Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Published bySheryl Joleen Horn Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security."— Presentation transcript:

1 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security Services

2 2 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

3 Introduction Andrew Stone, Sr. Manager 9 years of security experience Extensive custom design/build experience surrounding security solutions Patents pending on security technologies related to authorization 3 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

4 4 Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

5 5 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Common Application Security Implementations Validate User Is User Authorized? Amount to Withdraw? Enough Funds? Errors? Withdraw Money Method Disburse funds Logging Authentication Authorization Business Logic Error Handling Code Tangling – Simultaneous presence of security elements intertwined with business logic.

6 6 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Deposit Funds Withdraw Funds View Funds Transfer Funds Open New Account Logging Authentication Authorization Sample Banking Application Code Scattering – Security is separated from business logic but code is duplicated within the application and is left to developer to leverage common security services. Common Application Security Implementations (cont’d)

7 Other Application Security Issues Upgrade Complexity – Since security is so woven into the application, it is difficult to implement newer technologies to meet new security requirements. Lower Code Reuse – Security is implemented specifically for each custom application and not reused throughout the enterprise. Disparate Administration – Administration of security policies is handled in each individual custom application. Difficult to Audit for Privileges – Code tangling and code scattering makes it difficult to tie granular privileges to individuals for reporting purposes. Protecting Data Access – Difficult to protect what users or services can access at the data layer level. 7 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

8 Modular and Reusable Security Services 8 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Logging Authorization Deposit Funds Withdraw Funds View Funds Transfer Funds Open New Account Authentication Security components needs to be modular, reusable and encase the entire application in an object-oriented manner.

9 9 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

10 Common Security Services Overview 10 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. A Common Security Services (CSS) for custom applications establishes a flexible security model that is segregated from the business logic.

11 CSS Sequence Diagram 11 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. The diagram below explains how authentication, authorization and auditing is managed by a CSS infrastructure throughout the web, application and data layers.

12 Authentication and Authorization (AA) Framework 12 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. 4 components govern how requesters authenticate and obtain authorization to a protected resource.

13 Component Architecture of the AA Framework 13 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. The AA Framework revolves around an authorization engine in the PDP, caching capabilities and leveraging external data stores for deriving runtime decisions.

14 Implementation of AA Framework 14 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. The AA Framework can be implemented across a 3-tier architecture for users and application services.

15 15 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

16 CSS Functionalities 16 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Functionalities provided by the various technical services in the Common Security Services model.

17 Authentication Services 17 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. CSS can abstract authentication providers and integrate with common providers like SiteMinder or LDAP Directory.

18 Authorization Services 18 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. CSS will leverage an entitlements server that holds the authorization engine to derive access decisions.

19 Administration Service 19 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. The administration service will provide workflow capabilities and manage the attributes, identities and roles required by the authorization engine in the entitlements server.

20 20 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

21 Leveraging AOP as a PEP 21 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Aspect Oriented Programming (AOP) acts as a PEP by intercepting business logic that requires secure processing. The interception events can be executed before or after the execution of the business logic.

22 Aspect Oriented Programming 22 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Compiler Aspect Compiler Weaver Rules Source Code Aspects Source Code with Aspects Binary Code

23 Benefits of AOP with Security Completely segregate business logic from security logic providing a level of abstraction Higher modularization of security components for portability and re-use Complements the implementation of a Common Security Services layer by “weaving” in security policies and decisions from an external source 23 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

24 24 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Introduction Application Security Issues Common Security Services (CSS) Overview AAAA Services Leveraging Aspect Oriented Programming Benefits of CSS Questions Agenda

25 Benefits of CSS Architecture Extensibility of security infrastructure to meet future requirements Centralized security administration Reduced development costs Portability and modularity of security components Consistency of security policies across all custom applications Ability to perform upgrades without affecting custom application functionalities Enhanced reporting and auditing capabilities 25 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

26 Questions? 26 Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture.

Download ppt "Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security."

Similar presentations

3 Copyright © 2005, Oracle. All rights reserved. Designing J2EE Applications.

3 Copyright © 2005, Oracle. All rights reserved. Designing J2EE Applications.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Chapter 13 Review Questions

Chapter 13 Review Questions
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 32 Slide 1 Aspect-oriented Software Development.
A Successful RHIO Implementation

A Successful RHIO Implementation
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE www.visible.com Holistic View of the Enterprise Business Development Operations.

© 2004 Visible Systems Corporation. All rights reserved. 1 (800) 6VISIBLE Holistic View of the Enterprise Business Development Operations.
Enterprise development reference architecture (EDRA) -Deepti Seelamsetti.

Enterprise development reference architecture (EDRA) -Deepti Seelamsetti.
8.

8.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.

Building Enterprise Applications Using Visual Studio ®.NET Enterprise Architect.
2 Object-Oriented Analysis and Design with the Unified Process Objectives  Explain how statecharts can be used to describe system behaviors  Use statecharts.

2 Object-Oriented Analysis and Design with the Unified Process Objectives  Explain how statecharts can be used to describe system behaviors  Use statecharts.
Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Ravi Sankar Technology Evangelist | Microsoft Corporation

Ravi Sankar Technology Evangelist | Microsoft Corporation
SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.

SOA – Development Organization Yogish Pai. 2 IT organization are structured to meet the business needs LOB-IT Aligned to a particular business unit for.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices

“Behind the Scenes” of the Enterprise Development Reference Architecture (EDRA) Jonathan Wanagel Microsoft patterns & practices

Similar presentations

Ads by Google