Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Systems Research Group - FAU Secure Pipes & Filters Pattern.

Published byYesenia Crookham Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Systems Research Group - FAU Secure Pipes & Filters Pattern."— Presentation transcript:

1 Secure Systems Research Group - FAU Secure Pipes & Filters Pattern

2 Secure Systems Research Group - FAU Pre requisites Pipes & Filters: Provides a structure for system that process a stream of data RBAC: Assign rights to users according to their roles in an institution.

3 Secure Systems Research Group - FAU Intro The Secure Pipes and Filters pattern provides secure handling of data streams. Each processing step applies some data transformation or filtering. The rights to perform the filtering and the movement of data are controlled.

4 Secure Systems Research Group - FAU Example Law Firm

5 Secure Systems Research Group - FAU Context Processing data streams in different stages, with different levels of responsibility and rights, used to control who can perform data transformations.

6 Secure Systems Research Group - FAU Problem Different stages are needed before data reaches the final stage, this happens for several reasons: every component performs specialized functions over the data, the global architecture or hierarchical organization requires this flow and this approach makes the system more flexible. Every time the data reach a different stage, exclusive functions are applied. In the previous example the secretary can create the legal document, but privileges such as inserting legal advisory or signing the document are restricted to her level. In this kind of system, we may need the flexibility to reorder the steps of the process or change the processing steps. In the example above a new lawyer may be assigned to the case, but the responsibilities and privileges should remain intact.

7 Secure Systems Research Group - FAU Problem The design of the system has to consider the following forces: The information can go in either direction in the system. Filtering can be applied in each case. The system needs to assign privileges according to each stage of processing and roles involved. We might require using signatures or authentication between stages. The right to reconfigure the stages within the data flow must be controlled

8 Secure Systems Research Group - FAU Solution The Secure Pipes and filters pattern provides a secure way to divide the processing of data to different sequential stages or steps. The exchange of information between stages is secured. In the figure below we can observe one approach to add security, implementing RBAC.

9 Secure Systems Research Group - FAU Solution Class Diagram op1 op2 Filter i op1 op2 Right op1 Right op1 op2 op3 Filter j op1 op2 Right Pipeline i configure Right Authentication Information « role » Role2 « role » Role1 « role » Role4 check 1 1 Authentication Information check 1 1 « role » Role3

10 Secure Systems Research Group - FAU Dynamics Sequence Diagram :Subject :RefMonitor:Right :Filter i:Data Source:Data Sink data checkRights request_op1 decision request_op1 read op1 write

11 Secure Systems Research Group - FAU Example Resolved Class Diagram Document Creation Right read Right read write sign Right Pipeline i configure Right Authentication Information « role » Secretary « role » Assistant Lawyer « role » Principal Lawyer check 1 1 Authentication Information check 1 1 « role » Administrator Document Registration read write sign read addTemplate write read addTemplate write

12 Secure Systems Research Group - FAU Known Uses XML Pipeline Definition Language (XPL) Role-Based Trust-Management Markup Language (RTML) xoRBAC SeMoA

13 Secure Systems Research Group - FAU Consequences The use of this pattern yields to the following benefits: The system assigns privileges according to each stage of processing. The use of operations over the data, is now restricted with the implementation of either RBAC or Access Matrix models. The use of encryption between stages is possible, adding the possibilities of secure messages and digital signatures. The Administrator role controls the reconfiguration of stages. Applying this pattern imposes the following liabilities: The general performance of the system worsens due to the overhead of the security checks.

14 Secure Systems Research Group - FAU References [Bus96]F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, M. Stal. Pattern-Oriented Software Architecture: A System of Patterns, Volume 1, West Sussex, England: John Wiley & Sons, 1996. [Fer01a]E. B. Fernandez and R. Pan,“ A Pattern Language for security models”, Procs. of the 8th Annual Conference on Pattern Languages of Programs (PLoP 2001), 11-15 September 2001, Allerton Park Monticello, Illinois, USA, 2001. Also available from: http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions [Sch06]M. Schumacher, E.B.Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, West Sussex, England: John Wiley & Sons 2006. [Xpl] http://www.orbeon.com/ops/doc/reference-xpl-pipelineshttp://www.orbeon.com/ops/doc/reference-xpl-pipelines [Rtm] http://xml.coverpages.org/ni2004-04-05-a.htmlhttp://xml.coverpages.org/ni2004-04-05-a.html [Xor] http://wi.wu-wien.ac.at/home/mark/xoRBAC/index.htmlhttp://wi.wu-wien.ac.at/home/mark/xoRBAC/index.html [Sem] http://www.semoa.org/docs/features.htmlhttp://www.semoa.org/docs/features.html

Download ppt "Secure Systems Research Group - FAU Secure Pipes & Filters Pattern."

Similar presentations

3SKey 3SKey.

3SKey 3SKey.
Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.
Broker Pattern Pattern-Oriented Software Architecture (POSA 1)

Broker Pattern Pattern-Oriented Software Architecture (POSA 1)
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.

Lecturer: Sebastian Coope Ashton Building, Room G.18 COMP 201 web-page: Lecture.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
December 9, 2001Architectural Design, ECEN 50331 Architecture – Layers, in particular ECEN 5543 / CSCI 5548 SW Eng of Standalone Programs University of.

December 9, 2001Architectural Design, ECEN Architecture – Layers, in particular ECEN 5543 / CSCI 5548 SW Eng of Standalone Programs University of.
University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.

University of Jyväskylä – Department of Mathematical Information Technology Computer Science Teacher Education ICNEE 2004 Topic Case Driven Approach for.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Secure Operating System Architectures Patterns

Secure Operating System Architectures Patterns
SS ZG653Second Semester,2012-13 1 Topic Architectural Patterns Pipe and Filter.

SS ZG653Second Semester, Topic Architectural Patterns Pipe and Filter.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Component-Based Software Engineering (CBSE)

Component-Based Software Engineering (CBSE)
Design Patterns Trends and Case Study John Hurst June 2005.

Design Patterns Trends and Case Study John Hurst June 2005.
Secure Systems Research Group - FAU Security Patterns for Operating Systems by Ed Fernandez and Tami Sorgente.

Secure Systems Research Group - FAU Security Patterns for Operating Systems by Ed Fernandez and Tami Sorgente.
Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,

Patterns for Secure Boot and Secure Storage in Computer Systems By: Hans L¨ohr, Ahmad-Reza Sadeghi, Marcel Winandy Horst G¨ortz Institute for IT Security,
BOB Tech Demo 2003 G2E – Las Vegas. Agenda  Best of Breed – a layering of standards  Standards, messaging, protocols and why you care  From the bottom.

BOB Tech Demo 2003 G2E – Las Vegas. Agenda  Best of Breed – a layering of standards  Standards, messaging, protocols and why you care  From the bottom.

Similar presentations

Ads by Google