UnifiedSec-1 CSE 5810 Integrated Secure Software Engr. Approach for Functional, Collaborative, and Information Concerns J. A. Pavlich-Mariscal, S. Berhe,

Slides:



Advertisements
Similar presentations
Access control for geospatial information objects using/extending the eXtensible Access Control Markup Language Andreas Matheus, Technische Universität.
Advertisements

News in XACML 3.0 and application to the cloud Erik Rissanen, Axiomatics
Database Planning, Design, and Administration
1 Authorization XACML – a language for expressing policies and rules.
The RBAC96 Model Prof. Ravi Sandhu. 2 © Ravi Sandhu WHAT IS RBAC?  multidimensional  open ended  ranges from simple to sophisticated.
New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Access Control Intro, DAC and MAC System Security.
Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
XEngine: A Fast and Scalable XACML Policy Evaluation Engine Fei Chen Dept. of Computer Science and Engineering Michigan State University Joint work with.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Chapter 9 Database Design
Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.
Lecture Nine Database Planning, Design, and Administration
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Object Oriented Analysis and Design Using the UML
Extended Role Based Access Control – Based Design and Implementation for a Secure Data Warehouse Dr. Bhavani Thuraisingham Srinivasan Iyer.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Audumbar. Access control and privacy Who can access what, under what conditions, and for what purpose.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo
XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.
● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.
The Design Discipline.
Database System Development Lifecycle © Pearson Education Limited 1995, 2005.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
230EA.1 CSE 2102 CSE2102 Exam Advice and Hints Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut 271.
Authorization Infrastructure, a Standards View Hal Lockhart OASIS.
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
SEARCH Membership Group Systems & Technology PAC Global Justice XML Data Model (GJXDM) Update January 29, 2005.
XACML – The Standard Hal Lockhart, BEA Systems. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Elisa Bertino Purdue University Pag. 1 Security of Distributed Systems Part II Elisa Bertino CERIAS and CS &ECE Departments Purdue University.
United States Department of Justice Implementing Privacy Policy in Justice Information Sharing: A Technical Framework John Ruegg,
1 Devon M. Simmonds University of North Carolina, Wilmington CSC450 Software Engineering WorkFlow Modeling with Activity Diagrams.
Illustrations and Answers for TDT4252 exam, June
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
1 Globus Toolkit Security Rachana Ananthakrishnan Frank Siebenlist Argonne National Laboratory.
Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.
Authorization in Trust Management Conditional Delegation and Attribute-Based Role Assignment using XACML and RBAC Brian Garback © Brian Garback 2005.
Computer Science 1 Detection of Multiple-Duty-Related Security Leakage in Access Control Policies JeeHyun Hwang 1, Tao Xie 1, and Vincent Hu 2 North Carolina.
11 Restricting key use with XACML* for access control * Zack’-a-mul.
1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.
Department of Computer Science PCL: A Policy Combining Language EXAM: Environment for Xacml policy Analysis & Management Access Control Policy Combining.
Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.
Security UML -1 Security Analysis/Design for UML Alberto De la Rosa Algarín, Jaime Pavlich-Mariscal, Steven A. Demurjian, Laurent D. Michel Computer Science.
Computer Security: Principles and Practice
Old Dominion University1 eXtensible Access Control Markup Language [OASIS Standard] Kailash Bhoopalam Java and XML.
XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.
Interconnecting Autonomous Medical Domains Gritzalis, S.Gritzalis, S. ; Belsis, P. ; Katsikas, S.K. ; Univ. of the Aegean, Samos Belsis, P.Katsikas, S.K.
OASIS e Xtensible Access Control Markup Language (XACML) Hal Lockhart
Intrto-1 CSE 5810 Miscellaneous FHIR Slides Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut 371.
XACML Contributions Hal Lockhart, Oracle Corp. 2 Topics Authorization API Finding Input Attributes.
Access Control Policy Languages in XML Lê Anh Vũ Võ Thành Vinh
XMLSecurity-1 CSE 5810 XML Security Framework Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut 371.
Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,
Access Control and Audit Indrakshi Ray Computer Science Department Colorado State University Fort Collins CO
Welcome: To the fifth learning sequence “ Data Models “ Recap : In the previous learning sequence, we discussed The Database concepts. Present learning:
Chapter 9 Database Planning, Design, and Administration Transparencies © Pearson Education Limited 1995, 2005.
DigitalHC-1 CSE 5810 Digital Healthcare Security Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut.
Presented By: Smriti Bhatt
Institute for Cyber Security
Institute for Cyber Security
XACML and the Cloud.
HL7 Security Working Group Plenary Working Group Meeting 9-14 September 2012 Baltimore, Maryland Access Control.
Groups and Permissions
Presentation transcript:

UnifiedSec-1 CSE 5810 Integrated Secure Software Engr. Approach for Functional, Collaborative, and Information Concerns J. A. Pavlich-Mariscal, S. Berhe, A. De la Rosa Algarin, S. Demurjian Computer Science & Engineering Department The University of Connecticut 371 Fairfield Road, Box U-1155 Storrs, CT (860)

UnifiedSec-2 CSE 5810 Present an Integrated Approah  Merging and combining  Functional Security (Jaime’s work)  Collaborative Security (Solomon’s work)  Information Security (Alberto’s work)  A secure software engineering approach that tackles the major concepts of an application  Methods and Operations  Collaboration and Adaptive Workflows  Information and Resources used  Leveraging access control models across all three topics  RBAC  MAC  DAC

UnifiedSec-3 CSE 5810 Overview of the Process

UnifiedSec-4 CSE 5810 High Level View of the Process

Security UML -5 CSE 5810 Recall Virtual Chart Example

Security UML -6 6 VCA Use Case Diagram

Security UML -7 7 Two Main Classes

Security UML -8 CSE 5810 Diagrams for Functional Security  Secure Subsystem  Role Slice Diagram  User Diagram  Delegation Diagram  MAC Extensions

Security UML -9 Secure Subsystem

Security UML -10 Role Slice Diagram

Security UML -11 User Diagram

Security UML -12 Delegation Diagram

Security UML -13 MAC Extensions

Security UML -14 Enforcement Code Generation

Security UML -15 Functional Enforcement Code

Security UML -16 Functional Enforcement Code

Security UML -17 CSE 5810 Diagrams for Collaborative Security  Collaboration Workflow Slice Diagram  Extended Role Slice Diagram  Obligation Slice Diagram  Team Slice Diagram

Security UML -18 Collaboration Workflow Slice Diagram

Security UML -19 Extended Role Slice Diagram

Security UML -20 Obligation Slice Diagram

Security UML -21 Team Slice Diagram

Security UML -22 Collaborative Enforcement Generation

Security UML -23 Collaborative Enforcement Code

Security UML -24 Collaborative Enforcement Code

Security UML -25 CSE 5810 Diagrams for Information Security  XML Schema Segment  XML Schema Class Diagram  XSRD Role Slice Diagram

Security UML -26 XML Schema Segment

Security UML -27 XML Schema Class Diagram

Security UML -28 XSRD Role Slice Diagram

Security UML -29 XSRD Role Slice Diagram

Security UML -30 Information Enforcement Generation

Security UML -31 Mapping XRSD to XACML

Security UML -32 Three Segments of Code- Subject

Security UML -33 Three Segments of Code - Resource

Security UML -34 Three Segments of Code - Action

Security UML -35 Combined Code

Security UML -36 CSE 5810 More Detailed View of Policy Generation  XML Schema Class Diagram: Artifact that holds all the characteristics of an XML schema  Structure, Data Type, Value Constraints  Hierarchical nature of XML schemas is modeled  xs:complexType, xs:element, xs:sequence  UML Class with respective Stereotypes  Child Relations (xs:element, xs:sequence, xs:simpleType)  UML Subclass  xs:extension  Association between Classes  Data-type Cardinality Requirements and Constraints; type  «constraint»; «type» stereotypes

Security UML -37 CSE 5810 XSCD of CCR Segment «complexType» StructuredProductType «element» Product «complexType» «sequence» «type» CodedDescriptionType «element» ProductName «type» CodedDescriptionType «constraint» minOccurs=0 «element» BrandName «element» Strength «constraint» minOccurs=0 «constraint» maxOccurs=-1 «extension» CCRCodedDataObjectType XSCD

Security UML -38 CSE 5810 XML Role Slice Diagram  Represents Access Control Definitions  With respect to XSCD Attributes  Fine Grained Control through  Security Policies and Definitions to the XSCD  Permissions on XML Documents  Read, Write, No Read, No Write  Represented in the XRSD with Stereotypes:  «read/write»  «read/nowrite»  «noread/write»  «noread/nowrite»

Security UML -39 CSE 5810 Example of XRSDs «XRSD» Physician «RoleDescription» «RoleRequirements» «read/write» «element» Product «read/write» «element» ProductName «read/write» «element» BrandName «read/write» «element» Strength «read/write» «element» StrengthSequencePosition «read/write» «element» VariableStrengthModifier «XRSD» Nurse «RoleDescription» «RoleRequirements» «read/nowrite» «element» Product «read/nowrite» «element» ProductName «read/nowrite» «element» BrandName «read/nowrite» «element» Strength «read/nowrite» «element» StrengthSequencePosition «read/nowrite» «element» VariableStrengthModifier

Security UML -40 CSE 5810 What is XACML?  Aims to Define a Common Language and Processing Model  Permits a Level of Security Interoperability  XACML schema Provides Several Structures and Elements to Represent Policies  PolicySet, Policy, Rule  PolicySets and Rules Combined by Policy/Rule Combination Algorithm  Permit-overrides  Deny-overrides  First-applicable  Only-one-applicable

Security UML -41 CSE 5810 XACML General Structure PolicySet Policy Rule Subject Action Resource Rule Combination Algorithm Policy Combination Algorithm

Security UML -42 CSE 5810 Mapping to a Security Policy (XACML)  Policies’ Language Structure and Processing Model  PolicySet, Policy, Rule  Policy and Rule Combination Done with Normative Algorithms  Deny-overrides, permit-overrides, first-applicable, only-one-applicable  Use Deny-overrides as Combination Algorithm for Enforcement  If the Evaluation of One Rule Results in Deny, the Policy Evaluation is Deny  Mapping Process Divided in 3 Sub-Mappings  Role, Element and Permission

Security UML -43 CSE 5810 Mapped Policy Role Mapping Permission Mapping

Security UML -44 CSE 5810 Mapped Policy Element Mapping

Security UML -45 CSE 5810 Enforcement in a Security Architecture   The architecture has a number of components:  Policy Enforcement Point (PEP)  Allows a request to be made on a resource  Policy Decision Point (PDP)  Evaluates the request and provides a response according to the policies in place  Policy Administration Point (PAP)  Utilized to write and manage policies  Policy Information Point (PIP)  Arbitrate very fine grained security issues

Security UML -46 CSE 5810 Enforcement in a Security Architecture Physician Nurse XRSDs XACML Policy Mapping XACML Policy – Schema 1 XACML Policy – Schema 2 Policy Retrieval Point (PRP) PAP PDP PEP PIP XACML Architecture

Security UML -47 Overall Secure SWE Process

Security UML -48 CSE 5810 Overall View – Initial Design (1)Main Security Design of the Application (2a,b) Initial Functional Security and Collaboration Design (2a,b.1) Define Functional Security and Collaboration Use Cases (2a,b.2) Define Secure SubSystem + Collaboration Capable Subsystem (2c) Initial Information Security Design (2c.1) Define XML Schema Class Diagram (2c.2) Define Information Security Requirements

Security UML -49 CSE 5810 Overall View – Functional Security (3a) Functional Security Design Define Security Features Group Users into Roles Separation of Duty, Delegation Authority Select MAC Features [NEEDS MAC] Security Refinement Process [DONE] [NOT DONE]

Security UML -50 CSE 5810 Overall View – Collaborative Security Create Collaboration Workflow Name Create Collaboration Step/Workflow Security Refinement Process Collaboration Team Collaboration Obligation (3b) Collaboration Security Design [DONE] [NOT DONE]

Security UML -51 CSE 5810 Overall View – Information Security Define set of Roles with Information Access Determine Permissions of Roles to Information Create XML Role Slice Diagrams for each Role (3c) Information Security Design Security Refinement Process [DONE] [NOT DONE]

Security UML -52 CSE 5810 Overall View – Refinement and Mappings Generated Functional, Collaborative & Information Secure System (4) Refinement of Functional, COD/AWF and Information Security Design (5) Combine Three Facets and Transition into Final Design (6) Mapping to Enforcement Code and XACML Policies

Security UML -53 CSE 5810 A Second Example – Crash Report System   Crash report system (CRS) big data application to collect information on accidents   Cars involved, people involved, location, specifics of actual accident, etc.)   Based on an actual crash report system in Connecticut that has data from over 20 years that has been a  Joint effort by faculty in the Civil & Environmental Engineering and Computer Science & Engineering faculty  Under the supervision of the State of Connecticut Department of Transportation.

Security UML -54 CSE 5810 A Second Example – Crash Report System   CRS serves as a means for researchers to collaboratively analyze the data for future crash prevention and other operational purposes.   The example presented excerpted from the Model Minimum Uniform Crash Criteria Guide (MMUCC)  An XML standard for data to be collected on traffic crashes to be stored in CRS.  d.pdf   safety-research-center/ and safety-research-center/

Security UML -55 Secure Subsystem

Security UML -56 CSE 5810 CRS Roles  Passenger and Researcher  Police Office  Local  State  Federal  Each Utilizes Different Portions of Secure Subsystem

Security UML -57 Role Slice Diagram

Security UML -58 SoD Diagram

Security UML -59 Collaboration Workflow Slice Diagram

Security UML -60 Extended Role Slice Diagram

Security UML -61 Obligation Slice Diagram

Security UML -62 Team Slice Diagram

Security UML -63 RBAC for CRS

Security UML -64 RBAC for CRS – Info Based

Security UML -65 RBAC for CRS – Info Based

Security UML -66 XML Role Slice Diagram – Info Based

Security UML -67 XML Role Slice Diagram

UnifiedSec-68 CSE 5810 Concluding Remarks  Security is Part of an Overall Security Strategy  Definition of Security Requirements  Realization of Security at Application Level  Integration of Security from User to OS to DB  Rigorous Definition of Security Policy  Dynamic Nature of Security Privileges  Enforcement of Defined Privileges at Application and DB Levels  Overall, Security in Today’s World Integral Part of Everyday Life - Some Key Concerns  Confidentiality of an Individuals Data  Identity Theft  Protecting National Infrastructure

Security UML -69 CSE 5810 Other areas of interest for info security  Modeling of other access control models  Lattice Based Access Control (LBAC)  Attribute Based Access Control (ABAC)  Collaboration and adaptive workflows from the perspective of information security  Documents that are utilized by multiple roles/individuals at the same time  Hierarchically structured data with no validation agents  Specialized XML  JSON and JSON-LD  RDF  OWL

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.