Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Component Security Infrastructure

Published byJaana Saaristo Modified over 5 years ago

Similar presentations

Presentation on theme: "A Component Security Infrastructure"— Presentation transcript:

1 A Component Security Infrastructure
Y. David Liu Scott Smith 5/15/2019 FCS 2002

2 Motivation Secure software systems at the component level
Build software systems using components SDSI/SPKI Cells Secure software systems at the component level 5/15/2019 FCS 2002

3 Goals for a Component Security Infrastructure
Simplicity Complex protocols will be misused Generality Applicable across a wide range of domains Interoperability Security policies shared between components, others Extensibility Evolves as component architecture evolves 5/15/2019 FCS 2002

4 Background: Cells A new distributed component programming language [Rinat and Smith, ECOOP2002] Header Body Header Body Cell A Cell B plugout Service = Connector = plugin 5/15/2019 FCS 2002

5 Background: SDSI/SPKI
Basis of our security infrastructure Features Principal with public/private key pair Decentralized name service Extended names, name certificate Group membership certificate Access control Principal with ACL Delegation model: authorization/revocation certificate 5/15/2019 FCS 2002

6 Principles of Component Security
Each component should be a principal Traditional principals: users, locations, protection domains, … New idea: Components as principals Components are known to outsiders by their public key Components each have their own secured namespace for addressing other components Components may be private 5/15/2019 FCS 2002

7 Cell Identifiers: CID CID = the public key in the key pair generated by public key cryptosystem CID is a secured cell identity Universally unique No two cells share the same CID Outgoing messages signed by CID-1 and verified by CID 5/15/2019 FCS 2002

8 CVM Identity With President Cells:
CellA CID: 1..1 CellB CID: 5..5 CVM President Cell CID: 7..7 CVM With President Cells: Universe is homogeneously composed of cells Locations are also principals Locations are represented by cells and each cell is a principal Unique CVM identity via its President 5/15/2019 FCS 2002

9 Cell Header Security Information
CID CID-1 NLT SPT CertSTORE Identity/Key Naming Lookup Table Security Policy Table Certificate Store (Delegation) 5/15/2019 FCS 2002

10 Cell Reference Unifies many notions in one concept: Cell CID CVM CID
A locator of cells A capability to a cell No cell reference, no access A programming language construct: reference Corresponds to a SDSI/SPKI principal certificate Cell CID CVM CID Network Location 5/15/2019 FCS 2002

11 Name Services CIDs vs. Names Our name service is based on SDSI/SPKI
CIDs serve as universal identifiers, but names are still necessary Extended name mechanism enables a cell to refer to another cell even if its CID is unknown Our name service is based on SDSI/SPKI Improvements: Fewer certificates needed due to on-line nature More expressive lookup algorithm 5/15/2019 FCS 2002

12 SDSI/SPKI Extended Names
Bob’s Andy? Local Name Certificate Andy ID : 2..9 LOC : sdsi://starwars.com ID 7..1 ID 1..3 Local Name Certificate Bob ID : 1..3 LOC : sdsi://cs.jhu.edu ID 2..9 5/15/2019 FCS 2002

13 SDSI/SPKI Groups Andy Bob Local Name Certificate Friend
ID 7..1 Local Name Certificate Andy ID : 2..9 LOC : sdsi://starwars.com Local Name Certificate ID 1..3 Bob ID : 1..3 LOC : sdsi://cs.jhu.edu Group Membership Certificate ID 2..9 Friend {Bob, Bob’s Andy} 5/15/2019 FCS 2002

14 Cell Naming Lookup Table
Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com CID 7..1 CID: 9..5 cell://home.org CID 1..3 Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 2..9 CID: 4..7 cell://cs.jhu.edu CID: 5..5 cell://starwars.com Friend {Bob, Bob’s Andy} 5/15/2019 FCS 2002

15 Cell Naming Lookup Table
Online nature makes local name certificates unnecessary, unlike SDSI/SPKI More suited for mobility Maintained by naming lookup interface, a concept closer to programming languages Naming entries can be effectively secured by using hooks Compatible with SDSI/SPKI 5/15/2019 FCS 2002

16 Name Lookup Process Andy Bob’s Andy? Bob CID : 2..9 CVM :5..5
LOC : cell://starwars.com Bob’s Andy? CID 7..1 CID 1..3 Bob CID : 1..3 CVM :4..7 LOC : cell://cs.jhu.edu CID 2..9 5/15/2019 FCS 2002

17 A More Expressive Algorithm
Anthony CID : 9..9 CVM :4..7 LOC : cell://cs.jhu.edu Tony? CID 1..3 CID 2..9 CID 9..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com Tony Andy’s Anthony 5/15/2019 FCS 2002

18 Cycles Alice Anthony Tony’s Bob? Andy Tony CID : 1..3 CVM :5..7
LOC : cell://cs.jhu.edu Tony’s Bob? CID 1..3 Anthony Alice’s Tony CID 2..9 Andy CID : 2..9 CVM :5..5 LOC : cell://starwars.com CID 9..9 Tony Andy’s Anthony 5/15/2019 FCS 2002

19 Cycle Detection Sketch
A cycle exists Same local name expansion entry encountered twice Solution: Keep track of the path Raise an exception if the same name encountered twice 5/15/2019 FCS 2002

20 Security Policy Each cell holds a security policy table, SPT.
Each policy is a 5-tuple. subject resource access right hook deleg bit owner unit Bob thiscell connector1 connect NULL Group1 service1 invoke 1 Alice Tim h 5/15/2019 FCS 2002

21 Subjects, Resources, Access Rights
Cells and a group of cells Local names, extended names, cell references Resources Services, connectors, operations Partial order relations among them Access rights Connect and invoke Application level protection: meaningful services and meaningful connections. 5/15/2019 FCS 2002

22 Hooks Designed for fine-grained access control
Protect a naming lookup entry: lookup(“Tony”) Protect a specific file: read(“abc.txt”) Associated with operations Operation parameters verified via a predicate Predicate checked when the associated operation is triggered Example: Hooklookup(arg1) = { arg1=“Tony” } Skippable 5/15/2019 FCS 2002

23 SDSI/SPKI Delegation “Access Granted” AuthC1 AuthC1 AuthC3 AuthC1
1..1 AuthC3 AuthC1 “Access Granted” ID 3..3 AuthC1 AuthC3 AuthC1 ID 5..5 5/15/2019 FCS 2002

24 Cell Delegation Implements SDSI/SPKI delegation
Each cell holds all certificates (both delegation and revocation) in a certificate store. Security policy table supports delegation The owner of the resource might not be thiscell The delegation bit indicating whether certificates can be further delegated Certificates are implicitly passed for delegation chain detection No need for manual user intervention Modified to say “certs passed” rather then the whole store being passed. 5/15/2019 FCS 2002

25 Goals Revisited Simplicity Generality Interoperability Extensibility
No complex algorithms/data structures Clearly defined principals and resources Generality Not just cells, but components in general Not limited to certain applications Interoperability Built on SDSI/SPKI standard Communicate with any infrastructure that supports SDSI/SPKI Extensibility Consideration for future additions: mobility, etc 5/15/2019 FCS 2002

26 Future Work Security for Mobile Components
Cells can migrate Mobile devices, PDAs Hierarchical Security Policy Interoperability 5/15/2019 FCS 2002

27 jcells.org 5/15/2019 FCS 2002

28 Dynamic Component Components are named, addressable entities, running at a particular location. Components have interfaces which can be invoked. Components may be distributed across the network 5/15/2019 FCS 2002

29 Summary Security infrastructure in a component programming language
Cell identity and CVM identity (president cell) Naming lookup table/interface More expressive lookup algorithm and cycle detection Fine-grained access control Unification of security artifacts and programming language ones Formalization of SDSI/SPKI API from programming language perspective 5/15/2019 FCS 2002

30 Traditional Security Model
allow request from alice.jhu.edu Comp1 Resource alice bob jhu.edu Comp2 5/15/2019 FCS 2002

31 …Fails for Mobile Devices
allow request from alice.jhu.edu Comp1 Resource alice Comp2 bob jhu.edu hotel.com 5/15/2019 FCS 2002

32 Cell Security Infrastructure
allow request from CVM with CID Cell1 (CID: ) ResourceCVM CID: Cell2 (CID: ) jhu.edu aliceCVM CID: bobCVM CID: 5/15/2019 FCS 2002

33 …Adapts Well with Mobile Devices
allow request from CVM with CID Cell1 (CID: ) ResourceCVM CID: Cell2 (CID: ) jhu.edu bobCVM CID: aliceCVM CID: hotel.com 5/15/2019 FCS 2002

34 Extended Name An extended name is a sequence of local names [n1, n2, …, nk], where each ni+1 is a local name defined in the name space of the cell ni. 5/15/2019 FCS 2002

35 Example: Traditional Security Model
allow request from alice.jhu.edu Comp1 Resource alice bob jhu.edu Comp2 5/15/2019 FCS 2002

36 …Fails in Cell Migration
allow request from alice.jhu.edu Comp1 Resource Comp2 alice bob jhu.edu 5/15/2019 FCS 2002

37 Example: Cell Security Infrastructure
allow request from cell with CID Cell1 (CID: ) Resource Cell2 (CID: ) alice bob jhu.edu 5/15/2019 FCS 2002

38 …Adapts Well in Cell Migration
allow request from cell with CID Cell1 (CID: ) Resource Cell2 (CID: ) alice bob jhu.edu 5/15/2019 FCS 2002

Download ppt "A Component Security Infrastructure"

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.

Chapter 6 User Protections in OS. csci5233 computer security & integrity (Chap. 6) 2 Outline User-level protections 1.Memory protection 2.Control of access.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.

CS-550 (M.Soneru): Protection and Security - 1 [SaS] 1 Protection and Security.
NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.

NFS. The Sun Network File System (NFS) An implementation and a specification of a software system for accessing remote files across LANs. The implementation.
Security Management.

Security Management.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
Protection.

Protection.
Common Devices Used In Computer Networks

Common Devices Used In Computer Networks
Java Security Pingping Ma Nov 2 nd, 2006. Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Similar presentations

Ads by Google