Download presentation
Presentation is loading. Please wait.
2
CSE300-2 Distributed Object Computing
3
Semester Project Specification
5
Topic: Security for Distributed Resource Environments
7
Group Members:
8
Charles E. Phillips, Jr. (Chip)
9
Qi Jin (Qi)
10
Jae-guon Nam (Jae)
11
Zhenlin Qian (Jason)
12
Topic Overview.
13
Distributed resource environments have lagged in support of security, providing minimal functionality to control the availability of a resource’s services to clients. To address this deficiency, we have developed a model and two prototypes for integrating a role-based security model, authorization, authentication, and enforcement into a distributed resource environment. The prototypes have been implemented using Sun’s JINI technology, which promotes the construction and deployment of distributed applications. Currently, the prototypes run separately, one as a University Database System with simplified role-based security included and second as a stand alone, reusable, Security Client designed to be used as a general security resource. The goal for this semester, it to improve on the previous prototypes by modifying code and implementing new security features based on our research. The overall goal, of course, is to provide an improved security model and prototype which will support role-based security in a distributed resource environment. These are our objectives:
14
.Prototype our security model by merging the University Database functionality with the reusable Security Client to provide a fully functional role-based security to the University Database System as a proof of concept.
15
.Implement the use of different database management systems within the environment.
16
.Implement the prototype security environment using different computer platforms and operating systems.
17
.Establish support of dual security clients running in the same distributed environment.
18
.Explore Jini Leasing capabilities, revise the security client model, and implement a leasing enforcement mechanism that will enhance the security environment.
19
.Use the Unified Modeling Language (UML) to examine our prototype and make improvements.
20
.Examine related areas and develop a revised security model.
21
A Software Architecture for Role-Base Security
In a distributed resource environment, different resources (hardware or software) are treated in a fashion that allows all clients and resources to be seamlessly integrated. Clients can consult a Lookup Service to locate and execute “services” on “found” resources to carry out their tasks. However, these environments lack security support. When a resource registers its services with the Lookup Service, there is currently no way for the resource to dictate which service can be utilized by which client. The current solution for a resource to control access to its services is by changing the program. This, of course is not an optimum solution. We are interested in extending the security capabilities of a distributed resource environment to allow resources to selectively and dynamically control who can access its services (and invoke their methods), based on the role of the client. We will use the capabilities of the distributed resource environment, to define dedicated resources which will, authorize, authenticate, and enforce role-based security for the distributed application. A Proposed Software Architecture Security Client and Resource Interactions Figure 3.3 contains a depiction of a Security Client and a General Resource (e.g., legacy, COTS, database, etc.). We will implement the University Database as a general resource. The Security Client contains the services from the three security resources that can be used to establish and enforce the security policy. These clients create/find clients; authorize roles to clients; and grant, revoke, and find the privileges that a role has against a resource, service, and/or method. The General Resource is the required to register itself, its services, and their methods with the Role-Based Privileges Resource. Client Interactions and Processing To illustrate the process for a GUI Client accessing a Database Resource using the Lookup Service, and the Security Registration, Authorization List, and Role-Based Privileges resources, we present the example in Figure 3.4, with flow via the numbered service invocations and returned results.
22
Experimental Prototypes
23
The latest prototypes are implemented on Windows NT 4. 0, using Java 1
The latest prototypes are implemented on Windows NT 4.0, using Java and JINI We have implemented two prototypes to date, described in the next two sections. The first prototype employs a university application in which we implemented a subset of our security architecture. Students can query course information and enroll in classes, and faculty can query and modify the class schedule. The second prototype is the Security Client. Baseline Prototype The Security Client Prototype
24
Qi will take on the following objectives: Implement the use of different database management systems within the environment; Implement the prototype security environment using different computer platforms and operating systems; and Establish support of dual security clients running in the same distributed environment.
25
Jae will take on the following objectives: Merge the existing prototypes and use the Unified Modeling Language (UML) to examine our prototype and make improvements.
26
Related Work: Mobile Agent Security in a Distributed Resource Environment
27
And Jason will explore Jini’s Leasing capabilities, help revise the security client model, and implement a leasing enforcement mechanism that will enhance the security environment.
28
Related Work: Security Models for Distributed Resource Environments
29
Planned Activities
30
.Weekly meetings on Tuesday to discuss progress and address coordination issues.
31
.Bi-weekly summary of activities to ease demand for midterm report and final project.
32
.Midterm Report. 25 October.
33
.Project Completed 7 December.
34
Final Briefing 9 December.
35
Flow of Work
36
Chip will be at a two week Network Security Course in Italy and will hopefully return with some new insights. The group, as a whole, has been given access to the existing source code for near term review and familiarization. Individually, group members will need a couple of weeks to familiarize themselves with their work objectives and find references that can support both their objective work and related work topics. Our group meetings will commence on Tuesday 3 October.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.