Presentation is loading. Please wait.

Presentation is loading. Please wait.

FCS A Component Security Infrastructure Y. David Liu Scott Smith

Published byThomasina Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "FCS A Component Security Infrastructure Y. David Liu Scott Smith"— Presentation transcript:

1 Cells @ FCS 20021 A Component Security Infrastructure Y. David Liu Scott Smith http://www.jcells.org

2 Cells @ FCS 20022 Motivation Secure software systems Secure software systems at the component level SDSI/SPKICells Build software systems using components

3 Cells @ FCS 20023 Goals for a Component Security Infrastructure Simplicity – Complex protocols will be misused Generality – Applicable across a wide range of domains Interoperability – Security policies shared between components, others Extensibility – Evolves as component architecture evolves

4 Cells @ FCS 20024 Background: Cells Cell A Connector = Service = plugout plugin Header Body Header Body Cell B A new distributed component programming language [Rinat and Smith, ECOOP2002] A new distributed component programming language [Rinat and Smith, ECOOP2002]

5 Cells @ FCS 20025 Background: SDSI/SPKI Basis of our security infrastructure Features – Principal with public/private key pair – Decentralized name service Extended names, name certificate Group membership certificate – Access control Principal with ACL Delegation model: authorization/revocation certificate

6 Cells @ FCS 20026 Principles of Component Security Each component should be a principal – Traditional principals: users, locations, protection domains, … – New idea: Components as principals Components are known to outsiders by their public key Components each have their own secured namespace for addressing other components Components may be private

7 Cells @ FCS 20027 Cell Identifiers: CID CID = the public key in the key pair generated by public key cryptosystem – CID is a secured cell identity Universally unique – No two cells share the same CID Outgoing messages signed by CID -1 and verified by CID

8 Cells @ FCS 20028 CVM Identity With President Cells: Universe is homogeneously composed of cells Locations are also principals – Locations are represented by cells and each cell is a principal Unique CVM identity via its President CVM CellA CID: 1..1 CellB CID: 5..5 CVM President Cell CID: 7..7

9 Cells @ FCS 20029 Cell Header Security Information CIDCID -1 NLT SPT CertSTORE Security Policy Table Naming Lookup Table Certificate Store (Delegation) Identity/Key

10 Cells @ FCS 200210 Cell Reference A locator of cells A capability to a cell – No cell reference, no access A programming language construct: reference Corresponds to a SDSI/SPKI principal certificate Cell CID CVM CID Network Location Unifies many notions in one concept:

11 Cells @ FCS 200211 Name Services CIDs vs. Names – CIDs serve as universal identifiers, but names are still necessary – Extended name mechanism enables a cell to refer to another cell even if its CID is unknown Our name service is based on SDSI/SPKI Improvements: – Fewer certificates needed due to on-line nature – More expressive lookup algorithm

12 Cells @ FCS 200212 SDSI/SPKI Extended Names Bob ID : 1..3 LOC : sdsi://cs.jhu.edu ID 1..3 ID 2..9 ID 7..1 Andy ID : 2..9 LOC : sdsi://starwars.com Bob’s Andy? Local Name Certificate

13 Cells @ FCS 200213 SDSI/SPKI Groups Bob ID : 1..3 LOC : sdsi://cs.jhu.edu ID 1..3 ID 2..9 ID 7..1 Andy ID : 2..9 LOC : sdsi://starwars.com Local Name Certificate Group Membership Certificate Friend {Bob, Bob’s Andy}

14 Cells @ FCS 200214 Cell Naming Lookup Table Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 1..3 CID 2..9 CID 7..1 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com CID: 4..7 cell://cs.jhu.edu CID: 5..5 cell://starwars.com Friend {Bob, Bob’s Andy} CID: 9..5 cell://home.org

15 Cells @ FCS 200215 Cell Naming Lookup Table Online nature makes local name certificates unnecessary, unlike SDSI/SPKI – More suited for mobility Maintained by naming lookup interface, a concept closer to programming languages Naming entries can be effectively secured by using hooks Compatible with SDSI/SPKI

16 Cells @ FCS 200216 Name Lookup Process Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 1..3 CID 2..9 CID 7..1 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com Bob’s Andy?

17 Cells @ FCS 200217 A More Expressive Algorithm Anthony CID : 9..9 CVM :4..7 LOC : cell://cs.jhu.edu CID 1..3 CID 2..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com Tony? Tony Andy’s Anthony CID 9..9

18 Cells @ FCS 200218 Cycles Alice CID : 1..3 CVM :5..7 LOC : cell://cs.jhu.edu CID 1..3 CID 2..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com Tony’s Bob? Tony Andy’s Anthony CID 9..9 Anthony Alice’s Tony

19 Cells @ FCS 200219 A cycle exists Same local name expansion entry encountered twice Solution: Keep track of the path Raise an exception if the same name encountered twice Cycle Detection Sketch

20 Cells @ FCS 200220 Security Policy subjectresourceaccess right hookdeleg bit ownerunit Bobthiscellconnector1connectNULL0 Group1thiscellservice1invokeNULL1 AliceTimservice1invokeh0 Each cell holds a security policy table, SPT. Each policy is a 5-tuple.

21 Cells @ FCS 200221 Subjects, Resources, Access Rights Subjects – Cells and a group of cells – Local names, extended names, cell references Resources – Services, connectors, operations – Partial order relations among them Access rights – Connect and invoke Application level protection: meaningful services and meaningful connections.

22 Cells @ FCS 200222 Hooks Designed for fine-grained access control – Protect a naming lookup entry: lookup(“Tony”) – Protect a specific file: read(“abc.txt”) Associated with operations Operation parameters verified via a predicate Predicate checked when the associated operation is triggered – Example: Hook lookup (arg1) = { arg1=“Tony” }

23 Cells @ FCS 200223 SDSI/SPKI Delegation ID 3..3 ID 1..1 ID 5..5 AuthC1 AuthC3 AuthC1 AuthC3 AuthC1 “Access Granted”

24 Cells @ FCS 200224 Cell Delegation Implements SDSI/SPKI delegation Each cell holds all certificates (both delegation and revocation) in a certificate store. Security policy table supports delegation – The owner of the resource might not be thiscell – The delegation bit indicating whether certificates can be further delegated Certificates are implicitly passed for delegation chain detection – No need for manual user intervention

25 Cells @ FCS 200225 Goals Revisited Simplicity – No complex algorithms/data structures – Clearly defined principals and resources Generality – Not just cells, but components in general – Not limited to certain applications Interoperability – Built on SDSI/SPKI standard – Communicate with any infrastructure that supports SDSI/SPKI Extensibility – Consideration for future additions: mobility, etc

26 Cells @ FCS 200226 Future Work Security for Mobile Components – Cells can migrate – Mobile devices, PDAs Hierarchical Security Policy Interoperability

27 Cells @ FCS 200227 jcells.org

28 Cells @ FCS 200228 Dynamic Component Components are named, addressable entities, running at a particular location. Components have interfaces which can be invoked. Components may be distributed across the network

29 Cells @ FCS 200229 Summary Security infrastructure in a component programming language Cell identity and CVM identity (president cell) Naming lookup table/interface – More expressive lookup algorithm and cycle detection Fine-grained access control Unification of security artifacts and programming language ones Formalization of SDSI/SPKI API from programming language perspective

30 Cells @ FCS 200230 Traditional Security Model allow request from alice.jhu.edu

31 Cells @ FCS 200231 …Fails for Mobile Devices allow request from alice.jhu.edu

32 Cells @ FCS 200232 Cell Security Infrastructure allow request from CVM with CID 3333333

33 Cells @ FCS 200233 …Adapts Well with Mobile Devices allow request from CVM with CID 3333333

34 Cells @ FCS 200234 Extended Name An extended name is a sequence of local names [n 1, n 2, …, n k ], where each n i+1 is a local name defined in the name space of the cell n i.

35 Cells @ FCS 200235 Example: Traditional Security Model allow request from alice.jhu.edu

36 Cells @ FCS 200236 …Fails in Cell Migration allow request from alice.jhu.edu

37 Cells @ FCS 200237 Example: Cell Security Infrastructure allow request from cell with CID 1234567

38 Cells @ FCS 200238 …Adapts Well in Cell Migration allow request from cell with CID 1234567

Download ppt "FCS A Component Security Infrastructure Y. David Liu Scott Smith"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.

What is adaptive web technology?  There is an increasingly large demand for software systems which are able to operate effectively in dynamic environments.
NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.

NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.
Security Management.

Security Management.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks
1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.
Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Networks – Network Architecture Network architecture is specification of design principles (including data formats and procedures) for creating a network.

Similar presentations

Ads by Google