Download presentation
Presentation is loading. Please wait.
Published byAmberlynn Lawrence Modified over 6 years ago
1
TRUST:Team for Research in Ubiquitous Secure Technologies
TRUSTed Model-Integrated Computing Gabor Karsai ISIS/Vanderbilt University NSF STC Review September 13, 2004
2
Towards TRUSTed Model-Integrated Computing
Multiple-aspect modeling languages for systems/security co-design Understanding & modeling inter- dependence between security aspects & core systems aspects Analysis tools for co-verifying security, performance & safety properties Domain-Specific Modeling Languages Matlab Code-Gen. Matlab Code-Gen. Config. Generator Model-Driven Generator Technology Modeling of generators Generating generators Provably correct generators Embeddable generators if (inactiveInterval != -1) { if (thisInterval > inactiveInterval) { (int)(System.currentTimeMillis() - lastAccessed) / 1000; int thisInterval = invalidate(); } ssm.removeSession(this); ServerSessionManager ssm = ServerSessionManager.getManager(); private long lastAccessedTime = creationTime; * session, as the number of milliseconds since midnight, January 1, 1970 /** * Return the last time the client sent a request associated with this */ public long getLastAccessedTime() { * a value associated with the session, do not affect the access time. * GMT. Actions that your application takes, such as getting or setting return (this.lastAccessedTime); this.lastAccessedTime = time; * should be called by the context when a request comes in for a particular * Update the accessed time information for this session. This method this.lastAccessedTime = this.thisAccessedTime; this.thisAccessedTime = System.currentTimeMillis(); public void access() { * session, even if the application does not reference it. lastAccessedTime = ((Long) stream.readObject()).longValue(); lastAccessedTime = 0L; this.isNew=false; isNew = ((Boolean) stream.readObject()).booleanValue(); maxInactiveInterval = ((Integer) stream.readObject()).intValue(); 2 Configuration Specification Code Analysis Tool NSF STC Review NSF STC Review September 13, 2004
3
MIC Solution for Secure Systems Meta-modeling & Model Weaving
TRUST MIC Solution for Secure Systems Meta-modeling & Model Weaving Multiple-aspect modeling languages are defined by formal meta-models Security models are built independently from platforms & expressed as patterns Model weaving technology is used to generate integrated security/systems models Model-based generators are used to generate systems on Secure Platforms Access Control Meta-Model Composition Meta-Models GME Meta-Modeling built by generated from Security Models Composition Models GME S-ESML Modeling built by generated from Integrated Model Model Weaver weaved by 3 generated from Secure Platform NSF STC Review NSF STC Review September 13, 2004
4
TRUSTed MIC: Summary Key concepts
Desired TRUST properties are explicitly captured on the model level Model checkers verify emerging system properties Tools are available for maintaining, adapting, and verifying security models Trusted software systems are automatically generated for diverse platforms Research issues Modeling language for TRUST properties Model verification algorithms Model weaving tools Tools for TRUST model management Integration on TRUSTed platforms TRUSTed certifiable generators and model transformation tools Integration Direct use of security technology results: principles, algorithms, techniques Bridge towards social science aspects: integration of duties of care, privacy, and information policy study results as explicit TRUST models NSF STC Review September 13, 2004
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.