Computer Science Topical Paper Presentation #15 Zach Sloger The Secure Blackboard Pattern S e c u r e B l a c k b o a r d P a t t e r n – P a g e 1 By Jorge L. Ortega-Arjona And Eduardo B. Fernandez
The Problem How to address the handling of shared resources by multiple entities while maintaining the security of the shared resource. The Secure Blackboard pattern offers an enhanced version of the Shared Resource pattern with the addition of security features. S e c u r e B l a c k b o a r d P a t t e r n – P a g e 2 Similar to the use of semaphores and mutexes in systems programming, resources need to be protected not only from corruption and integrity challenges, but also from unauthorized or unprivileged access. For example, other students shouldn’t be able to access your COUGARNET account, but System Administrators would need access in certain situations (i.e. “I forgot my password.”)
The Secure Blackboard Pattern The Knowledge Source sends requests to the Control to perform an operation on the Blackboard. The Control handles these requests by first authenticating them using the Authenticator and Reference Monitor. S e c u r e B l a c k b o a r d P a t t e r n – P a g e 3 The Control performs these operations (read, update, etc.) in accordance with their Role and records the activity using the Secure Logger.
Real-World Application – Punch clock system The various staff (managers, employees, system admins) make requests via a Terminal or Workstation to read or update the Clock Database. Each staff member is allowed access to certain operations determined by their assigned Role (user, manager, or system admin). S e c u r e B l a c k b o a r d P a t t e r n – P a g e 4 The Control class handles these requests which first have to be authenticated and verified and finally logged.
S e c u r e B l a c k b o a r d P a t t e r n – P a g e 5 Real-World Application – Punch clock system Advantages No staff member is allowed to access the clock database without first going through the control class via a workstation or terminal. This means that every request made to access or update the clock must be authenticated and verified before it is performed. The clock database is kept secure by the introduction of roles. For example an employee cannot alter the time punches, only punch in and punch out, but a manager can make edits to the database. New role types can be added dynamically. For instance, a payroll type that can only read the database and not make updates.
Pattern Analysis The Secure Blackboard Pattern becomes invaluable as networked computing environments continue to rise. With the advent of distributed computing, cloud computing, and the increase of reliance on databases the need for data security and the means for determining different access privileges is crucial. S e c u r e B l a c k b o a r d P a t t e r n – P a g e 6 The Secure Blackboard pattern provides a repeatable solution for a shared resource that can be accessed by multiple entities whom can be added dynamically with varying levels of access as determined by their roles.