Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data and Applications Security Developments and Directions

Published byElmer Allison Modified over 6 years ago

Similar presentations

Presentation on theme: "Data and Applications Security Developments and Directions"— Presentation transcript:

1 Data and Applications Security Developments and Directions
Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #14 Secure Object Systems March 1, 2006

2 Outline Background on object systems Discretionary security
Multilevel security Objects for modeling secure applications Object Request Brokers Secure Object Request Brokers Secure frameworks Directions

3 Concepts in Object Database Systems
Objects- every entity is an object Example: Book, Film, Employee, Car Class Objects with common attributes are grouped into a class Attributes or Instance Variables Properties of an object class inherited by the object instances Class Hierarchy Parent-Child class hierarchy Composite objects Book object with paragraphs, sections etc. Methods Functions associated with a class

4 Example Class Hierarchy
ID Name Author Publisher Document Class D1 D2 Method1: Method2: Print-doc-att(ID) Print-doc(ID) Journal Subclass Book Subclass # of Chapters Volume # B1 J1

5 Example Composite Object
Document Object Section 2 Object Section 1 Object Paragraph 1 Object Paragraph 2 Object

6 Security Issues Access Control on Objects, Classes, Attributes etc.
Execute permissions on Methods Multilevel Security Security impact on class hierarchies Security impact on composite hierarchies

7 Objects and Security Secure OODB Secure OODA Secure DOM Persistent
Design and analysis Infrastructure data store Secure OOPL Programming Secure Frameworks language Business objects Secure OOT Technologies Secure OOM Unified Object Model is Evolving

8 Access Control

9 Access Control Hierarchies

10 Secure Object Relational Model

11 Policy Enforcement

12 Sample Systems

13 Multilevel Security

14 Some Security Properties
Security level of an instance must dominate the level of the class Security level of a subclass must dominate the level of the superclass Classifying associations between two objects Method must execute at a level that dominates the level of the method

15 Multilevel Secure Object Relational Systems

16 Sample MLS Object Systems

17 Objects for Secure Applications

18 Object Modeling

19 Dynamic Model

20 Functional Model

21 UML and Policies

22 Distributed Object Management Systems
Integrates heterogeneous applications, systems and databases Every node, database or application is an object Connected through a Bus Examples of Bus include Object Request Brokers (Object Management Group) Distributed Component Object Model (Microsoft)

23 Object-based Interoperability
Server Client Object Object Object Request Broker Example Object Request Broker: Object Management Group’s (OMG) CORBA (Common Object Request Broker Architecture)

24 Javasoft’s RMI (Remote Method Invocation)
RMI Business Objects Clients Java-based Servers

25 Objects and Security Secure OODB Secure OODA Secure DOM Persistent
Design and analysis Infrastructure data store Secure OOPL Programming Secure Frameworks language Business objects Secure OOT Technologies Secure OOM Unified Object Model is Evolving

26 Secure Object Request Brokers

27 CORBA (Common Object Request Broker Architecture) Security
Security Service provides the following: Confidentiality Integrity Accountability Availability URLs ASecurity.jsp erview.html

28 OMG Security Specifications

29 CORBA (Common Object Request Broker Architecture) Security
Security Service provides the following: Confidentiality Integrity Accountability Availability URLs ASecurity.jsp erview.html

30 CORBA (Common Object Request Broker Architecture) Security - 2
Identification and Authentication of Principles Authorization and Access Control Security Auditing Security of communications Administration of security information Non repudiation

31 Dependable Object Request Brokers
Navigation Data Analysis Programming Display Consoles Data Links Processor Group (DAPG) (14) & Sensors Refresh Channels Sensor Multi-Sensor Detections Tracks Technology provided by Project Integrate Security, Real- time and Fault Tolerance Computing Future Future Future App App App Data MSI Mgmt. Data App Xchg. Infrastructure Services Real Time Operating System Hardware

32 Secure Frameworks

33 Directions Object Models
UML for Security applications is becoming common practice Secure distributed object systems has gained popularity Evolution into secure object-based middleware Secure object-based languages Integrating security and real-time for object systems Distributed Objects Security cannot be an afterthought for object-based interoperability Use ORBs that have implemented security services Trends are moving towards Java based interoperability and Enterprise Application Integration (EAI) Examples of EAI products are Web Sphere (IBM) and Web Logic (BEA) Security has to be incorporated into EAI products

Download ppt "Data and Applications Security Developments and Directions"

Similar presentations

Secure Dependable Stream Data Management Vana Kalogeraki (UC Riverside) Dimitrios Gunopulos (UC Riverside) Ravi Sandhu (UT San Antonio) Bhavani Thuraisingham.

Secure Dependable Stream Data Management Vana Kalogeraki (UC Riverside) Dimitrios Gunopulos (UC Riverside) Ravi Sandhu (UT San Antonio) Bhavani Thuraisingham.
Distributed DBMS©M. T. Özsu & P. Valduriez Ch.15/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.

Distributed DBMS©M. T. Özsu & P. Valduriez Ch.15/1 Outline Introduction Background Distributed Database Design Database Integration Semantic Data Control.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
I.1 Distributed Systems Prof. Dr. Alexander Schill Dresden Technical University Computer Networks Dept.

I.1 Distributed Systems Prof. Dr. Alexander Schill Dresden Technical University Computer Networks Dept.
Chapter 25 - 28 Object-Oriented Practices. Agenda Object-Oriented Concepts Terminology Object-Oriented Modeling Tips Object-Oriented Data Models and DBMSs.

Chapter Object-Oriented Practices. Agenda Object-Oriented Concepts Terminology Object-Oriented Modeling Tips Object-Oriented Data Models and DBMSs.
A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.

A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.
CORBA Case Study By Jeffrey Oliver March 2003. March 17, 2003CORBA Case Study by J. T. Oliver2 History The CORBA (Common Object Request Broker Architecture)

CORBA Case Study By Jeffrey Oliver March March 17, 2003CORBA Case Study by J. T. Oliver2 History The CORBA (Common Object Request Broker Architecture)
Chapter 13 Physical Architecture Layer Design

Chapter 13 Physical Architecture Layer Design
Software – Part 3 V.T. Raja, Ph.D., Information Management College of Business Oregon State University.

Software – Part 3 V.T. Raja, Ph.D., Information Management College of Business Oregon State University.
Slide 1 Systems Analysis and Design With UML 2.0 An Object-Oriented Approach, Second Edition Chapter 13: Physical Architecture Layer Design Alan Dennis,

Slide 1 Systems Analysis and Design With UML 2.0 An Object-Oriented Approach, Second Edition Chapter 13: Physical Architecture Layer Design Alan Dennis,
Enterprise Java Bean Matt. 2 J2EE 3 J2EE Overview.

Enterprise Java Bean Matt. 2 J2EE 3 J2EE Overview.
Slide 1 Physical Architecture Layer Design Chapter 13.

Slide 1 Physical Architecture Layer Design Chapter 13.
Data Management Information Management Knowledge Management Data and Applications Security Challenges Bhavani Thuraisingham October 2006.

Data Management Information Management Knowledge Management Data and Applications Security Challenges Bhavani Thuraisingham October 2006.
1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.

1 Introduction to Middleware. 2 Outline What is middleware? Purpose and origin Why use it? What Middleware does? Technical details Middleware services.
Databases JDBC (Java Database Connectivity) –Thin clients – servlet,JavaServer Pages (JSP) –Thick clients – RMI to remote databases –most recommended way.

Databases JDBC (Java Database Connectivity) –Thin clients – servlet,JavaServer Pages (JSP) –Thick clients – RMI to remote databases –most recommended way.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Secure Object Data Management.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Secure Object Data Management.
CSC 480 Software Engineering Lecture 18 Nov 6, 2002.

CSC 480 Software Engineering Lecture 18 Nov 6, 2002.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #22 Secure Web Information.
CS 240, Prof. Sarwar Slide 1 CS 240: Software Project Fall 2003 Sections 1 & 2 Dr. Badrul M. Sarwar San Jose State University Lecture #23.

CS 240, Prof. Sarwar Slide 1 CS 240: Software Project Fall 2003 Sections 1 & 2 Dr. Badrul M. Sarwar San Jose State University Lecture #23.
CS 501: Software Engineering Fall 1999 Lecture 12 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 1999 Lecture 12 System Architecture III Distributed Objects.

Similar presentations

Ads by Google