IEEE P1619.3 Architecture Subcommittee Model Update and Discussion November 1, 2007.

Slides:



Advertisements
Similar presentations
--- IT Acumens. COMIT Acumens. COM SNMP Project. AIM The aim of our project is to monitor and manage the performance of a network. The aim of our project.
Advertisements

Mobile Agents Mouse House Creative Technologies Mike OBrien.
KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
 Introduction Originally developed by Open Software Foundation (OSF), which is now called The Open Group ( Provides a set of tools and.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Introduction to Systems Architecture Kieran Mathieson.
Component and Deployment Diagrams
Chapter 12 File Management Systems
Academic Advisor: Dr. Yuval Elovici Professional Advisor: Yuri Granovsky Team: Yuri Manusov Yevgeny Fishman Boris Umansky.
11/5/01OO Design1 Design Object-Oriented Design. 11/5/01OO Design2 Object-Oriented Design  The process of determining the architecture, and specifying.
1 A Student Guide to Object- Orientated Development Chapter 9 Design.
Key Management in Cryptography
Introduction to Databases Transparencies 1. ©Pearson Education 2009 Objectives Common uses of database systems. Meaning of the term database. Meaning.
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
Key Management Lifecycle. Cryptographic key management encompasses the entire lifecycle of cryptographic keys and other keying material. Basic key management.
Copyright © 2012 Accenture All Rights Reserved.Copyright © 2012 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are.
The Design Discipline.
Database System Concepts and Architecture Lecture # 3 22 June 2012 National University of Computer and Emerging Sciences.
Cloud Computing & Security Issues Prepared by: Hamoud Al-Shammari CS 6910 Summer, 2011 University of Colorado at Colorado Springs Engineering & Applied.
@2011 Mihail L. Sichitiu1 Android Introduction Platform Overview.
9/14/2015B.Ramamurthy1 Operating Systems : Overview Bina Ramamurthy CSE421/521.
Institute of Computer and Communication Network Engineering OFC/NFOEC, 6-10 March 2011, Los Angeles, CA Lessons Learned From Implementing a Path Computation.
B.Ramamurthy9/19/20151 Operating Systems u Bina Ramamurthy CS421.
1 Introduction to Database Systems. 2 Database and Database System / A database is a shared collection of logically related data designed to meet the.
Composition and Evolution of Operating Systems Introduction to Operating Systems: Module 2.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
Mark J. Salamango Chief Pervasive Architect USA TACOM Tel: Fax: Pervasive Computing: Why did the logistics.
1 of of 25 3 of 25 ORBs (Object Request Broker) – A distributed software bus for communication among middleware services and applications – To.
EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP Library Encryption - LTO4 Key.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Windows NT Operating System. Windows NT Models Layered Model Client/Server Model Object Model Symmetric Multiprocessing.
11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 
Elmasri and Navathe, Fundamentals of Database Systems, Fourth Edition Copyright © 2004 Pearson Education, Inc. Slide 2-1 Data Models Data Model: A set.
INTRODUCTION TO DBS Database: a collection of data describing the activities of one or more related organizations DBMS: software designed to assist in.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Database System Concepts and Architecture.
Lecture 18: Object-Oriented Design
Software Engineering Chapter: Computer Aided Software Engineering 1 Chapter : Computer Aided Software Engineering.
Slide 1 What the business needs  How to build it Functional requirements  + Nonfunctional requirements Performance System environment issues Problem.
AMQP, Message Broker Babu Ram Dawadi. overview Why MOM architecture? Messaging broker like RabbitMQ in brief RabbitMQ AMQP – What is it ?
1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2.
Architecture & Cybersecurity – Module 3 ELO-100Identify the features of virtualization. (Figure 3) ELO-060Identify the different components of a cloud.
HardSSH Cryptographic Hardware Key Team May07-20: Steven Schulteis (Cpr E) Joseph Sloan (EE, Cpr E, Com S) Michael Ekstrand (Cpr E) Taylor Schreck (Cpr.
Medical Imaging Lection 3. Basic Questions Imaging in Medical Sciences Transmission Imaging PACS and DICOM.
Chapter 7 – Confidentiality Using Symmetric Encryption.
Enterprise Computing with Jini Technology Mark Stang and Stephen Whinston Jan / Feb 2001, IT Pro presented by Alex Kotchnev.
OpenStorage Training Introduction to NetBackup
OOD OO Design. OOD-2 OO Development Requirements Use case analysis OO Analysis –Models from the domain and application OO Design –Mapping of model.
IEEE P Architecture Subcommittee Conference Call November 15, IEEE P Architecture Subcommittee.
Building Preservation Environments with Data Grid Technology Reagan W. Moore Presenter: Praveen Namburi.
IEEE P Architecture Subcommittee Conference Call January 24, IEEE P Architecture Subcommittee.
Overview of today’s lecture Major components of an operating system Structure and internal architecture of an operating system Monolithic Vs Micro-kernels.
Chapter 27 Network Management Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
IEEE P Architecture Subcommittee
Operating Systems : Overview
Representational State Transfer
CS691 M2009 Semester Project PHILIP HUYNH
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 2 Database System Concepts and Architecture.
Operating Systems : Overview
CS691 M2009 Semester Project PHILIP HUYNH
Introduction to Databases Transparencies
Distributed Systems Bina Ramamurthy 11/30/2018 B.Ramamurthy.
Operating Systems : Overview
Operating Systems : Overview
Operating Systems : Overview
Operating Systems : Overview
Andy Puckett – Sales Engineer
Week1 software - Lecture outline & Assignments
Presentation transcript:

IEEE P Architecture Subcommittee Model Update and Discussion November 1, 2007

Agenda Discuss updated KM role/layered models Discuss John Holdman’s key lifecycle model Miscellaneous Topics KM Policy Models Data Attribute Models Interaction Models?

Proposed KM Role/Layer Models

Role/Entity Model KM Server Cryptographic Unit Data Storage Data Transfer (outside of KMS) KMCS Ops KMSS Ops Key Backup KM Backup Ops KM Archive Ops KM Client KM Server Key Archive CU Agent Encryption Application Data Storage Cryptographic Unit KM Client CU Agent Encryption Application

Layered Model #1 KM Server Data Storage KM Client CU Agent Cryptographic Unit Plaintext Data Storage I/O Secure Comm Stack Data Plane Control Plane Encryption Service Secure Comm Stack KM Library KM API Encrypted Data Storage I/O Management/Control Network Key Management Service

Layered Model #2 KM Server Encryption Application CU Agent Cryptographic Unit KM Client Encryption User KM Library KM API Encryption Application Cryptographic Unit Data Storage Control PlaneData Plane

Updated Definitions l Data Plane l Traditional data communications term that refers to the primary data path through a system. In the case of the P standard, it is the path that plaintext user data takes through the cryptographic unit before it is placed on the storage media, and visa versa. l Control Plane l Traditional data communications term that refers to the set of components involved in the configuration, control, and management of the data plane. These components are typically not within the data path used for primary data movement and manipulation.

Updated Definitions l KM Server l Implements the key management service that manages the complete key lifecycle for keys and security material used to provide cryptographic protection of stored data l Encryption Service l Is the SW and/or HW system that provides encryption services to protect stored data l KM Client l Is the component of the Encryption Service that communicates with the KMS and ensure keys and security material are properly loaded into the cryptographic unit

Updated Definitions l KM Library l Is the component of the Encryption Service that implements the KM API, KM messaging service, and KM transport protocol client; used by the KM Client to communicate with the KMS l KM API l The C\C++ and Java bindings that implement the interface to the KM library l Secure Communication Stack l Is the component of the Encryption Service that implements the network communication protocol stack whose services are used to provide secure communication over the internet/intranet; typically, this is the SSL(TLS)/TCP/IP stack

Updated Definitions l Cryptographic Unit Agent l Is the component of the Encryption Service that provides the necessary services to allow the KM Client to control the Cryptographic Unit from the control plane l Cryptographic Unit l The hardware and/or software component of the Encryption Service that actually encrypts data before it is placed on the media used to store data and decrypts data after it is retrieved from the media used to store data l Data Storage l The medium/media used to provide persistent data storage, including disk, tape, etc.

Proposed Key State/Transition Model See John Holdman’s document/ from 10/12/07

Miscellaneous Discussion

Key Policy Model l Currently defined under key structures l Sections thru l Do policies need to be defined in section 4? l Or are they more KMS specific (transparent to KM clients) l Do we need to capture the policy diagram in section 4.3.1

Data Attributes l Is data attribute model required in section 4? l Or can this be confined to the OO section? l If we include, what attributes to include? l Include a general data object model? l Data objects instantiate a unit of data to protect l Attributes define the unit of data and how it should be protected l Key Policies

Interaction Model? l Do we need a simplified interaction model to cover KMC/KMS interactions? l Coupled with data attribute model? l Coupled with policy model? l Or is this confined to OO section?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.