Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005."— Presentation transcript:

1 Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005

2 Proprietary and Confidential Exigen Properties, Inc. 2 Access Control in Enterprise Applications Serves as façade for external authentication, single sign on, naming and identity services, user directories Managing access control is the key requirement, role based model (RBAC) is natural choice Multiple points for permissions checks – user interface, middleware, data access Data Filtering Based on access control policy Conditional and domain-related policies are common “Only dedicated agents may access sensitive accounts”

3 Proprietary and Confidential Exigen Properties, Inc. 3 The Focus is The Model… Application is Modeled as a set of related UML Models Specific UML Profiles used to model different aspects of the system, including Access Control Application code is generated from set of related UML models using MDA approach Access control is checked in the points, auto- generated in the code according to Access Control Model Security Policy Administration Model drives the implementation of administration capabilities

4 Proprietary and Confidential Exigen Properties, Inc. 4 Model Driven Architecture Approach

5 Proprietary and Confidential Exigen Properties, Inc. 5 MDA is between "What?" and "How?" What is … ? Protected Resource Data Access Constraint Policy Management Model Administered Object Organizational Structure Audit Event Actionable Notification How to … ? Enforce Security Policy Filter Data Control Data Access Manage Policy Administer Users Generate Events Record and Monitor Events Generate Notifications

6 Proprietary and Confidential Exigen Properties, Inc. 6 “What is … ?” is Specified by Models

7 Proprietary and Confidential Exigen Properties, Inc. 7 “How to … ?” Is Specified by Transformations

8 Proprietary and Confidential Exigen Properties, Inc. 8 Access Control Transformation

9 Proprietary and Confidential Exigen Properties, Inc. 9 Security Policy Administration Model

10 Proprietary and Confidential Exigen Properties, Inc. 10 Security Administration Console

11 Proprietary and Confidential Exigen Properties, Inc. 11 Working Togerther at Runtime

12 Proprietary and Confidential Exigen Properties, Inc. 12 Where we are? Permission checks are generated in the application code Data filtering is generated, interface for filters implementation is generated Security policy applied uniformly to the application and security administration console User interface for security administration is based on the model

13 Proprietary and Confidential Exigen Properties, Inc. 13 Lessons Learned + Developers of vertical solutions do not implement security related code + Model provides good visibility and reduces perceivable complexity + Policy applied uniformly to multiple tiers of application - “Hello World” application is close to impossible - Code generation takes time - Generated code looks bad - hard to debug - Extra artifacts in development

14 Proprietary and Confidential Exigen Properties, Inc. 14 What is Next? XACML policy generation Code generation for security administration console Developing model transformations as models Defining meta-models as formal languages Formal proof of model correctness Unit tests generation

Download ppt "Model-Driven Design and Administration of Access Control in Enterprise Applications April 2005."

Similar presentations

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.

Pennsylvania Banner Users Group 2008 Fall Conference Campus Identity Management in a Banner World.
Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.

Page 1 Copyright © 2010 Data Access Technologies, Inc. Model Driven Solutions May 2009 Cory Casanave Architecture of Services SOA for E-Government Conference.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.
Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.

Copyright © 2008 Accenture All Rights Reserved. Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Andrew Stone Common Security.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
Security Controls – What Works

Security Controls – What Works
Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise

1 Secure Information Sharing Manager (SIS-M) Thesis 2007 Stephen D. Wise
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
Peter Deutsch Director, I&IT Systems July 12, 2005

Peter Deutsch Director, I&IT Systems July 12, 2005
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

Similar presentations

Ads by Google