Presentation is loading. Please wait.

Presentation is loading. Please wait.

MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli.

Published byEmma Warner Modified over 9 years ago

Similar presentations

Presentation on theme: "MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli."— Presentation transcript:

1 MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli

2 Presentation Overview 1. Mobile Agents 2. NIST 3. Background 4. Research Problem 5. Solution 6. Conclusion

3 Mobile Agents Mobile agents are self-contained software modules with additional credentials and accumulated data. They roam a network, moving autonomously from one server to another, perform their designated tasks, and finally, eventually, return to their control station.

4 Security Threats- NIST-1998 Agent-to-Platform –Masquerading, Denial of Service, Unauthorized Access Agent-to-Agent –Masquerade, Denial of Service, Repudiation, Unauthorized Access Platform-to-Agent –Masquerade, Denial of Service, Eavesdropping, Alteration Other-to-Agent Platform –Masquerade, Unauthorized Access, Denial of Service, Copy and Replay

5 Background.. Authorization of Mobile agents Delegation of Access rights

6 Traditional Solution Users Authorization –RBAC –ACL –Attribute based Access Control

7 Research Problem.. Comprehensive solution for Mobile agents authorization ?? –Infrastructure Components –Delegation of rights from user to agent.

8 Solution ?? Infrastructure Components Binding between users and agents

9 MagicNET System Components MagicNET stands for Mobile Agents Intelligent Community Network, has developed at secLab at DSV Department at KTH. MagicNET provide complete infrastructural and functional component for secure mobile agent research and development. It provide support to build secure & trusted mobile agents, provide agents repository (agents’ store), Mobile Agents Servers (for their runtime execution), Mobile Agent Control Station, Infrastructural servers.

10 Authorization System RBAC XAML for Agents

11 Infrastructure Components

12 Execution.....

13 Policies Structure...

14

15 Entities namespace... Entity nameEntity value (URI)Std. Xacmlurn:oasis:names:tc:xacml:1.0:XACML xmlhttp://www.w3.org/2001/XMLSchema#XACML rule-combineurn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:XACML policy-combineurn:oasis:names:tc:xacml:1.0:policy-combining-algorithm:XACML functionurn:oasis:names:tc:xacml:1.0:function:XACML subject-categorysubject-category “urn:oasis:names:tc:xacml:1.0:subject-category:XACML subjecturn:oasis:names:tc:xacml:1.0:subject:XACML resourceurn:oasis:names:tc:xacml:1.0:resource:XACML actionurn:oasis:names:tc:xacml:1.0:action:XACML environmenturn:oasis:names:tc:xacml:1.0:environment:XACML roleurn:oasis:names:tc:xacml:2.0:subject:roleRBAC UserRoleurn:magicnet:names:AgentAuthPolicy:1.0:UserRole-values:- AgentRoleurn:magicnet:names:AgentAuthPolicy:1.0:AgentRole-values:- CategoryAttributeurn:magicnet:names:AgentAuthPolicy:1.0:attribute:SubjectCategory- AgentAuthPolicyurn:magicnet:names:AgentAuthPolicy:1.0:PolicyId:- AgentAdoptionPoliciesurn:magicnet:names:AgentAuthPolicy:1.0:AgentAdoptionPolicies- AgentAccessCPoliciesurn:magicnet:names:AgentAuthPolicy:1.0:AgentAccessControlPolicies- NS abbreviationNamespace definitionStd. xacmlhttp://www.w3.org/2001/XMLSchema-instanceXACML

16 Conclusion and Future work Authorization infrastructure and structure of RBAC XACML policies for agents Federation ??? Agent baggage access control

17 Questions ???

Download ppt "MagicNET: XACML Authorization Policies for Mobile Agents Mr. Awais Shibli."

Similar presentations

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT 1 1 1 0 11 0.

Mobile IP Security Dominic Maguire Research Essay Presentation Communications Infrastructure Module MSc Communications Software, WIT
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-

TF-EMC2 February 2006, Zagreb Deploying Authorization Mechanisms for Federated Services in the EDUROAM Architecture (DAME) -Technical Project Proposal-
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Understanding Active Directory

Understanding Active Directory
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Introduction (Pendahuluan)  Information Security.

Introduction (Pendahuluan)  Information Security.
Risk Management.

Risk Management.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Identity and Access Management

Identity and Access Management
Cloud Usability Framework

Cloud Usability Framework
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.

Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.
Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Department of Computing, School of Electrical Engineering and Computer Sciences, NUST - Islamabad KTH Applied Information Security Lab Cloud based Secure.

Similar presentations

Ads by Google