RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University

Slides:



Advertisements
Similar presentations
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Advertisements

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
Access Control Chapter 3 Part 3 Pages 209 to 227.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.
JXTA P2P Platform Denny Chen Dai CMPT 771, Spring 08.
6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Distributed Computing in Kepler Ilkay Altintas Lead, Scientific Workflow Automation Technologies.
Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p Framework Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p.
Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)
1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Connecting To A Remote Computer Via ‘Remote Desktop Web Connection’ Compatible With ‘Most Any’ Computer.
Working with Workgroups and Domains
P EER - TO -P EER N ETWORKS Michael Fine 1. W HAT ARE P EER -T O -P EER N ETWORKS ? Napster Social networking spawned from this concept. Emerged in the.
Computer Network By Tahir Saad. Introduction to computer networking Content : The definitions of networking Use of network Network classification.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Cli/Serv.: JXTA/151 Client/Server Distributed Systems v Objective –explain JXTA, a support environment for P2P services and applications ,
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 06 Peer-to-Peer VS Client-Server.
1 A P2P Collaborative System Using JXTA Hosei Graduation School ITPC 02R3315 Katsuhiro CHIBA.
Vulnerabilities in peer to peer communications Web Security Sravan Kunnuri.
SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.
Bit Torrent A good or a bad?. Common methods of transferring files in the internet: Client-Server Model Peer-to-Peer Network.
Csi315csi315 Client/Server Models. Client/Server Environment LAN or WAN Server Data Berson, Fig 1.4, p.8 clients network.
Software Architectural Styles Andrew Midwinter, Mark Mullen, Kevin Wong, Matt Jones 1.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.
A Distributive Server Alberto Pareja-Lecaros. Introduction Uses of distributive computing - High powered applications - Ever-expanding server so there’s.
Client Server Network Model:
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
CS795.Net Impersonation… why & How? Presented by: Vijay Reddy Mara.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Linux Security. Authors:- Advanced Linux Programming by Mark Mitchell, Jeffrey Oldham, and Alex Samuel, of CodeSourcery LLC published by New Riders Publishing.
1 Peer-to-Peer Technologies Seminar by: Kunal Goswami (05IT6006) School of Information Technology Guided by: Prof. C.R.Mandal, School of Information Technology.
Architecture Models. Readings r Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 m Note: All figures from this book.
Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.
Lecture 18 Page 1 CS 111 Online OS Use of Access Control Operating systems often use both ACLs and capabilities – Sometimes for the same resource E.g.,
Security Patterns for Web Services 02/03/05 Nelly A. Delessy.
Communications & Networks National 4 & 5 Computing Science.
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Security-Enhanced Linux Eric Harney CPSC 481. What is SELinux? ● Developed by NSA – Released in 2000 ● Adds additional security capabilities to Linux.
Computer Security: Principles and Practice
AFS/OSD Project R.Belloni, L.Giammarino, A.Maslennikov, G.Palumbo, H.Reuter, R.Toebbicke.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
CLIENT SERVER COMPUTING. We have 2 types of n/w architectures – client server and peer to peer. In P2P, each system has equal capabilities and responsibilities.
SOAP, Web Service, WSDL Week 14 Web site:
Distributed Systems Architectures. Topics covered l Client-server architectures l Distributed object architectures l Inter-organisational computing.
Database and Cloud Security
Access Control Model SAM-5.
Motivation, Terminology, Layered systems (and other random stuff)
Building Distributed Educational Applications using P2P
Designing and Installing a Network
Network Configurations
CompTIA Security+ Study Guide (SY0-401)
Distributed System Concepts and Architectures
Comparison of LAN, MAN, WAN
Requirements and Approach
Created By : Asst. Prof. Ashish Shah, J. M
Preventing Privilege Escalation
Requirements and Approach
Hyperledger Fabric 소개 및 튜토리얼
Presentation transcript:

RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University Amit Mathur Symantec Corporation Suneuy Kim Dept. of Computer Science San Jose State University

RBAC and JXTA 2 Game Plan  Role based access control (RBAC)  Peer-to-peer (P2P) and JXTA  RBAC for a P2P network (in JXTA)  Secure?

RBAC and JXTA 3 What is Access Control?  Authentication o Who goes there?  Authorization/Access control o Are you allowed to do that? o User already has access to system o Restrictions placed on user  For example, “rwx” in Unix o Usually enforced by the operating system

RBAC and JXTA 4 What is RBAC?  In RBAC o Access determined by specified roles o Users assigned to roles  Good when user base changes o Roles are relatively stable  RBAC eases administrative burden o Main advantage of RBAC

RBAC and JXTA 5 RBAC  RBAC compatible with OO techniques o Access to resource  access to object method o Role  interface, where interface is set of methods that provide capability  RBAC provides separation of duties o Least privilege, etc.  Many applications have clear roles

RBAC and JXTA 6 What is P2P?  In contrast to client-server  P2P peers can act as clients and servers o Peers directly exchange data o Highly scalable o Different ways for peers to discover the data  Access control in P2P? o No “operating system” o No central authority to enforce access control o This could be a problem…

RBAC and JXTA 7 What is JXTA?  JXTA (short for “Juxtapose”) is open source P2P standard proposed by Sun o Takes care of the P2P “plumbing”  Usable, but has not really caught on (yet?)

RBAC and JXTA 8 RBAC for P2P?  How can that be?  No central authority!  Consider content distribution problem o Producer --- create digital content o Distributor --- gets content from producer to sell to consumer o Consumer --- purchase content  Seems like a sensible P2P application o And three obvious roles

RBAC and JXTA 9 JXTA Implementation  We implemented a generic RBAC system  Access to resource == access to a (remote) method via a “peer pipe”  Use XML files to configure peers  Every peer can o Request method execution on remote peer or locally (client) o Provide access to its methods (server)

RBAC and JXTA 10 JXTA Implementation  All peers have same role definition files at start  Each peer in one role at a time  A peer cannot change roles o Not as bad as it sounds  Peers must agree on role config and peer-to-role mapping

RBAC and JXTA 11 JXTA Implementation  Peers start and each is given a name  Initialize each peer using XML files o Peer-to-role mapping and role definitions  Suppose Peer 1 makes request of Peer 2 o Peer 1 sends its XML files to Peer 2 o Peer 2 checks that its XML files agree o Peer 2 verifies Peer 1’s role and its own role  If all is OK, Peer 2 executes requested method and returns result to Peer 1

RBAC and JXTA 12 JXTA Implementation  For any specific application… o Developer must define application-specific methods o But no need to deal with RBAC issues  Attacks? o Peer 1 lies about its role to Peer 2  Requires cooperation of Peer 1 and Peer 2 o Peer 1 lies to itself  Cannot prevent a peer from “attacking” itself

RBAC and JXTA 13 Bottom Line  RBAC in P2P network o Seems to make sense o Simple but useful approach o Implemented in JXTA o Developer only needs to develop application- specific code (not RBAC)  As secure as could be expected o Given inherent limitations of P2P environment

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.