Security and Trust By Troy Lee. Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural.

Slides:



Advertisements
Similar presentations
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Advertisements

PACE: An Architectural Style for Trust Management in Decentralized Applications Girish Suryanarayana Justin Erenkrantz Scott Hendrickson.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.
Chapter 1 – Introduction
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
1 Clark Wilson Implementation Shilpa Venkataramana.
Applied Cryptography for Network Security
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
Review security basic concepts IT 352 : Lecture 2- part1 Najwa AlGhamdi, MSc – 2012 /1433.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security Chapter 1
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings.
Introduction (Based on Lecture slides by J. H. Wang)
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Network Security Essentials Chapter 1
Network Security Essentials Chapter 1 Fourth Edition by William Stallings (Based on Lecture slides by Lawrie Brown)
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.
Computer Security: Principles and Practice
Security and Trust Security is one of the “non-functional” properties of the system (or is it really all non-functional? ). While security may be added.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
By Swetha Namburi.  Trust  Trust Model ◦ Reputation-based Systems ◦ Architectural Approach to Decentralized Trust Management.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
NETWORK SECURITY. TextBook William Stallings, Cryptography and Network Security: Principles and Practice, ? Edition.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
CSCI 578 Software Architectures Exam #2 Review. Materials you are responsible for Chapters 9-17 in the text book –Also Chapter 8 on Architectural Analysis.
T.A 2013/2014. Wake Up Call! Malware hijacks your , sends death threats. Found in Japan (Oct 2012) Standford University Recent Network Hack May Cost.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Designing for NFPs Infosys, Mysore December 21, 2009.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors in Practice Software Architecture.
June 1, 2004Computer Security: Art and Science © Matt Bishop Slide #13-1 Chapter 13: Design Principles Overview Principles –Least Privilege –Fail-Safe.
1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.
Lecture1.1(Chapter 1) Prepared by Dr. Lamiaa M. Elshenawy 1.
6.033 Quiz3 Review Spring How can we achieve security? Authenticate agent’s identity Verify the integrity of the request Check the agent’s authorization.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture.
Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.
Security Principles.
CS457 Introduction to Information Security Systems
Securing Network Servers
Computer and Network Security
Chapter 1: Introduction
Understanding Security Layers
Software Architecture
How to Mitigate the Consequences What are the Countermeasures?
Software Connectors.
Protection and Security
Software Architecture Lecture 7
Software Architecture Lecture 7
Software Architecture Lecture 7
Definition Of Computer Security
Software Architecture Lecture 6
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Security and Trust By Troy Lee

Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural Access Control Distributed Security Protection Against Piracy Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

Computer Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” – National Institute of Standards and Technology

3 Main Aspects Confidentiality (aka Secrecy) Integrity Availability

Confidentiality Preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information

Cryptography Equations Cipher = Encryption Function(Encryption_Key, ClearText) ClearText = Decryption Function(Decryption_Key, Cipher) 2 Forms Shared-Key Cryptography Public-Key Cryptography Best Practices Evaluate Performance, Architecture, and Security Requirements Choose a Suitable Public Algorithm Use Frequently Changing Keys as the Primary Secrecy Mechanism

Integrity Only authorized parties can manipulate the information and do so only in authorized ways

Availability Accessible by authorized parties on all appropriate occasions

Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability Defense in Depth

Architectural Access Control Access Control Models Connector-Centric Architectural Access Control

Access Control Models Classic Discretionary Access Control Role-Based Access Control Mandatory Access Control

Connector-Centric Architectural Access Control Basic Concepts Central Role of Architectural Connectors Algorithm to Check Architectural Access Control Integrating Security in ASTER

Basic Concepts Subject Principal Resource Permission Privilege Safeguard

Central Role of Architectural Connectors Components Connectors Secure Architecture Description Language

Secure xADL

Algorithm to Check Architectural Access Control

Secure Cooperation

Firefox

Integrating Security in ASTER

Distributed Security

Protection Against Piracy Goals Raise Cost of Breaking Protection Mechanism Increase Probability of Being Caught Discourage Attempts at Piracy Technologies Hardware and Software Tokens Water Marking Code Partitioning

Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

Trust “A particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action” – Diego Gambetta

Trust Model Describes the trust information that is used to establish trust relationships, how that trust information is obtained, how that trust information is combined to determine trustworthiness, and how that trust information is modified in response to personal and reported experiences

Reputation-Based Systems Types Decentralized Centralized Examples Ebay XREP

Phase 1 – Resource Searching Phase 2 – Resource Selection and Vote Polling Phase 3 – Vote Evaluation Phase 4 – Best Servent Check Phase 5 – Resource Downloading

Phase 1

Phase 2

Phase 3

Phase 4

Phase 5

Architectural Approach to Decentralized Trust Management Threats Measures to Address Threats Guidelines to Incorporate into an Architectural Style Resultant Architectural Style PACE Architectural Style PACE-Based Trust-Enabled Decentralized File-Sharing App

Threats Impersonation Fraudulent Actions Misrepresentation Collusion Denial of Service Addition of Unknowns Deciding Whom to Trust Out-of-Band Knowledge

Measures to Address Threats Use of Authentication Separation of Internal Beliefs and Externally Reported Information Making Trust Relationships Explicit Comparable Trust

Guidelines to Incorporate into an Architectural Style Digital Identities Separation of Internal and External Data Making Trust Visible Expression of Trust

Resultant Architectural Style Functional Units Communication Information Trust Application

PACE Architectural Style

PACE-Based Trust-Enabled Decentralized File-Sharing App

Summary Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural Access Control Protection Against Piracy Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

References Bidan, C., and V. Issarny. Security Benefits from Software Architecture. Web. 7 Apr Devanbu, Premkumar T., and Stuart Stubblebine. Software Engineering for Security: A Roadmap Web. 7 Apr Nagaratnam, Nataraj, Philippe Janson, John Dayka, Anthony Nadalin, Frank Siebenlist, Von Welch, Ian Foster, and Steve Tuecke. The Security Architecture for Open Grid Services. 17 July Web. 7 Apr Taylor, Richard N., Nenad Medvidovic, and Eric M. Dashofy. Software Architecture: Foundations, Theory, and Practice. Hoboken, NJ: Wiley, Print.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.