slide1
Download
Skip this Video
Download Presentation
Extending Security for Object-Oriented Models using Security Meta-Objects

Loading in 2 Seconds...

play fullscreen
1 / 20

Extending Security for Object-Oriented Models using Security Meta-Objects - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Extending Security for Object-Oriented Models using Security Meta-Objects. Fahd Arshad. Based upon the work of Thomas Riechmann & Franz J. Hauck:. Meta Objects for Access Control: Extending Capability-Based Security ACM New Security Paradigms Workshop 97 Proceedings (NSPW97),

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Extending Security for Object-Oriented Models using Security Meta-Objects' - nerea-walters


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Extending Security for

Object-Oriented Models

using Security Meta-Objects

Fahd Arshad

Based upon the work of Thomas Riechmann & Franz J. Hauck:

Meta Objects for Access Control:

Extending Capability-Based Security

ACM New Security Paradigms Workshop 97 Proceedings (NSPW97),

Great Langdale, UK, 1997.

basics of capabilities in object oriented systems
Basics of Capabilities in Object-oriented Systems
  • What are objects and how are they related?
  • What is an object-oriented system (OOS)?
  • What is Access Control?
  • What are capabilities and references?
illustration an object oriented system

Object

A

Object

C

Method P()

Method Q()

Method R()

Object

B

Object

D

Data S

Data T

Illustration: An Object-oriented System
illustration an object oriented system1

Object

A

Object

C

Object

B

Object

D

Illustration: An Object-oriented System

Objects

Subjects

principles of capability based security
Principles of Capability-based Security
  • Access based on possession of rights by capability
  • Allow revocation of rights by issuer
  • Rights expire after a specified period
  • Rights are implemented by an attached script
drawbacks of capability based security
Drawbacks of Capability-based Security
  • Highly complex exchange maps make proving security
  • implementation scheme correctness very difficult.
  • Problems lead to dilution of object-oriented model: larger interfaces and objects and fewer references.
  • A capability can not prevent method invocations from leaking references to untrusted objects. Propagation restriction is too restrictive a solution. Providing access control explicitly involves amending all existing code, and is not in accord with OOP of encapsulation and reusability.
domain based security

Object

A

Object

C

Object

B

Object

D

Domain-based Security
  • Java and CORBA use domain- and ACL-based security to improve upon capabilities.
introduction to security meta objects smos
Introduction to Security Meta Objects (SMOs)
  • Assumption: OO programming model that does not allow access except by using object references (e.g. Java and its Byte-code Verifier)
  • An SMO is an object which can be attached to a reference in order to enforce security.
  • It can not be detached unless it itself allows
illustration smos and references
Illustration: SMOs and References

Object

Variable 1

Variable 2

Variable 3

SMO1

SMO2

capabilities implemented as smos
Capabilities Implemented As SMOs
  • Capabilities add three concepts to object references, each ofwhich can be enforced using SMOs:
  • Restriction of access
  • Revocation of access
  • Expiration of access
implementation expiring list smo
Implementation: Expiring List SMO

List list =.....; // a list reference

SecurityMeta smo = new MetaExpire(new Date(12,31,2001));

// create SMO

smo.attachTo(list); // connect SMO to object reference

// now the reference \'list\' is protected

list.Get(...); // any call to the list is checked

// The implementation of the MetaExpire class:

class MetaExpire extends SecurityMeta {

final Date d; // expiration date

MetaExpire(Date d){// Constructor

this.d = d; // store date in “d”

}

// this method checks calls via protected ref

void incomingCall(Object o, Method m, ParameterList p){

// Check if the reference is expired:

if (d.isBefore(getCurrentDate())) {

// throw exception, if ref. expired

throw(new SecException(...));

} } }

extending capability based security with smos
Extending Capability-based Security With SMOs
  • SMOs cure an important vulnerability in pure systems: lack of access control over references passed to untrusted parts of an application.
  • Lack of transitive protection: methods can return unprotected objects
implementation transitivity of access control
Implementation: Transitivity of Access Control
  • If a method returns an object, it is unprotected. Simple solution: if the original method invocated through a protected reference, SMO is attached implicitly to all outgoing references:

// The re-implementation of the MetaExpire class:

class MetaExpire extends SecurityMeta {

final Date d; MetaExpire(Date d){this.d = d;}

void incomingCall(Object o,...){…}

void outgoingRef(Object o,...){

// object reference ‘o’ is being returned

this.attachto(o);

}

}

illustration trojan horse problem

Untrusted U

Untrusted V

Illustration: Trojan Horse problem

object

m

list

Trusted T

smo

implementation trojan horse solution
Implementation: Trojan Horse solution
  • If a method returns an object, it is unprotected. Simple solution: if the original method invocated through a protected reference, SMO is attached implicitly to all outgoing references:

// The re-implementation of the MetaExpire class:

class MetaExpire extends SecurityMeta {

final Date d; MetaExpire(Date d){this.d = d;

}

void incomingCall(Object o,...){…}

void incomingRef(Object o,...){

this.reverseAttachto(o);

}

void outgoingRef(Object o,...){

this.attachto(o);

}

}

conclusion smos capabilities on steroids
Conclusion SMOs: Capabilities on Steroids
  • Protected class implementation does not require any support for security.
  • SMO implementation does not need any special support for protected class and can be used with any class.
  • General forms of SMO are class-independent and may be reused
  • Specialized forms may be implemented for method-dependent security.
references
References
  • Presented by Fahd Arshad for CS428: Operating Systems taught by Dr. Linda Lankewicz at Sewanee in Fall [email protected], http://itw.sewanee.edu/Fahd/
  • Based on a paper presented to ACM New Security Paradigms Workshop at Great Langdale, UK, 1997 by Thomas Riechmann & Franz J. Hauck
  • Authors’ web pages:http://www4.informatik.uni-erlangen.de/~fzhauck/http://www4.informatik.uni-erlangen.de/~riechman/
ad