1 / 33

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #14 Secure Object Systems September 30, 2009. Outline. Background on object systems Discretionary security Multilevel security

minty
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #14 Secure Object Systems September 30, 2009

  2. Outline • Background on object systems • Discretionary security • Multilevel security • Objects for modeling secure applications • Object Request Brokers • Secure Object Request Brokers • Secure frameworks • Directions

  3. Concepts in Object Database Systems • Objects- every entity is an object • Example: Book, Film, Employee, Car • Class • Objects with common attributes are grouped into a class • Attributes or Instance Variables • Properties of an object class inherited by the object instances • Class Hierarchy • Parent-Child class hierarchy • Composite objects • Book object with paragraphs, sections etc. • Methods • Functions associated with a class

  4. D1 D2 J1 Example Class Hierarchy ID Name Author Publisher Document Class Method2: Method1: Print-doc(ID) Print-doc-att(ID) Journal Subclass Book Subclass Volume # # of Chapters B1

  5. Example Composite Object Composite Document Object Section 2 Object Section 1 Object Paragraph 1 Object Paragraph 2 Object

  6. Security Issues • Access Control on Objects, Classes, Attributes etc. • Execute permissions on Methods • Multilevel Security • Security impact on class hierarchies • Security impact on composite hierarchies

  7. Objects and Security Secure OODB Secure OODA Secure DOM Persistent Design and analysis Infrastructure data store Secure OOPL Secure Frameworks Programming Business objects language Secure OOT Technologies Secure OOM Unified Object Model is Evolving

  8. Access Control

  9. Access Control Hierarchies

  10. Secure Object Relational Model

  11. Policy Enforcement

  12. Sample Systems

  13. Multilevel Security

  14. Some Security Properties • Security level of an instance must dominate the level of the class • Security level of a subclass must dominate the level of the superclass • Classifying associations between two objects • Method must execute at a level that dominates the level of the method

  15. Multilevel Secure Object Relational Systems

  16. Sample MLS Object Systems

  17. Objects for Secure Applications

  18. Object Modeling

  19. Dynamic Model

  20. Functional Model

  21. UML and Policies

  22. Distributed Object Management Systems • Integrates heterogeneous applications, systems and databases • Every node, database or application is an object • Connected through a Bus • Examples of Bus include • Object Request Brokers (Object Management Group) • Distributed Component Object Model (Microsoft)

  23. Object-based Interoperability Server Client Object Object Object Request Broker Example Object Request Broker: Object Management Group’s (OMG) CORBA (Common Object Request Broker Architecture)

  24. Java-based Servers Clients RMI Business Objects Javasoft’s RMI (Remote Method Invocation)

  25. Objects and Security Secure OODB Secure OODA Secure DOM Persistent Design and analysis Infrastructure data store Secure OOPL Secure Frameworks Programming Business objects language Secure OOT Technologies Secure OOM Unified Object Model is Evolving

  26. Secure Object Request Brokers

  27. CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org

  28. OMG Security Specifications

  29. CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org

  30. CORBA (Common Object Request Broker Architecture) Security - 2 • Identification and Authentication of Principles • Authorization and Access Control • Security Auditing • Security of communications • Administration of security information • Non repudiation

  31. Dependable Object Request Brokers Technology provided by Project Navigation Display Consoles Data Analysis Programming Processor Data Links (14) Group (DAPG) & Sensors Refresh Channels Sensor Multi-Sensor Detections Tracks Integrate Security, Real-time and Fault Tolerance Computing Future Future Future App App App Data MSI Mgmt. App Data Xchg. Infrastructure Services Real Time Operating System Hardware

  32. Secure Frameworks

  33. Directions • Object Models • UML for Security applications is becoming common practice • Secure distributed object systems has gained popularity • Evolution into secure object-based middleware • Secure object-based languages • Integrating security and real-time for object systems • Distributed Objects • Security cannot be an afterthought for object-based interoperability • Use ORBs that have implemented security services • Trends are moving towards Java based interoperability and Enterprise Application Integration (EAI) • Examples of EAI products are Web Sphere (IBM) and Web Logic (BEA) • Security has to be incorporated into EAI products

More Related