A Component Security Infrastructure

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.
Security Management.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Chapter 10: Authentication Guide to Computer Network Security.
Protection.
Common Devices Used In Computer Networks
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
Secure Credential Manager Claes Nilsson - Sony Ericsson
Digital Signatures A Brief Overview by Tim Sigmon April, 2001.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.
Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.
Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
Jini Architecture Introduction System Overview An Example.
Jini Architectural Overview Li Ping
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Secure Operating Systems Lesson F: Capability Based Systems.
Chapter 20 Concepts for Object-Oriented Databases Copyright © 2004 Pearson Education, Inc.
Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 2: The Linux System Part 2.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.
FCS A Component Security Infrastructure Y. David Liu Scott Smith
Key management issues in PGP
Chapter 5 Network Security Protocols in Practice Part I
Chapter 9. Key management
PROTECTION.
File System Implementation
Chapter 14: Protection Modified by Dr. Neerja Mhaskar for CS 3SH3.
Chapter 14: System Protection
Cryptography and Network Security
Software Testing and Maintenance 1
Software Design and Architecture
Distribution and components
THE STEPS TO MANAGE THE GRID
CHAPTER 3 Architectures for Distributed Systems
Virtual LANs.
Chapter 2: The Linux System Part 2
Chapter 14: Protection.
APNIC Trial of Certification of IP Addresses and ASes
Outline Midterm results summary Distributed file systems – continued
ELECTRONIC MAIL SECURITY
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 4: Planning and Configuring Routing and Switching.
ELECTRONIC MAIL SECURITY
Modular Internet Programming with Cells
Digital Certificates and X.509
Service Oriented Architecture (SOA)
Chapter 14: Protection.
MUMT611: Music Information Acquisition, Preservation, and Retrieval
Introduction to Network Security
DATABASES WHAT IS A DATABASE?
Chinese wall model in the internet Environment
Design Yaodong Bi.
The devil is in the details
Presentation transcript:

A Component Security Infrastructure Y. David Liu Scott Smith http://www.jcells.org 5/15/2019 Cells @ FCS 2002

Motivation Secure software systems at the component level Build software systems using components SDSI/SPKI Cells Secure software systems at the component level 5/15/2019 Cells @ FCS 2002

Goals for a Component Security Infrastructure Simplicity Complex protocols will be misused Generality Applicable across a wide range of domains Interoperability Security policies shared between components, others Extensibility Evolves as component architecture evolves 5/15/2019 Cells @ FCS 2002

Background: Cells A new distributed component programming language [Rinat and Smith, ECOOP2002] Header Body Header Body Cell A Cell B plugout Service = Connector = plugin 5/15/2019 Cells @ FCS 2002

Background: SDSI/SPKI Basis of our security infrastructure Features Principal with public/private key pair Decentralized name service Extended names, name certificate Group membership certificate Access control Principal with ACL Delegation model: authorization/revocation certificate 5/15/2019 Cells @ FCS 2002

Principles of Component Security Each component should be a principal Traditional principals: users, locations, protection domains, … New idea: Components as principals Components are known to outsiders by their public key Components each have their own secured namespace for addressing other components Components may be private 5/15/2019 Cells @ FCS 2002

Cell Identifiers: CID CID = the public key in the key pair generated by public key cryptosystem CID is a secured cell identity Universally unique No two cells share the same CID Outgoing messages signed by CID-1 and verified by CID 5/15/2019 Cells @ FCS 2002

CVM Identity With President Cells: CellA CID: 1..1 CellB CID: 5..5 CVM President Cell CID: 7..7 CVM With President Cells: Universe is homogeneously composed of cells Locations are also principals Locations are represented by cells and each cell is a principal Unique CVM identity via its President 5/15/2019 Cells @ FCS 2002

Cell Header Security Information CID CID-1 NLT SPT CertSTORE Identity/Key Naming Lookup Table Security Policy Table Certificate Store (Delegation) 5/15/2019 Cells @ FCS 2002

Cell Reference Unifies many notions in one concept: Cell CID CVM CID A locator of cells A capability to a cell No cell reference, no access A programming language construct: reference Corresponds to a SDSI/SPKI principal certificate Cell CID CVM CID Network Location 5/15/2019 Cells @ FCS 2002

Name Services CIDs vs. Names Our name service is based on SDSI/SPKI CIDs serve as universal identifiers, but names are still necessary Extended name mechanism enables a cell to refer to another cell even if its CID is unknown Our name service is based on SDSI/SPKI Improvements: Fewer certificates needed due to on-line nature More expressive lookup algorithm 5/15/2019 Cells @ FCS 2002

SDSI/SPKI Extended Names Bob’s Andy? Local Name Certificate Andy ID : 2..9 LOC : sdsi://starwars.com ID 7..1 ID 1..3 Local Name Certificate Bob ID : 1..3 LOC : sdsi://cs.jhu.edu ID 2..9 5/15/2019 Cells @ FCS 2002

SDSI/SPKI Groups Andy Bob Local Name Certificate Friend ID 7..1 Local Name Certificate Andy ID : 2..9 LOC : sdsi://starwars.com Local Name Certificate ID 1..3 Bob ID : 1..3 LOC : sdsi://cs.jhu.edu Group Membership Certificate ID 2..9 Friend {Bob, Bob’s Andy} 5/15/2019 Cells @ FCS 2002

Cell Naming Lookup Table Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com CID 7..1 CID: 9..5 cell://home.org CID 1..3 Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 2..9 CID: 4..7 cell://cs.jhu.edu CID: 5..5 cell://starwars.com Friend {Bob, Bob’s Andy} 5/15/2019 Cells @ FCS 2002

Cell Naming Lookup Table Online nature makes local name certificates unnecessary, unlike SDSI/SPKI More suited for mobility Maintained by naming lookup interface, a concept closer to programming languages Naming entries can be effectively secured by using hooks Compatible with SDSI/SPKI 5/15/2019 Cells @ FCS 2002

Name Lookup Process Andy Bob’s Andy? Bob CID : 2..9 CVM :5..5 LOC : cell://starwars.com Bob’s Andy? CID 7..1 CID 1..3 Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 2..9 5/15/2019 Cells @ FCS 2002

A More Expressive Algorithm Anthony CID : 9..9 CVM :4..7 LOC : cell://cs.jhu.edu Tony? CID 1..3 CID 2..9 CID 9..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com Tony Andy’s Anthony 5/15/2019 Cells @ FCS 2002

Cycles Alice Anthony Tony’s Bob? Andy Tony CID : 1..3 CVM :5..7 LOC : cell://cs.jhu.edu Tony’s Bob? CID 1..3 Anthony Alice’s Tony CID 2..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com CID 9..9 Tony Andy’s Anthony 5/15/2019 Cells @ FCS 2002

Cycle Detection Sketch A cycle exists Same local name expansion entry encountered twice Solution: Keep track of the path Raise an exception if the same name encountered twice 5/15/2019 Cells @ FCS 2002

Security Policy Each cell holds a security policy table, SPT. Each policy is a 5-tuple. subject resource access right hook deleg bit owner unit Bob thiscell connector1 connect NULL Group1 service1 invoke 1 Alice Tim h 5/15/2019 Cells @ FCS 2002

Subjects, Resources, Access Rights Cells and a group of cells Local names, extended names, cell references Resources Services, connectors, operations Partial order relations among them Access rights Connect and invoke Application level protection: meaningful services and meaningful connections. 5/15/2019 Cells @ FCS 2002

Hooks Designed for fine-grained access control Protect a naming lookup entry: lookup(“Tony”) Protect a specific file: read(“abc.txt”) Associated with operations Operation parameters verified via a predicate Predicate checked when the associated operation is triggered Example: Hooklookup(arg1) = { arg1=“Tony” } Skippable 5/15/2019 Cells @ FCS 2002

SDSI/SPKI Delegation “Access Granted” AuthC1 AuthC1 AuthC3 AuthC1 1..1 AuthC3 AuthC1 “Access Granted” ID 3..3 AuthC1 AuthC3 AuthC1 ID 5..5 5/15/2019 Cells @ FCS 2002

Cell Delegation Implements SDSI/SPKI delegation Each cell holds all certificates (both delegation and revocation) in a certificate store. Security policy table supports delegation The owner of the resource might not be thiscell The delegation bit indicating whether certificates can be further delegated Certificates are implicitly passed for delegation chain detection No need for manual user intervention Modified to say “certs passed” rather then the whole store being passed. 5/15/2019 Cells @ FCS 2002

Goals Revisited Simplicity Generality Interoperability Extensibility No complex algorithms/data structures Clearly defined principals and resources Generality Not just cells, but components in general Not limited to certain applications Interoperability Built on SDSI/SPKI standard Communicate with any infrastructure that supports SDSI/SPKI Extensibility Consideration for future additions: mobility, etc 5/15/2019 Cells @ FCS 2002

Future Work Security for Mobile Components Cells can migrate Mobile devices, PDAs Hierarchical Security Policy Interoperability 5/15/2019 Cells @ FCS 2002

jcells.org 5/15/2019 Cells @ FCS 2002

Dynamic Component Components are named, addressable entities, running at a particular location. Components have interfaces which can be invoked. Components may be distributed across the network 5/15/2019 Cells @ FCS 2002

Summary Security infrastructure in a component programming language Cell identity and CVM identity (president cell) Naming lookup table/interface More expressive lookup algorithm and cycle detection Fine-grained access control Unification of security artifacts and programming language ones Formalization of SDSI/SPKI API from programming language perspective 5/15/2019 Cells @ FCS 2002

Traditional Security Model allow request from alice.jhu.edu Comp1 Resource alice bob jhu.edu Comp2 5/15/2019 Cells @ FCS 2002

…Fails for Mobile Devices allow request from alice.jhu.edu Comp1 Resource alice Comp2 bob jhu.edu hotel.com 5/15/2019 Cells @ FCS 2002

Cell Security Infrastructure allow request from CVM with CID 3333333 Cell1 (CID: 7654321) ResourceCVM CID: 1111111 Cell2 (CID: 1234567) jhu.edu aliceCVM CID: 3333333 bobCVM CID: 5555555 5/15/2019 Cells @ FCS 2002

…Adapts Well with Mobile Devices allow request from CVM with CID 3333333 Cell1 (CID: 7654321) ResourceCVM CID: 1111111 Cell2 (CID: 1234567) jhu.edu bobCVM CID: 5555555 aliceCVM CID: 3333333 hotel.com 5/15/2019 Cells @ FCS 2002

Extended Name An extended name is a sequence of local names [n1, n2, …, nk], where each ni+1 is a local name defined in the name space of the cell ni. 5/15/2019 Cells @ FCS 2002

Example: Traditional Security Model allow request from alice.jhu.edu Comp1 Resource alice bob jhu.edu Comp2 5/15/2019 Cells @ FCS 2002

…Fails in Cell Migration allow request from alice.jhu.edu Comp1 Resource Comp2 alice bob jhu.edu 5/15/2019 Cells @ FCS 2002

Example: Cell Security Infrastructure allow request from cell with CID 1234567 Cell1 (CID: 7654321) Resource Cell2 (CID: 1234567) alice bob jhu.edu 5/15/2019 Cells @ FCS 2002

…Adapts Well in Cell Migration allow request from cell with CID 1234567 Cell1 (CID: 7654321) Resource Cell2 (CID: 1234567) alice bob jhu.edu 5/15/2019 Cells @ FCS 2002

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.