Newcastle uopn Tyne, 5 - 6 September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

PKE PP Mike Henry Jean Petty Entrust CygnaCom Santosh Chokhani.

1 © Wolfgang Emmerich, 2002 UCL Wolfgang Emmerich.

Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College.

High Performance Computing Course Notes Grid Computing.

TAPASDelivMarch04 1 TAPAS Deliverables for March 04 (Trusted and QoS-Aware Provision of Application Services) Santosh Shrivastava Newcastle University.

Authentication & Kerberos

Overview of OASIS SOA Reference Architecture Foundation (SOA-RAF)

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

OASIS Reference Model for Service Oriented Architecture 1.0

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

SIS: Secure Information Sharing for Windows Systems Osama Khaleel CS526 Semester Project.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Data Security in Local Networks using Distributed Firewalls

Dynasis Secure Group Information Sharing System ADVISOR: DR. AWAIS SHIBLI CO-ADVISOR: DR. ABDUL GHAFOOR GROUP MEMBERS: MANSOOR AHMED SAIF ULLAH YASIR.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Understanding Active Directory

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.

Functional Model Workstream 1: Functional Element Development.

Authorization Scenarios with Signet RL “Bob” Morgan University of Washington Internet2 Member Meeting, September 2004.

E-Science Meeting April Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,

1 TAPAS Workshop Nicola Mezzetti - TAPAS Workshop Bologna Achieving Security and Privacy on the Grid Nicola Mezzetti.

Digital Object Architecture

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

E-Science Meeting March Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

MagicNET: Security Architecture for Creation, Classification, and Validation of Trusted Mobile Agents Presented By Mr. Muhammad Awais Shibli.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

© 2002, Cisco Systems, Inc. All rights reserved..

SLAng - SLA notation generator A language for defining SLAs Davide Lamanna, James Skene and Wolfgang Emmerich University College London Computer Science.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

TAPAS meeting Application Hosting Requirements adesso AG Werner Beckmann

Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008

SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.

A Secure JBoss Platform Nicola Mezzetti Acknowledgments: F. Panzieri.

Page 1 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Context-based Coalition Access Control for Spontaneous Networking.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Newcastle upon Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.

Windows Role-Based Access Control Longhorn Update

Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.

Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.

Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.

SecPAL Presented by Daniel Pechulis CS5204 – Operating Systems1.

Web Services Security Patterns Alex Mackman CM Group Ltd

Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.

GRID ANATOMY Advanced Computing Concepts – Dr. Emmanuel Pilli.

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.

Policy-Based Dynamic Negotiation for Grid Services Authorization Ionut Constandache, Daniel Olmedilla, Wolfgang Nejdl Semantic Web Policy Workshop, ISWC’05.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Contracts, SLAs and Virtual Enterprises Carlos Molina-Jimenez ( Meeting of TAPAS partners at University.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

IAB-Feb 04 1 TAPAS Progress Report (Trusted and QoS-Aware Provision of Application Services) Santosh Shrivastava Newcastle University.

Decentralized Access Control: Policy Languages and Logics

Training for developers of X-Road interfaces

Implementing Network Access Protection

Usecases and Requirements for OGSA-Security

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

Data Security in Local Networks using Distributed Firewalls

Presentation transcript:

Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna

Newcastle uopn Tyne, September Summary Definitions: –Security Domains –Trust Trust Basis Trust in TAPAS Platform A Practical Example Security in ENS

Newcastle uopn Tyne, September Definitions (1/2) TAPAS Environment can be seen as a set of security domains: –Security Domain (SD) A set of one (or more) Platform Domain(s) (e.g., ASP, SSP, ISP in auction example). Platform Domain (PD) –An instance of TAPAS architecture; it can host several application containers. –Application Domain (AD) The set of containers relative to the same application (can span over several PDs and SDs).

Newcastle uopn Tyne, September Definitions (2/2) Trust: –Informally, we say “Alice Trusts Bob in environment E” if there is a set of policy rules defined in E that regulate interactions between them.

Newcastle uopn Tyne, September Trust Basis Trust Assumptions: –in a security domain, TAPAS platforms trust each other; –in a platform domain, Application Containers: Are mutually distrustful; Trust the Tapas Platform; SLAs enforce trust relationships among ACs and PDs. –in an application domain, containers trust each other; –otherwise there is mutual distrust: In this case relationships must be possible by means of authentication and fair exchange protocols.

Newcastle uopn Tyne, September Trust Management Systems Policy Maker and KeyNote: –Assertional policy description languages; –Specify what a public key is authorized to do. RBAC: –Allow to assign privileges to roles Scalability; –OASIS.

Newcastle uopn Tyne, September Trust in TAPAS Platform (1/3) TAPAS requires a high level Policy Description Language to allow specification of basic trust relationships –Expressibility; it should support trust delegation to manage trust in AD across SDs: –PDs belonging to different SDs mutually distrust each other. PDL is a part of Trust Management System –implemented in TMS module of the platform: Flexibility: –Dynamical trust relationships; Scalability;

Newcastle uopn Tyne, September Trust in TAPAS Platform (2/3) OASIS: –Trust management system developed by Opera group: Extends the model of Role Based Access Control: –OASIS servers name their clients in terms of roles; –OASIS scales well because access rights are associated with roles rather than individual principals; –Services specify policy for role-entry in RDL (Role Definition language); –Delegation is addressed by appointments.

Newcastle uopn Tyne, September Trust in TAPAS Platform (3/3) OASIS: –To use a service, clients present credentials for entering a named role: The service checks the credentials against the RDL policy specification: –RDL is a formal logic based on Horn clauses so a service proves the correctness of its clients' credentials. If successful, the client is issued a role membership certificate (RMC): –dynamically maintained, principal-specific capability. The client presents the RMC with each service invocation.

Newcastle uopn Tyne, September Trust in TAPAS Platform (4/4) OASIS: –Can be extended to support dynamical trust Reputation tokens can be realized by appointments or trust values can be embedded in RMC.

Newcastle uopn Tyne, September A practical example (1/3) Online auction example: –Using OASIS to model the policy, auction server could enforce a policy based on two different roles: Seller: –View of items he/she sells, history of bidding and the best bid, but not any detail about buyers; Buyer: –View of items he/she is bidding for, each one with the current best bid, information about location of the item and delivery details, but not any detail about sellers;

Newcastle uopn Tyne, September A practical example (2/3) Setting up the Application Domain: 1.Auctioneer logs on the ASP TAPAS platform and creates a new AD by presenting a SLA He/she gets also a RMC as a member of the platform domain; 2.To request services and resources to other providers (e.g., SSP, ISP) TAPAS platform grants the application a set of appointments other TAPAS platforms can have a proof of delegation; 3.If presented credentials are verified and compliant with other platforms local policies then the new application containers are reserved.

Newcastle uopn Tyne, September A practical example (3/3) Buyer and Seller RMCs: 1.A client that successfully logs on the application gets a buyer RMC; 2.A buyer that successfully places one item in the auction is granted a seller appointment that expires at the end of that item’s auction; 3.Presenting buyer RMC and a valid seller appointment, the buyer is granted the seller RMC;

Newcastle uopn Tyne, September Security in ENS ENS should encapsulate security issues: –Advertisement and subscription of events within the application domain or within a particular security domain. OASIS allows an elegant solution, addressing the issue with appointments. –It should be impossible for a malicious party to monitor event history of a security domain he/she doesn’t belong to.

Newcastle uopn Tyne, September Future Work and References Future Work: –Extending OASIS to manage a dynamical form of trust relationship; –Study a way to integrate security issues in ENS. References –[tapas01] TAPAS: Description of Work. –[oasis01] J.Bacon, K. Moody, W. Yao, “Access Control in the Use of Widely Distributed Services”, Middleware 2001, LNCS 2001.