Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Mobile Agents Mouse House Creative Technologies Mike OBrien.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
1 Secure Dynamic Reconfiguration of Scalable Systems with Mobile Agents Fabio Kon, Binny Gill, Manish Anand, Roy Campbell, and M. Dennis Mickunas
Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
DCS Architecture Bob Krzaczek. Key Design Requirement Distilled from the DCS Mission statement and the results of the Conceptual Design Review (June 1999):
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Distributed Service Architectures Yitao Duan 03/19/2002.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.
Li Xiong CS573 Data Privacy and Security Access Control.
Chapter 10: Authentication Guide to Computer Network Security.
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
70-411: Administering Windows Server 2012
第十四章 J2EE 入门 Introduction What is J2EE ?
1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
XML Registries Source: Java TM API for XML Registries Specification.
CSCE 201 Introduction to Information Security Fall 2010 Access Control.
Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.
Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.
Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
Module 3: Configuring File Access and Printers on Windows 7 Clients
Distributed Object Frameworks DCE and CORBA. Distributed Computing Environment (DCE) Architecture proposed by OSF Goal: to standardize an open UNIX envt.
CORBA Common Object Request Broker Architecture. Basic Architecture A distributed objects architecture. Logically, an object client makes method calls.
Presented By:- Sudipta Dhara Roll Table of Content Table of Content 1.Introduction 2.How it evolved 3.Need of Middleware 4.Middleware Basic 5.Categories.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
Jini Architectural Overview Li Ping
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
1 My Dream of Jini Fabio Kon Jalal Al-Muhtadi Roy Campbell M. Dennis Mickunas Department of Computer Science University of Illinois at.
Privilege Management Chapter 22.
Computer Security: Principles and Practice
GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.
1 Distributed Systems Distributed Object-Based Systems Chapter 10.
Protection & Security Greg Bilodeau CS 5204 October 13, 2009.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
Securing Web Applications Lesson 4B / Slide 1 of 34 J2EE Web Components Pre-assessment Questions 1. Identify the correct return type returned by the doStartTag()
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
EMI is partially funded by the European Commission under Grant Agreement RI Common Authentication Library Daniel Kouril, for the CaNL PT EGI CF.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CORBA Antonio Vasquez, John Shelton, Nidia, Ruben.
Basharat Institute of Higher Education
Secure Connected Infrastructure
Access Control Model SAM-5.
CORBA Alegria Baquero.
Module 8: Securing Network Traffic by Using IPSec and Certificates
CompTIA Security+ Study Guide (SY0-401)
Seraphim : A Security Architecture for Active Networks
Knowledge Byte In this section, you will learn about:
CORBA Alegria Baquero.
How to Mitigate the Consequences What are the Countermeasures?
Module 8: Securing Network Traffic by Using IPSec and Certificates
PLANNING A SECURE BASELINE INSTALLATION
Dynamic Exchange of Capabilities Between Mobile Agents
Access Control What’s New?
Presentation transcript:

Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer Science University of Illinois at Urbana-Champaign

Motivation Increasing connectivity and mobility Emerging software-intensive networks Software based protection at system level Acceptance of mobile agent technology Extensible and adaptable software architecture

Existing Solutions Firewall, VPN, Kerberos, SSL, SOCKS Limited support for fine-grained application specific security Hard to evolve, adapt and inter-operate No guard against grudging insiders Too complex and resource intensive for mobile clients

Our Approach Mobile security agents Secure bootstrapping process with minimal core security services Active capability providing application specific access control Interoperable security policies CORBA compliant security services and APIs

Achievement Security representation framework Security extensions to OMG IDL Minimal core security services Mobile collaborative testbed environment ‘Dynamic Security for Active Network’ Proof of Concept

Contents Overview of Cherubim Core Services Dynamic Policies Example Applications Demonstration Future Summary

Core Security Services Abstracts underlying cryptographic functionality Provides five basic functions –Encryption –Decryption –Signature –Signature Verification –Authentication

Core Implementation Based on Cryptix Package, a free implementation of the Java Cryptographic Architecture Authentication Protocol –2048 bit prime for Diffie-Hellman exchange –1024 bit DSA keys for signatures on key exchange and mobile classes –128 bit IDEA session keys

Authentication Client Server, signature g ab IDEA Session key IDEA Session key SHA-1 a b

Class Request Data Format Class Name TimeStamp (5 min) Sequence Number Destination Encrypted with IDEA Key Signature Packet Data Format

Class Response Data Format Class Name TimeStamp (5 min) Sequence Number Destination Encrypted with IDEA Key Signature Packet Data Format Class

Classloader Hierarchy Java core classes, Necessary Cryptix and Cherubim classes Jacorb classes, home application classes, Cherubim policy library Specific policies, remote application classes Primordial Classloader Jurassic Classloader CORBA Classloader

Dynamic Policies Framework –Primitives (sets, maps, mappings) –OS entities (devices, processes, users) –Interfaces with Security Policy Decision Function Underlying system –Policy classes Demo examples atop framework Active capabilities

Policy Classes DAC - Discretionary Access Control –Double DAC NDAC - Non... –DONDAC, Domain Oriented... –MAC formed from customized NDAC DSP Device Specific Policies –DANDAC, Device Aware...

Policy Framework OS DSPDACNDAC DANDAC DONDAC Interfaces Primitives DDAC

Policy Formulation for Demo Double Discretionary Access Control –Traditional Allowed Lists –Disallowed Lists –Policies that are functions of underlying mechanisms like time Corba monitoring and authorization for each RMI

Role-Base Access Control Separation of duties –Invocation of mutually exclusive roles for a task to increase security Least privilege –Assign only needed role/right to users Simplified authorization management –Independent mappings: role-permission, user- role, and role-role relationships –Suitable for dynamic mobile environment

Role Management Hierarchical roles –Simple, clear role management Object classes –Classify objects based on access type Roles to manage roles –Administrative roles Net effect of a configuration: open question

Environment System defines role permissions –Can dynamically define new role, or modify permissions, though should do so infrequently User-role binding by password/certificate –User can dynamically attain role –Can attain multiple non-exclusive roles

Current Implementation Two ids in policy framework: user and role –Access control entry can be for either user, role, or both Grant access if no conflict –Check ACL for both user and role One user can have multiple roles –Must be non-exclusive –Grant access if access control returns yes for user and one role

Architecture CORBA compliant security services Security enhanced IDL Agent-based dynamic security framework

CORBA Security Services OMG’s general security model OMG’s Security Service Interface Extensions defining binding between security policies and applications Principals, Roles, Privilege Attributes, Credentials, Active Capabilities Security Domain defines scope of policy and security authority

Object Access in Cherubim Active Capability/Certificates Network Transport Dynamic Policies BOA Security Mechanisms Application Client Orb Stub Active Capability/Certificates Application Server

Active Capability Smart packet containing certificate Signed policy code External mechanisms, framework interfaces –Time –Encryption –System/Device state

Security Enhanced IDL Interface definition extended to specify –enforced by, …, Declarations of variables, methods, and parameters extended to specify mechanisms: –authenticated, authorized, encrypted, audited, non-repudiated,

Demonstration Secure Bootstrap from ‘Smart Card’ Process Management System example Double Discretionary Access Control –2 hosts (system objects) –2 users –8 process management operations –Allowed and denied lists for various accesses CORBA monitoring and authentication for method invocations

Bootstrap from Smart Card File -> passphrase decryption -> credentials Credentials –home server, public key, private key Mutual authentication with home server Download Jacorb, security classes, application with active capabilities Cherubim Smart Card

Process Management Example System Manager Client 1 User Application Host Manager Remote User Process Remote User Process Remote User Process Client 2 User Application Client 3 User Application Host Manager Remote User Process Remote User Process Remote User Process Host Manager Remote User Process Remote User Process Remote User Process Server 1 Server 2 Server 3

Laptop Mickunas Key Components in Demonstration Denny Client Application NameServer PolicyServer Service Manager Denny Server Application Hostmanager Roy Client Application Laptop Roy Roy Server Application

Future Dynamic Distributed Objects with Dynamic Adaptable Security Policies over Heterogeneous Networks “Instant” Security Policy Response to Attacks Automated and Flexible Configurability Dynamic Security for Active Networks

Cherubim Summary Dynamic policies Compatibility Extensibility Customizability Interoperability Multiple Policies Multiple Mechanisms Multiple Protocols Secure Orb, Security Server Public Key Infrastructure Architecture for and Demonstration of:-

What’s missing from Tucson meeting