Title: Security Issues for Distributed Computing
1 Security Issues for Distributed Computing
Prof. Steven A. Demurjian Computer Science
Engineering Department 191 Auditorium Road, Box
U-155 The University of Connecticut Storrs,
Connecticut 06269-3155
http//www.engr.uconn.edu/steve steve_at_engr.uconn.
edu
2Overview
- Background and Motivation
- What are Key Distributed Security Issues?
- What are Major/Underlying Security Concepts?
- What are Available Security Approaches?
- Identifying Key Distributed Security Requirements
- Frame the Solution Approach
- Outline UConn Research Emphasis
- Secure Software Design (UML and AOSD)
- Middleware-Based Realization (CORBA/JINI)
- Information Exchange via XML
3Security for Distributed Applications
How is Security Handled for Individual Systems?
What if Security Never Available for
Legacy/COTS/Database?
Security Issues for New Clients? New Servers?
Across Network?
What about Distributed Security?
Security Policy, Model, and Enforcement?
4Recall Dynamic Coalitions
- Crisis
- Any Situation Requiring Natl. or INatl.
Attention - Coalition
- Alliance of Organizations
- Military, Civilian, International or any
Combination - Dynamic Coalition
- Formed in a Crisis and Changes as Crisis Develops
- Key Concern Being the Most Effective way to Solve
the Crisis - Dynamic Coalition Problem (DCP)
- Security, Resource, and Information Sharing Risks
that Occur as a Result of Coalition Being Formed
5DC for Military Deployment/Engagement
OBJECTIVES Securely Leverage Information in a
Fluid Environment Protect Information While
Simultaneously Promoting the Coalition Security
Infrastructure in Support of DCP
SICF France
LFCS Canada
HEROS Germany
SIACCON Italy
6DC for Medical Emergency
Transportation
Military Medics
Govt.
Local Health Care
CDC
ISSUES Privacy vs. Availability in Medical
Records Support Life-Threatening Situations via
Availability of Patient Data on Demand
7Security Issues Confidence in Security
- Assurance
- Are the Security Privileges for Each User of DC
Adequate (and Limited) to Support their Needs? - What Guarantees are Given by the Security
Infra-structure of DC in Order to Attain - Safety Nothing Bad Happens During Execution
- Liveness All Good Things can Happen During
Execution - Consistency
- Are the Defined Security Privileges for Each User
Internally Consistent? Least-Privilege Principle - Are the Defined Security Privileges for Related
Users Globally Consistent? Mutual-Exclusion
8Security for Coalitions
- Dynamic Coalitions will play a Critical Role in
Homeland Security during Crisis Situations - Critical to Understand the Security Issues for
Users and System of Dynamic Coalitions - Multi-Faceted Approach to Security
- Attaining Consistency and Assurance at Policy
Definition and Enforcement - Capturing Security Requirements at Early Stages
via UML Enhancements/Extensions - Providing a Security Infrastructure that Unifies
RBAC and MAC for Distributed Setting
9Four Categories of Questions
- Questions on Software Development Process
- Security Integration with Software Design
- Transition from Design to Development
- Questions on Information Access and Flow
- User Privileges key to Security Policy
- Information for Users and Between Users
- Questions on Security Handlers and Processors
- Manage/Enforce Runtime Security Policy
- Coordination Across EC Nodes
- Questions on Needs of Legacy/COTS Appls.
- Integrated, Interoperative Distributed
Application will have New Apps., Legacy/COTS,
Future COTS
10Software Development Process Questions
- What is the Challenge of Security for Software
Design? - How do we Integrate Security with the Software
Design Process? - What Types of Security Must be Available?
- How do we Integrate Security into OO/Component
Based Design? - Integration into OO Design?
- Integration into UML Design?
- What Guarantees Must be Available in Process?
- Assurance Guarantees re. Consistent Security
Privileges? - Can we Support Security for Round-Trip and
Reverse Engineering?
11Software Development Process Questions
- What Techniques are Available for Security
Assurance and Analysis? - Can we Automatically Generate Formal Security
Requirements? - Can we Analyze Requirements for Inconsistency and
Transition Corrections Back to Design? - How do we Handle Transition from Design to
Development? - Can we Leverage Programming Language Approaches
in Support of Security for Development? - Subject-Oriented Programming?
- Aspect-Oriented Programming?
- Other Techniques?
12Information Access and Flow Questions
- Who Can See What Information at What Time?
- What Are the Security Requirements for Each User
Against Individual Legacy/cots Systems and for
the Distributed Application? - What Information Needs to Be Sent to Which Users
at What Time? - What Information Should Be Pushed in an
Automated Fashion to Different Users at Regular
Intervals?
13Information Access and Flow Questions
- What Information Needs to Be Available to Which
Users at What Time? - What Information Needs to Be Pulled On-demand
to Satisfy Different User Needs in Time-critical
Situations - How Are Changing User Requirements Addressed
Within the Distributed Computing Application? - Are User Privileges Static for the Distributed
Computing Application? - Can User Privileges Change Based on the Context
and State of Application?
14Security Handlers/Processing Questions
- What Security Techniques Are
- Needed to Insure That the Correct Information Is
Sent to the Appropriate Users at Right Time? - Necessary to Insure That Exactly Enough
Information and No More Is Available to
Appropriate Users at Optimal Times? - Required to Allow As Much Information As Possible
to Be Available on Demand to Authorized Users?
15Security Handlers/Processing Questions
- How Does the Design by Composition of a
Distributed Computing Application Impact on Both
the Security and Delivery of Information? - Is the Composition of Its Secure Components
Also Secure, Thereby Allowing the Delivery of
Information? - Can We Design Reusable Security Components That
Can Be Composed on Demand to Support Dynamic
Security Needs in a Distributed Setting? - What Is the Impact of Legacy/cots Applications on
Delivering the Information?
16Security Handlers/Processing Questions
- How Does Distribution Affect Security Policy
Definition and Enforcement? - Are Security Handlers/enforcement Mechanisms
Centralized And/or Distributed to Support
Multiple, Diverse Security Policies? - Are There Customized Security Handlers/enforcement
Mechanisms at Different Levels of Organizational
Hierarchy? - Does the Organizational Hierarchy Dictate the
Interactions of the Security Handlers for a
Unified Enforcement Mechanism for Entire
Distributed System?
17Legacy/COTS Applications Questions
- When Legacy/cots Appls. Are Placed Into
Distributed, Interoperable Environment - At What Level, If Any, Is Secure Access
Available? - Does the Application Require That Secure Access
Be Addressed? - How Is Security Added If It Is Not Present? What
Techniques Are Needed to Control Access to
Legacy/COTS? - What Is the Impact of New Programming Languages
(Procedural, Object-oriented, Etc.) And Paradigms?
18Focusing on MAC, DAC and RBAC
- For OO Systems/Applications, Focus on Potential
Public Methods on All Classes - Role-Based Approach
- Role Determines which Potential Public Methods
are Available - Automatically Generate Mechanism to Enforce the
Security Policy at Runtime - Allow Software Tools to Look-and-Feel Different
Dynamically Based on Role - Extend in Support of MAC (Method and Data Levels)
and DAC (Delegation of Authority)
19Legacy/COTS Applications
- Interoperability of Legacy/COTS in a Distributed
Environment - Security Issues in Interoperative, Distributed
Environment - Can MAC/DAC/RBAC be Exploited?
- How are OO Legacy/COTS Handled?
- How are Non-OO Legacy/COTS Handled?
- How are New Java/C Appls. Incorporated?
- Can Java Security Capabilities be Utilized?
- What Does CORBA/ORBs have to Offer?
- What about other Middleware (e.g. JINI)?
- Explore Some Preliminary Ideas on Select Issues
20A Distributed Security Framework
- What is Needed for the Definition and Realization
of Security for a Distributed Application? - How can we Dynamically Construct and Maintain
Security for a Distributed Application? - Application Requirements Change Over Time
- Seamless Transition for Changes
- Transparency from both User and Distributed
Application Perspectives - Support MAC, RBAC and DAC (Delegation)
- Cradle to Grave Approach
- Earliest Stages (UML) to Programming (Aspects)
- Information Exchange (XML)
- Middleware Environments - Inter-operating
Artifacts and Clients
21A Distributed Security Framework
- Distributed Security Policy Definition, Planning,
and Management - Integrated with Software DevelopmentDesign
(UML) and Programming (Aspects) - Include Documents of Exchange (XML)
- Formal Security Model with Components
- Formal Realization of Security Policy
- Identifiable Security Components
- Security Handlers Enforcement Mechanism
- Run-time Techniques and Processes
- Allows Dynamic Changes to Policy to be Seamless
and Transparently Made
22Interactions and Dependencies
Enforcement Mechanism Collection of SHs
Security Components
Formal Security Model
Distributed Security Policy
23Policy Definition, Planning, Management
- Interplay of Security Requirements, Security
Officers, Users, Components and Overall System - Minimal Effort in Distributed Setting - CORBA Has
Services for - Confidentiality, Integrity, Accountability, and
Availability - But, No Cohesive CORBA Service Ties Them with
Authorization, Authentication, and Privacy - Difficult to Accomplish in Distributed Setting
- Must Understand All Constituent Systems
- Interplay of Stakeholders, Users, Sec. Officers
24Three-Pronged Security Emphasis
Secure Software Design via UML with MAC/RBAC
Assurance MAC Properties Simple Integrity,
Simple Security, etc. Safety Liveness
Secure Information Exchange via XML with MAC/RBAC
Secure MAC/RBAC Interactions via Middleware in
Distributed Setting
25Secure Software Design - T. Doan
Other Possibilities Reverse Engineer Existing
Policy to Logic Based Definition UML Model with
Security Capture all Security Requirements!
26RBAC/MAC at Design Level
- Security as First Class Citizen in the Design
Process - Use Cases and Actors (Roles) Marked with Security
Levels - Dynamic Assurance Checks to Insure that
Connections Do Not ViolateMAC Rules
27Secure Software Design - J. Pavlich
- What are Aspects?
- System Properties that Apply Across an Entire
Application - Samples Security, Performance, etc.
- What is Aspect Oriented Programming?
- Separation of Components and Aspects from One
Another with Mechanisms to Support Abstraction
and Composition for System Design - What is Aspect Oriented Software Design?
- Focus on Identifying Components, Aspects,
Compositions, etc. - Emphasis on Design Process and Decisions
28Aspects for Security in UML
- Consider the Class Diagram below that Captures
Courses, Documents, and Grade Records - What are Possible Roles?
- How can we Define Limitations of Role Against
Classes?
29A Role-Slice for Professors
30A Role Slide for Students
31Middleware-Based Security - C. Phillips
COTS Client
- Artifacts DB, Legacy, COTS, GOTS, with APIs
- New/Existing Clients use APIs
- Can we Control Access to APIs (Methods) by
- Role (who)
- Classification (MAC)
- Time (when)
- Data (what)
- Delegation
COTS
Database
Legacy
Legacy Client
Database Client
GOTS
Java Client
NETWORK
Working Prototype Available using CORBA,JINI,
Java, Oracle
32Process-Oriented View
33Security for XML Documents
- Emergence of XML for Document/Information
Exchange - Extend RBAC/MAC to XML
- Collection of Security DTDs
- DTDs for Roles, Users, and Constraints
- Capture RBAC and MAC
- Apply Security DTDs to XML Documents
- Result Each XML Document Appears Differently
Based on Role, MAC, Time, Value - Security DTD Filters Document
- Ongoing H. Wang, C. Ju, C.Slamka, and J. Boysen
Security DTDs n Role DTD n User DTD n Constraint
DTD
Security Officer Generates Security XML files
for the Application
Application DTDs and XML
Application
Application DTDs
Appl_Role.xml Appl _User.xml Appl_Constraint.xml
Application XML Files
Users Role Determines the Scope of Access to
Each XML Document
34Concluding Remarks
- Objective is for Everyone to Think about the
Range, Scope, and Impact of Security - Question-Based Approach Intended to Frame the
Discussion - Proposed Solution for Distributed Environment
- Current UConn Foci
- Secure Software Design
- Middleware Realization
- XML Document Customization
- Consider These and Other Issues for DCP