security in a distributed resource environment
DESCRIPTION
Security in a Distributed Resource Environment. Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, Connecticut 06269-3155. Paper Overview. - PowerPoint PPT PresentationTRANSCRIPT
CSE300-1
Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips
Computer Science & Engineering Department191 Auditorium Road, Box U-155
The University of ConnecticutStorrs, Connecticut 06269-3155
Security in a Distributed Resource Security in a Distributed Resource EnvironmentEnvironment
CSE300-2
Paper OverviewPaper Overview
1. Introduction and Motivation1. Introduction and Motivation 2. JINI 2. JINI 3. System Architecture and Improvements 3. System Architecture and Improvements
Merge Prototypes Security Client Database Dual Security Clients Platform Independence Leasing Enforcement Negative Privileges Architecture Improvements
Experimental Prototype Experimental Prototype Related WorkRelated Work Conclusions and Future WorkConclusions and Future Work
CSE300-3
Introduction and MotivationIntroduction and MotivationResearch GoalsResearch Goals
Incorporation of Role-Based Approach within Incorporation of Role-Based Approach within Distributed Resource EnvironmentDistributed Resource Environment Make Distributed Applications Available
Using Middleware Tools
Propose Software Architecture and Role-Based Propose Software Architecture and Role-Based Security Model forSecurity Model for Authorization of Clients Based on Role Authentication of Clients and Resources Enforcement so Clients Only Use Authorized
Services (of Resource)
CSE300-4
Introduction and MotivationIntroduction and MotivationApproachApproach
Many Middleware Lookup ServicesMany Middleware Lookup Services Successfully Dictates Service Utilization Requires Programmatic Solution for Security Does Not Selectively and Dynamically Control
Access Based on Client Role Security of a Distributed Resource Should Security of a Distributed Resource Should
Selectively and Dynamically Control Client Selectively and Dynamically Control Client Access to Services Based on the RoleAccess to Services Based on the Role
Our ApproachOur Approach Define Dedicated Resource to Authorize,
Authenticate, and Enforce Security Policy based on Role of Client
CSE300-5
Introduction and MotivationIntroduction and MotivationInitial ArchitectureInitial Architecture
Resources Provide ServicesClients Using Services
Figure 1.1: General Architecture of Clients and Resources.
Role-BasedPrivileges
AuthorizationList
Security Registration
Legacy
COTS
COTS
Database
Database
LookupService
LookupService
JavaClient
JavaClient
LegacyClient
DatabaseClient
SoftwareAgent
COTSClient
CSE300-6
Introduction and MotivationIntroduction and MotivationInitial PrototypesInitial Prototypes
JINI Prototype of Role Based ApproachJINI Prototype of Role Based Approach University Database (UDB) Initial GUI for Sign In (Authorization List) Student/faculty GUI Client (Coursedb) Access to Methods Limited Based on Role
(Ex: Only Student Can Enroll in a Course) Security Client Prototype Security Client Prototype
Generic Tool Uses Three Resources and Their Services
Role-Based Privileges Authorization-List Security Registration
CSE300-7
Introduction and MotivationIntroduction and Motivation Security System Resources and ServicesSecurity System Resources and Services
Role-Based Privileges ResourceRole-Based Privileges Resource Define User-role Grant/Revoke Access of Role to Resource Register Services
Authorization List ResourceAuthorization List Resource Maintains Client Profile (Many Client Types) Client Profile and Authorize Role Services
Security Registration ResourceSecurity Registration Resource Register Client Service Identity Registration at Startup Uses IP Address
Services of ResourceServices of Resource Functionally Separated and Organized Resemble Method Definitions (OO)
CSE300-8
Introduction and MotivationIntroduction and Motivation InitialInitial Security Client and Resource InteractionsSecurity Client and Resource Interactions
Figure 1.2. Security Client and Database Resource Interactions.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
SecurityClient
Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Discover Service Return Proxy
GeneralResource
Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Find_All_Clients_UR(UR);
Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id); Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(UR,R_Id); Find_AllUR_Service(UR,R_Id,S_Id); Find_AllUR_Method(UR,R_Id,S_Id,M_Id); Find_UR_Privileges(UR);
Register_Resource(R_Id); Register_Service(R_Id, S_Id);Register_Method(R_Id, S_Id, M_Id);UnRegister_Resource(R_Id);UnRegister_Service(R_Id, S_Id);UnRegister_Method(R_Id, S_Id, M_Id);
Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
CSE300-9
8. Check_Privileges(UR,R_Id,S_Id,M_Id);
Introduction and MotivationIntroduction and Motivation Client Interactions and ProcessingClient Interactions and Processing
DatabaseResource
Figure 3.1: Client Interactions and Service Invocations.
Role-BasedPrivileges
AuthorizationList
Security Registration
LookupService
GUIClient
1. Register_Client(C_Id, IP_Addr,UR);
2. Verify_UR_Client(UR,C_Id);
Discover Service Return Proxy
3. Client OK?
4. Registration OK?
5. ModifyAttr(C_ID,UR,Value)
6.IsClient_Registered(C_ID)
7. Registration OK?
9. Privileges OK?
10. Modification OK?
CSE300-10
Introduction and MotivationIntroduction and Motivation ObjectivesObjectives
Merge PrototypesMerge Prototypes Implement Different DBMSImplement Different DBMS Use Multiple Different Computing PlatformsUse Multiple Different Computing Platforms Establish Dual Security ClientsEstablish Dual Security Clients Leasing EnforcementLeasing Enforcement Implement Negative Privilege PolicyImplement Negative Privilege Policy Improve ArchitectureImprove Architecture
CSE300-11
Figure 2.1: Join, Lookup, and Invocation of Service.
ClientResource
Service ObjectService Attributes
Lookup ServiceRequestServiceAddCourse(CSE230)
ReturnService
Proxy toAddCourse( )
Join
Register & Lease Services CourseDB ServiceContains Method AddCourse ( )
1. Client Invokes AddCourse(CSE230) on Resource2. Resource Returns Status of Invocation
Service Invocation via Proxy by Transparent RMI Call
Service Object
Service Attr ibutes
Registry of Entries
JINIJINILookup Service, Client and Resource InteractionsLookup Service, Client and Resource Interactions
CSE300-12
Resource Client
Resource Server
Security System1. registerClient(id, passwd, role)
2. Return token
3. doSomething(token, ….)
4. hasClientRight(token, resource_id, method_id)
5. Yes or no
Security Registration
Authorization List
Figure 3.2 Model for Security System Integration
Role-based Security
System Architecture and ImprovementsSystem Architecture and ImprovementsMerge PrototypesMerge Prototypes
CSE300-13
System Architecture and Improvements System Architecture and Improvements JINI Prototype of Role Based Approach JINI Prototype of Role Based Approach
Figure 3.3. University Database System Architecture
JavaGUI
Client1
JINILookupService
Author.List Res.(copy 2)
Author.List Res.(copy 1)
Role-BasedPrivileges &
Sec. Reg.
JavaGUI
Client2
CourseDBResource(copy 1)
CourseDBResource(copy 2)
Role-BasedPrivileges &
Sec. Reg.
DBServer Service GetClasses(); PreReqCourse(); GetVacantClasses(); EnrollCourse(); AddCourse(); RemoveCourse(); UpdateCourse().
CSE300-14
System Architecture and Improvements System Architecture and Improvements Security Policy and EnforcementSecurity Policy and Enforcement
Figure 3.4: The Services and Methods for Security Resources.
Register Client Service Register_Client(C_Id, IP_Addr, UR); UnRegister_Client(C_Id, IP_Addr, UR); IsClient_Registered(C_Id); Find_Client(C_Id, IP_Addr); Find_All_Active_Clients();
Negative Privileges ServiceGrant_Resource(UR_Id, R_Id); Grant_NP_Service(UR_Id, R_Id, S_Id); Grant_NP_Method(UR_Id, R_Id, M_Id); Revoke_NP_Resource(UR, R_Id); Revoke_NP_Service(UR, R_Id, S_Id); Revoke_NP_Method(UR, R_Id, M_Id);
POLICY ENFORCEMENTAuthorization-List Services
Security Registration Services
Authorize Role Service Grant_UR_Client(UR_Id, C_Id); Revoke_UR_Client(UR, C_Id); Find_AllUR_Client(C_Id); Verify_UR_Client(UR, C_Id); Find_All_Clients_UR(UR);
Client Profile Service Create_New_Client(C_Id); Delete_Client(C_Id); Find_Client(C_Id); Find_All_Clients();
Register Service Register_Resource(R_Id); Register_Service(R_Id, S_Id); Register_Method(R_Id, S_Id, M_Id); UnRegister_Resource(R_Id); UnRegister_Service(R_Id, S_Id); UnRegister_Method(R_Id, S_Id, M_Id);
Query Privileges Service Check_Privileges(UR_Id, R_Id, S_Id, M_Id);
Grant-Revoke Service Grant_Resource(UR_Id, R_Id); Grant_Service(UR_Id, R_Id, S_Id); Grant_Method(UR_Id, R_Id, S_Id, M_Id); Revoke_Resource(UR, R_Id); Revoke_Service(UR, R_Id, S_Id); Revoke_Method(UR, R_Id, S_Id, M_Id); Find_AllUR_Resource(R_Id); Find_AllUR_Service(R_Id, S_Id); Find_AllUR_Method(R_Id, S_Id, M_Id); Find_UR_Privileges(UR);User Role Service Create_New_Role(UR_Name, UR_Disc, UR_Id); Delete_Role(UR_Id); Find_UR_Name(UR_Name); Find_UR_Id(UR_Id);
SECURITY POLICYRole-Based Privileges Services
CSE300-15
Security Client 1
Security Client 2
DB Master 1 DB Master 2Replication
Snapshot1Snapshot1
repl
icat
ion
… Snapshot2 Snapshot1 …re
plic
atio
nreplication
replication
Figure 3.5. Dual Security Client Database Architecture
System Architecture and Improvements System Architecture and Improvements Security System DatabaseSecurity System Database
CSE300-16
Token Check
Negative Privilege Check
Positive Privilege Check
Proceed
Stop
Figure 3.6 hasClientRight( ) Method
Resource Check
Check time restriction
Check to-from time restric tion
Check user against Resource , Service, or Method in table
Check user role against , ResourceService, or Method in table
System Architecture and Improvements System Architecture and Improvements Leasing, Negative Privilege EnforcementLeasing, Negative Privilege Enforcement
CSE300-17
Legacy
COTS
COTS
Database
Resources Provide Services
JavaClient
LegacyClient
DatabaseClient
Clients UsingServices
Figure 3.7: New Architecture of Clients and Resources.
EnforcementClient
SECURITYSYSTEM
PolicyClient
Database
LookupService
SoftwareAgent
COTSClient
LookupService
SECURITYSYSTEM
GeneralResource
System Architecture and Improvements System Architecture and Improvements New Security ModelNew Security Model
CSE300-18
System Architecture and Improvements System Architecture and Improvements New Database SchemeNew Database Scheme
CSE300-19
Experimental Prototype Experimental Prototype Security Client PrototypeSecurity Client Prototype
Figure 4.1. Authentication GUI.
CSE300-20
Experimental PrototypeExperimental PrototypePolicy Client PrototypePolicy Client Prototype
Figure 4.2. Policy Client, Role, Create Role
CSE300-21
Experimental PrototypeExperimental PrototypePolicy Client PrototypePolicy Client Prototype
Figure 4.3. Policy Client, Role, Grant IP
CSE300-22
Experimental PrototypeExperimental PrototypePolicy Client PrototypePolicy Client Prototype
Figure 4.4. Policy Client, Resource, Method
CSE300-23
Experimental PrototypeExperimental PrototypePolicy Client PrototypePolicy Client Prototype
Figure 4.5. Policy Client, Resource, Resource
CSE300-24
Experimental PrototypeExperimental PrototypePolicy Client PrototypePolicy Client Prototype
Figure 4.6. Policy Client, Resource, Add Method to Service
CSE300-25
Experimental PrototypeExperimental PrototypeEnforcement Client PrototypeEnforcement Client Prototype
Figure 4.7. Enforcement Client, User, Create User
CSE300-26
Experimental PrototypeExperimental PrototypeEnforcement Client PrototypeEnforcement Client Prototype
Figure 4.8. Enforcement Client, User, Grant Role
CSE300-27
Experimental PrototypeExperimental PrototypeEnforcement Client PrototypeEnforcement Client Prototype
Figure 4.9. Enforcement Client, User, Negative Privileges
CSE300-28
Experimental PrototypeExperimental PrototypeEnforcement Client PrototypeEnforcement Client Prototype
Figure 4.10. Enforcement Client, Token, Unregister Token
CSE300-29
Experimental PrototypeExperimental PrototypeUniversity Database PrototypeUniversity Database Prototype
Figure 4.11. University Database, Query Database
CSE300-30
Experimental PrototypeExperimental PrototypeUniversity Database PrototypeUniversity Database Prototype
Figure 4.12. University Database, Update Course
CSE300-31
Experimental PrototypeExperimental PrototypeUniversity Database PrototypeUniversity Database Prototype
Figure 4.13. University Database, Register Courses
CSE300-32
Related WorkRelated Work
Security Policy & Security Policy & Enforcement (OS Security)Enforcement (OS Security) Security Filters and
Screens Header Encryption User-level Authen. IP Encapsulation Key Mgmt. Protocols Browser Security
Use of EncryptionUse of Encryption Access Control Securing Comm.
Channel Establishing a Trusted
Computer Base Network Services
Kerberos and Charon
Security: Mobile AgentsSecurity: Mobile Agents Saga Security
Architecture Access Tokens Control Vectors Security Monitor
Concordia Storage Protection Transmission
Protection Server Resource
Protection Other Topics
Trust Appraisal Metric Analysis Short-lived Certificates Seamless Object
Authentication
CSE300-33
ConclusionsConclusions
For a Distributed Resource EnvironmentFor a Distributed Resource Environment Proposed & Explained a Role-Based Approach
Presented Software Architecture ContainingPresented Software Architecture Containing Role-Based Security Model for a Distributed
Resource Environment Improved PrototypeImproved Prototype
Merged Prototypes Improved Security Client
Token Time Stamps
Negative Privileges Dual Security Clients Achieved Platform Independence
CSE300-34
Future WorkFuture Work
More on Negative PrivilegesMore on Negative Privileges Chaining of Resource Invocations Client Uses S1 on R1 that Calls S2 on R2
Multiple Security ClientsMultiple Security Clients What Happens When Multiple Security Clients
Attempt to Modify Privileges at Same Time? Security Client Hierarchy Testing
Analysis ToolAnalysis Tool Track Chaining of resources
Mandatory Access ControlMandatory Access Control
CSE300-35
Future WorkFuture Work
Introduce Cryptography TechnologyIntroduce Cryptography Technology Location of Client vs. Affect on ServiceLocation of Client vs. Affect on Service
What if Client in on Local Intranet? What if Client is on WAN? Are Privileges Different?
Tracking Computation for Identification PurposesTracking Computation for Identification Purposes Currently Require Name, Role, IP Addr, Port # How is this Tracked when Dynamic IP
Addresses are Utilized?