Presentation is loading. Please wait.

Presentation is loading. Please wait.

RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University"— Presentation transcript:

1

2 RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University stamp@cs.sjsu.edu Amit Mathur Symantec Corporation Suneuy Kim Dept. of Computer Science San Jose State University

3 RBAC and JXTA 2 Game Plan  Role based access control (RBAC)  Peer-to-peer (P2P) and JXTA  RBAC for a P2P network (in JXTA)  Secure?

4 RBAC and JXTA 3 What is Access Control?  Authentication o Who goes there?  Authorization/Access control o Are you allowed to do that? o User already has access to system o Restrictions placed on user  For example, “rwx” in Unix o Usually enforced by the operating system

5 RBAC and JXTA 4 What is RBAC?  In RBAC o Access determined by specified roles o Users assigned to roles  Good when user base changes o Roles are relatively stable  RBAC eases administrative burden o Main advantage of RBAC

6 RBAC and JXTA 5 RBAC  RBAC compatible with OO techniques o Access to resource  access to object method o Role  interface, where interface is set of methods that provide capability  RBAC provides separation of duties o Least privilege, etc.  Many applications have clear roles

7 RBAC and JXTA 6 What is P2P?  In contrast to client-server  P2P peers can act as clients and servers o Peers directly exchange data o Highly scalable o Different ways for peers to discover the data  Access control in P2P? o No “operating system” o No central authority to enforce access control o This could be a problem…

8 RBAC and JXTA 7 What is JXTA?  JXTA (short for “Juxtapose”) is open source P2P standard proposed by Sun o Takes care of the P2P “plumbing”  Usable, but has not really caught on (yet?)

9 RBAC and JXTA 8 RBAC for P2P?  How can that be?  No central authority!  Consider content distribution problem o Producer --- create digital content o Distributor --- gets content from producer to sell to consumer o Consumer --- purchase content  Seems like a sensible P2P application o And three obvious roles

10 RBAC and JXTA 9 JXTA Implementation  We implemented a generic RBAC system  Access to resource == access to a (remote) method via a “peer pipe”  Use XML files to configure peers  Every peer can o Request method execution on remote peer or locally (client) o Provide access to its methods (server)

11 RBAC and JXTA 10 JXTA Implementation  All peers have same role definition files at start  Each peer in one role at a time  A peer cannot change roles o Not as bad as it sounds  Peers must agree on role config and peer-to-role mapping

12 RBAC and JXTA 11 JXTA Implementation  Peers start and each is given a name  Initialize each peer using XML files o Peer-to-role mapping and role definitions  Suppose Peer 1 makes request of Peer 2 o Peer 1 sends its XML files to Peer 2 o Peer 2 checks that its XML files agree o Peer 2 verifies Peer 1’s role and its own role  If all is OK, Peer 2 executes requested method and returns result to Peer 1

13 RBAC and JXTA 12 JXTA Implementation  For any specific application… o Developer must define application-specific methods o But no need to deal with RBAC issues  Attacks? o Peer 1 lies about its role to Peer 2  Requires cooperation of Peer 1 and Peer 2 o Peer 1 lies to itself  Cannot prevent a peer from “attacking” itself

14 RBAC and JXTA 13 Bottom Line  RBAC in P2P network o Seems to make sense o Simple but useful approach o Implemented in JXTA o Developer only needs to develop application- specific code (not RBAC)  As secure as could be expected o Given inherent limitations of P2P environment

Download ppt "RBAC and JXTA 1 Role Based Access Control and the JXTA P2P Framework Mark Stamp Dept. of Computer Science San Jose State University"

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 12 Slide 1 Distributed Systems Design 2.
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.

Chorus Vs Unix Operating Systems Overview Introduction Design Principles Programmer Interface User Interface Process Management Memory Management File.
Security+ Guide to Network Security Fundamentals, Fourth Edition

Security+ Guide to Network Security Fundamentals, Fourth Edition
Access Control Intro, DAC and MAC System Security.

Access Control Intro, DAC and MAC System Security.
JXTA P2P Platform Denny Chen Dai CMPT 771, Spring 08.

JXTA P2P Platform Denny Chen Dai CMPT 771, Spring 08.
6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Distributed Computing in Kepler Ilkay Altintas Lead, Scientific Workflow Automation Technologies.

6th Biennial Ptolemy Miniconference Berkeley, CA May 12, 2005 Distributed Computing in Kepler Ilkay Altintas Lead, Scientific Workflow Automation Technologies.
Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p Framework Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p.

Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p Framework Supporting Mobile Sensors and Typed Data Exchange Through the JXTA p2p.
Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)

Basic Computer Networks Configurations (cont.) School of Business Eastern Illinois University © Abdou Illia, Spring 2006 Week 2, Thursday 1/19/2006)
1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.

1 Client-Server versus P2P  Client-server Computing  Purpose, definition, characteristics  Relationship to the GRID  Research issues  P2P Computing.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols Network Fundamentals – Chapter.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.

ADVANCED LINUX SECURITY. Abstract : Using mandatory access control greatly increases the security of an operating system. SELinux, which is an implementation.
Connecting To A Remote Computer Via ‘Remote Desktop Web Connection’ Compatible With ‘Most Any’ Computer.

Connecting To A Remote Computer Via ‘Remote Desktop Web Connection’ Compatible With ‘Most Any’ Computer.

Similar presentations

Ads by Google