ifip 2000-1 profs. steven a. demurjian and t.c. ting j. balthazar, h. ren, and c. phillips computer...

IFIP 2000-1

Profs. Steven A. Demurjian and T.C. TingJ. Balthazar, H. Ren, and C. Phillips

Computer Science & Engineering Department191 Auditorium Road, Box U-155

The University of ConnecticutStorrs, Connecticut 06269-3155

http://www.engr.uconn.edu/[email protected]

Role-Based Security in a Distributed Role-Based Security in a Distributed Resource Environment*Resource Environment*

Dr. Paul BarrThe MITRE Corp145 Wyckoff Road

Eatontown, New Jersey [email protected]

*This work supported in part by a research contract from the Mitre Corporation (Eatontown, NJ) and a research grant from AFOSR

IFIP 2000-2

OverviewOverview

Goals of Our Research EffortGoals of Our Research Effort Sun’s JINI TechnologySun’s JINI Technology A Software Architecture for Role-Based SecurityA Software Architecture for Role-Based Security

Proposed Software Architecture Security Resources and Services Security Client and Resource Interactions Client Interactions and Processing

Experimental Prototypes Experimental Prototypes JINI Prototype of Role Based Approach Security Client Prototype

Related WorkRelated Work Conclusions and Future WorkConclusions and Future Work

IFIP 2000-3

Goals of Our Research EffortGoals of Our Research Effort

Incorporation of Role-Based Approach within Incorporation of Role-Based Approach within Distributed Resource EnvironmentDistributed Resource Environment Highly-Available Distributed Applications

Constructed Using Middleware Tools Demonstrate Use of JINI to Provide Selective

Access of Clients to Resources Based on Role Propose Software Architecture and Role-Based Propose Software Architecture and Role-Based

Security Model forSecurity Model for Authorization of Clients Based on Role Authentication of Clients and Resources Enforcement so Clients Only Use Authorized

Services (of Resource) Propose Security Solution for Distributed Propose Security Solution for Distributed

Applications for Clients and Services (Resources)Applications for Clients and Services (Resources)

IFIP 2000-4

Sun’s JINI TechnologySun’s JINI Technology

Construct Distributed Applications Using JINI by Construct Distributed Applications Using JINI by Federating Groups of Users Resources Provide Services for Users

A A ResourceResource Provides a Set of Services for Use by Provides a Set of Services for Use by Clients (Users) and Other Resources (Services)Clients (Users) and Other Resources (Services)

A A ServiceService is Similar to a Public Method is Similar to a Public Method Exportable - Analogous to API Any Entity Utilized by Person or Program Samples Include:

Computation, Persistent Store, Printer, Sensor Software Filter, Real-Time Data Source

Services: Concrete Interfaces of Components Services Register with Services Register with Lookup ServiceLookup Service

IFIP 2000-5

Sun’s JINI TechnologySun’s JINI TechnologyKey JINI Concepts and TermsKey JINI Concepts and Terms

RegistrationRegistration of Services via of Services via Leasing MechanismLeasing Mechanism Resource Leases Services to Lookup Service Resources Renew Services Prior to Expiration If not, Services Become Unavailable Lookup Service Maintains Registry Services as Available “Components”

Leasing Supports High-AvailabilityLeasing Supports High-Availability Registration and Renewal Process Upon Failure, Services Removed from Registry

Clients, Resources, Lookup Can Occupy Same or Clients, Resources, Lookup Can Occupy Same or Different Computing NodesDifferent Computing Nodes

IFIP 2000-6

Sun’s JINI TechnologySun’s JINI TechnologyJoin, Lookup, and Service InvocationJoin, Lookup, and Service Invocation

ClientResource

Service ObjectService Attributes

Lookup ServiceRequestServiceAddCourse(CSE900)

ReturnService

Proxy toAddCourse( )

Join

Register & Lease Services CourseDB ClassContains Method AddCourse ( )

1. Client Invokes AddCourse(CSE900) on Resource2. Resource Returns Status of Invocation

Service Invocation via Proxy by Transparent RMI Call

Service Object

Service Attributes

Registry of Entries

IFIP 2000-7

Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security

Many Current Lookup ServicesMany Current Lookup Services Successfully Dictates Service Utilization Requires Programmatic Solution for Security Does Not Selectively and Dynamically Control

Access Based on Client Role Security of a Distributed Resource Should Security of a Distributed Resource Should

Selectively and Dynamically Control Client Access Selectively and Dynamically Control Client Access to Services Based on the Roleto Services Based on the Role

Our ApproachOur Approach Define Dedicated Resources to Authorize,

Authenticate, and Enforce Security by Role Proposed Resources

Role-Based Privileges, Authorization List, Security Registration

IFIP 2000-8

Proposed Software ArchitectureProposed Software Architecturefor Role-Based Securityfor Role-Based Security

Resources Provide ServicesClients Using Services

Figure 3.1: General Architecture of Clients and Resources.

Role-BasedPrivileges

AuthorizationList

Security Registration

Legacy

COTS

COTS

Database

Database

LookupService

LookupService

JavaClient

JavaClient

LegacyClient

DatabaseClient

SoftwareAgent

COTSClient

IFIP 2000-9

Security Resources and ServicesSecurity Resources and Services

Role-Based Privileges ResourceRole-Based Privileges Resource Define User-role Grant/Revoke Access of Role to Resource Register Services

Authorization List ResourceAuthorization List Resource Maintains Client Profile (Many Client Types) Client Profile and Authorize Role Services

Security Registration ResourceSecurity Registration Resource Register Client Service Identity Registration at Startup Uses IP Address

Services of ResourceServices of Resource Functionally Separated and Organized Resemble Method Definitions (OO)

IFIP 2000-10

The Services of theThe Services of theRole-Based Privilege ResourceRole-Based Privilege Resource

Figure 3.2: The Services and Methods for Security Resources.

Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();

Authorization-List Services

Security Registration Services

Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);

Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();

Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);

Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);

Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);

User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);

Role-Based Privileges Services

IFIP 2000-11

The Services of theThe Services of theAuthorization-List ResourceAuthorization-List Resource












IFIP 2000-12

The Services of theThe Services of theSecurity Registration ResourceSecurity Registration Resource












IFIP 2000-13

Security Client and Resource InteractionsSecurity Client and Resource Interactions

Figure 3.3: Security Client and Database Resource Interactions.


AuthorizationList


LookupService

SecurityClient

Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();

Discover Service Return Proxy

GeneralResource

Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Find_All_Clients_UR(UR);

Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id); Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(UR,R_Id); Find_AllUR_Service(UR,R_Id,S_Id); Find_AllUR_Method(UR,R_Id,S_Id,M_Id); Find_UR_Privileges(UR);

Register_Resource(R_Id); Register_Service(R_Id, S_Id);Register_Method(R_Id, S_Id, M_Id);UnRegister_Resource(R_Id);UnRegister_Service(R_Id, S_Id);UnRegister_Method(R_Id, S_Id, M_Id);

Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();

IFIP 2000-14

8. Check_Privileges(UR,R_Id,S_Id,M_Id);

Client Interactions and ProcessingClient Interactions and Processing

DatabaseResource

Figure 3.4: Client Interactions and Service Invocations.


AuthorizationList


LookupService

GUIClient

1. Register_Client(C_Id, IP_Addr,UR);

2. Verify_UR_Client(UR,C_Id);

Discover Service Return Proxy

3. Client OK?

4. Registration OK?

5. ModifyAttr(C_ID,UR,Value)

6.IsClient_Registered(C_ID)

7. Registration OK?

9. Privileges OK?

10. Modification OK?

IFIP 2000-15

Two Experimental PrototypesTwo Experimental Prototypes

JINI Prototype of Role Based ApproachJINI Prototype of Role Based Approach University Database (UDB) Initial GUI for Sign In (Authorization List) Student/faculty GUI Client (Coursedb) Access to Methods Limited Based on Role

(Ex: Only Student Can Enroll in a Course) Security Client Prototype Security Client Prototype

Generic Tool Uses Three Resources and Their Services

Role-Based Privileges Authorization-List Security Registration

IFIP 2000-16

Experimental Prototype OneExperimental Prototype One JINI Prototype of Role Based Approach JINI Prototype of Role Based Approach

Figure 4.1: An Architecture of URBS based on JINI Technology.

JavaGUI

Client1

JINILookupService

Author.List Res.(copy 2)

Author.List Res.(copy 1)

Role-BasedPrivileges &

Sec. Reg.

JavaGUI

Client2

CourseDBResource(copy 1)

CourseDBResource(copy 2)

Role-BasedPrivileges &

Sec. Reg.

DBServer Service GetClasses(); PreReqCourse(); GetVacantClasses(); EnrollCourse(); AddCourse(); RemoveCourse(); UpdateCourse().

IFIP 2000-17

Experimental Prototype OneExperimental Prototype OneExecution ProcessExecution Process

Figure 4.2: Execution Process for Architecture.

JavaGUI

Client1

JINILookupService

Role-BasePrivileges &

Sec. Reg.

1a, 5a

1b, 5b

2

4

6

CourseDBResource

8a

9a 8b

9b10

7a 7b

Author.List Res.

3aa3b

1a. Discover Register_Client Service1b. Return Service Proxy2. Register the Client3a. Is Client Authorized?3b. Succeed - return Role4. Return Success or Failure5a. Discover CourseDB Service5b. Return Service Proxy6. Invoke a Method, e.g., Invoke EnrollCourse()7a. Discover Role-Based Priv. & Sec. Reg. Services7b. Return Service Proxies8a. Is Client Registered?8b. Return Yes or No9a. Can Client Invoke Method?10. addCourse() or do nothing

IFIP 2000-18

Experimental Prototype TwoExperimental Prototype TwoThe Security Client PrototypeThe Security Client Prototype

Figure 4.3: Initial Security Client Screen.

IFIP 2000-19

RecallRecallSecurity Resources and ServicesSecurity Resources and Services












IFIP 2000-20

Experimental Prototype TwoExperimental Prototype TwoRole-Based Privilege Resource & ServicesRole-Based Privilege Resource & Services

Figure 4.4: The Role-Based Privileges Services Screen

IFIP 2000-21

Experimental Prototype TwoExperimental Prototype Two Authorization List Resource & Services Authorization List Resource & Services

Figure 4.5: The Authorization-List Services Screen.

IFIP 2000-22

Experimental Prototype TwoExperimental Prototype Two Security Registration Resource & Services Security Registration Resource & Services

Figure 4.6: The Security Registration Services Screen.

IFIP 2000-23

Related WorkRelated Work

Security Policy & Security Policy & Enforcement (OS Security)Enforcement (OS Security) Security Filters and

Screens Header Encryption User-level Authen. IP Encapsulation Key Mgmt. Protocols Browser Security

Use of EncryptionUse of Encryption Access Control Securing Comm.

Channel Establishing a Trusted

Computer Base Network Services

Kerberos and Charon

Security: Mobile AgentsSecurity: Mobile Agents Saga Security

Architecture Access Tokens Control Vectors Security Monitor

Concordia Storage Protection Transmission

Protection Server Resource

Protection Other Topics

Trust Appraisal Metric Analysis Short-lived Certificates Seamless Object

Authentication

IFIP 2000-24

ConclusionsConclusions

For a Distributed Resource EnvironmentFor a Distributed Resource Environment Proposed & Explained a Role-Based Approach Authorize, Authenticate, and Enforce

Presented an Software Architecture ContainingPresented an Software Architecture Containing Role-Based Security Model for a Distributed

Resource Environment Security Registration, Authorization-List, and

Role-based Privileges Resources Developed Two Independent PrototypesDeveloped Two Independent Prototypes

JINI-Based Prototype for Role-Based Security Model that Allows Clients to Access Resources Based on Role

Security Client for Establishing Privileges

IFIP 2000-25

Future WorkFuture Work

Negative PrivilegesNegative Privileges Chaining of Resource Invocations Client Uses S1 on R1 that Calls S2 on R2 Client Authorized to S1 but Not S2

Multiple Security ClientsMultiple Security Clients What Happens When Multiple Security Clients

Attempt to Modify Privileges at Same Time? Is Data Consistency Assured?

Leasing Concept available with JINILeasing Concept available with JINI Leasing Allows Services to Expire Can Role-Based Privileges Also Expire?

IFIP 2000-26

Future WorkFuture Work

Location of Client vs. Affect on ServiceLocation of Client vs. Affect on Service What if Client in on Local Intranet? What if Client is on WAN? Are Privileges Different?

Tracking Computation for Identification PurposesTracking Computation for Identification Purposes Currently Require Name, Role, IP Addr, Port # How is this Tracked when Dynamic IP

Addresses are Utilized? Integration of the the Two PrototypesIntegration of the the Two Prototypes

Combining Both Prototypes into Working System

Likely Semester Project during Fall 2000

ifip 2000-1 profs. steven a. demurjian and t.c. ting j. balthazar, h. ren, and c. phillips computer...

Documents

services resources

resources services

services security client

set of services

registry services

lookup service services

rolebased security model

terms registration of