Secure Systems Research Group - FAU Secure Pipes & Filters Pattern.

Slides:

Advertisements

Similar presentations

Advertisements

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.

Broker Pattern Pattern-Oriented Software Architecture (POSA 1)

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

December 9, 2001Architectural Design, ECEN Architecture – Layers, in particular ECEN 5543 / CSCI 5548 SW Eng of Standalone Programs University of.

University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Secure Operating System Architectures Patterns

SS ZG653Second Semester, Topic Architectural Patterns Pipe and Filter.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Component-Based Software Engineering (CBSE)

Design Patterns Trends and Case Study John Hurst June 2005.

Secure Systems Research Group - FAU Security Patterns for Operating Systems by Ed Fernandez and Tami Sorgente.

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

BOB Tech Demo 2003 G2E – Las Vegas. Agenda  Best of Breed – a layering of standards  Standards, messaging, protocols and why you care  From the bottom.

Secure Systems Research Group - FAU A Pattern for A Sensor Node 11/12/2009 Anupama Sahu.

An Introduction to Software Architecture

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.

Model-View-Controller Ku-Yaw Chang Assistant Professor, Department of Computer Science and Information Engineering Da-Yeh University.

SOFTWARE DESIGN AND ARCHITECTURE LECTURE 21. Review ANALYSIS PHASE (OBJECT ORIENTED DESIGN) Functional Modeling – Use case Diagram Description.

SOFTWARE DESIGN AND ARCHITECTURE LECTURE 07. Review Architectural Representation – Using UML – Using ADL.

Patterns for Application Firewalls Eduardo B. Fernandez Nelly A. Delessy Gassant.

Secure Systems Research Group - FAU Using patterns to compare web services standards E. Fernandez and N. Delessy.

Requirements Artifacts Precursor to A & D. Objectives: Requirements Overview  Understand the basic Requirements concepts and how they affect Analysis.

COMPARISSON OF TECHNOLOGIES FOR CONNECTING BUSINESS PROCESSES AMONG ENTERPRISES Maja Pušnik, dr. Marjan Heričko.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava

MagicNET: Security System for Protection of Mobile Agents.

© Siemens AG, CT SE, Prashant Jain, October 15, 2001 C O R P O R A T E T E C H N O L O G Y OOPSLA 2001 Workshop Software & Engineering Architecture 1 A.

Pipes & Filters Architecture Pattern Source: Pattern-Oriented Software Architecture, Vol. 1, Buschmann, et al.

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Secure Systems Research Group - FAU A Trust Model for Web Services Ph.D Dissertation Progress Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.

Csci 490 / Engr 596 Special Topics / Special Projects Software Design and Scala Programming Spring Semester 2010 Lecture Notes.

Software Design and Architecture SEG3202 Nour El Kadri.

Secure Systems Research Group - FAU 1 A Trust Model for Web Services Ph.D Dissertation Progess Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.

Chapter 9 & 10 Database Planning, Design and Administration Database Application Lifecycle DBMS Selection Database Administration.

Csci 490 / Engr 596 Special Topics / Special Projects Software Design and Scala Programming Spring Semester 2010 Lecture Notes.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Secure Systems Research Group - FAU A Pattern for XML Signature Presented by Keiko Hashizume.

SOFTWARE DESIGN AND ARCHITECTURE LECTURE 31. Review Creational Design Patterns – Singleton Pattern – Builder Pattern.

Management System of Judicial Cases. Abstract The system A historical perspective A workflow Some figures The next steps 2.

Secure middleware patterns E.B.Fernandez. Middleware security Architectures have been studied and several patterns exist Security aspects have not been.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

Engr 691 Special Topics in Engineering Science Software Architecture Spring Semester 2004 Lecture Notes.

Context-based Access Control

Layers Architecture Pattern Source: Pattern-Oriented Software Architecture, Vol. 1, Buschmann, et al.

1 CS590L Distributed Component Architecture Yugi Lee STB #555 (816) * This presentation is prepared based.

Pertemuan 09 Architectural Patterns Mata kuliah: T0144 – Advanced Topics in Software Engineering Tahun: 2010.

What is BizTalk ?

Software Design and Architecture

V-Shaped SDLC Model Lecture-6.

Managers’ briefing: Why XBRL?

Digital Signatures Last Updated: Oct 14, 2017.

Enterprise Application Integration Styles

An Overview Rick Anderson Pat Demko

Security & .NET 12/1/2018.

An Introduction to Software Architecture

Presentation transcript:

Secure Systems Research Group - FAU Secure Pipes & Filters Pattern

Secure Systems Research Group - FAU Pre requisites Pipes & Filters: Provides a structure for system that process a stream of data RBAC: Assign rights to users according to their roles in an institution.

Secure Systems Research Group - FAU Intro The Secure Pipes and Filters pattern provides secure handling of data streams. Each processing step applies some data transformation or filtering. The rights to perform the filtering and the movement of data are controlled.

Secure Systems Research Group - FAU Example Law Firm

Secure Systems Research Group - FAU Context Processing data streams in different stages, with different levels of responsibility and rights, used to control who can perform data transformations.

Secure Systems Research Group - FAU Problem Different stages are needed before data reaches the final stage, this happens for several reasons: every component performs specialized functions over the data, the global architecture or hierarchical organization requires this flow and this approach makes the system more flexible. Every time the data reach a different stage, exclusive functions are applied. In the previous example the secretary can create the legal document, but privileges such as inserting legal advisory or signing the document are restricted to her level. In this kind of system, we may need the flexibility to reorder the steps of the process or change the processing steps. In the example above a new lawyer may be assigned to the case, but the responsibilities and privileges should remain intact.

Secure Systems Research Group - FAU Problem The design of the system has to consider the following forces: The information can go in either direction in the system. Filtering can be applied in each case. The system needs to assign privileges according to each stage of processing and roles involved. We might require using signatures or authentication between stages. The right to reconfigure the stages within the data flow must be controlled

Secure Systems Research Group - FAU Solution The Secure Pipes and filters pattern provides a secure way to divide the processing of data to different sequential stages or steps. The exchange of information between stages is secured. In the figure below we can observe one approach to add security, implementing RBAC.

Secure Systems Research Group - FAU Solution Class Diagram op1 op2 Filter i op1 op2 Right op1 Right op1 op2 op3 Filter j op1 op2 Right Pipeline i configure Right Authentication Information « role » Role2 « role » Role1 « role » Role4 check 1 1 Authentication Information check 1 1 « role » Role3

Secure Systems Research Group - FAU Dynamics Sequence Diagram :Subject :RefMonitor:Right :Filter i:Data Source:Data Sink data checkRights request_op1 decision request_op1 read op1 write

Secure Systems Research Group - FAU Example Resolved Class Diagram Document Creation Right read Right read write sign Right Pipeline i configure Right Authentication Information « role » Secretary « role » Assistant Lawyer « role » Principal Lawyer check 1 1 Authentication Information check 1 1 « role » Administrator Document Registration read write sign read addTemplate write read addTemplate write

Secure Systems Research Group - FAU Known Uses XML Pipeline Definition Language (XPL) Role-Based Trust-Management Markup Language (RTML) xoRBAC SeMoA

Secure Systems Research Group - FAU Consequences The use of this pattern yields to the following benefits: The system assigns privileges according to each stage of processing. The use of operations over the data, is now restricted with the implementation of either RBAC or Access Matrix models. The use of encryption between stages is possible, adding the possibilities of secure messages and digital signatures. The Administrator role controls the reconfiguration of stages. Applying this pattern imposes the following liabilities: The general performance of the system worsens due to the overhead of the security checks.

Secure Systems Research Group - FAU References [Bus96]F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, M. Stal. Pattern-Oriented Software Architecture: A System of Patterns, Volume 1, West Sussex, England: John Wiley & Sons, [Fer01a]E. B. Fernandez and R. Pan,“ A Pattern Language for security models”, Procs. of the 8th Annual Conference on Pattern Languages of Programs (PLoP 2001), September 2001, Allerton Park Monticello, Illinois, USA, Also available from: [Sch06]M. Schumacher, E.B.Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, West Sussex, England: John Wiley & Sons [Xpl] [Rtm] [Xor] [Sem]