Presentation is loading. Please wait.

Presentation is loading. Please wait.

Quality of Protection (QoP) An approach that separates the development of security services from the application development partitions security services.

Published byTrevor Horn Modified over 9 years ago

Similar presentations

Presentation on theme: "Quality of Protection (QoP) An approach that separates the development of security services from the application development partitions security services."— Presentation transcript:

1 Quality of Protection (QoP) An approach that separates the development of security services from the application development partitions security services into different security levels so that appropriate security services are deployed to best trade of the needs of security and performance preferences. allows application developers to seamlessly integrate tunable security services with their application.

2 QoP Model Extension of existing QoS models Define security operations that check the access privileges via authentication, authorization and other access control operations ensure the integrity, copyright, confidentiality of data via encryption, watermarking and other security operations at the source and other important security points adjust security levels according to the security requirements.

3 QoP Model (Authentication Phase) our QoP model considers the user authentication operation during the setup phase a feedback edge to indicate that a proper response from the user is required

4 QoP Model (Transmission Phase) data encryption operation during the transmission phase example of a VoD application

5 QoP Model (Transmission Phase) Each pair of security points carries QoP meta-data that represent a set of QoP attributes to determine the needed security services for that segment of data transmission path. Security points act as decision engines that decide the most suitable QoP level of security to be executed and thus forward them to the appropriate security operation tasks

6 QoP Meta Data Defined in terms of: Security services to be performed (authentication/encryption) QoP parameters for required security levels (keylength, etc) Reward profile for each security specification (low, medium, high)

7 QoP Architecture I The Application QoS Specifier obtains the desired QoS parameters from the application. The QoP Specifier determines the QoP parameters. The resource manager obtains the specified QoP and QoS parameters and determines the set of values that will be feasible given the available resources.

8 QoP Architecture II The QoP customizer defines additional application specific rules and limitations, such as requiring QoS to have a higher priority over QoP. The QoP Service Coordinator extracts the security requirements from the QoP meta file and relays the information to the various security points. The QoP-enabling entity is composite component that provides the core set of QoP services such as authentication and encryption to the applications. CryptLib is a cryptographic library to provide key generation, encryption and decryption functions.

9 QoP Architecture III QoP service components such as the Authenticator and Secure Sockets are built on top of CryptLib. The Authenticator is responsible for authentication services. The SecureSockets simulates security points and is responsible for data encryption services specified in its security attributes. Communications between the QoP-enabling entities are governed by security protocols. The system can be easily upgraded with the latest cryptographic standards by changing CryptLib only.

10 QoP Component Communication Protocol QoP easily provided by including the QoP- enabling entity as a middleware component in the applications. Middleware components manage all the QoP communications without interfering with other parts of the application.

11 Implementation on Mobile Multimedia Player Denote security points; colors reflect different QoP requirements for different application component

12 QoP-enabled Mobile Multimedia Player MPEG Video and audio are streamed to the desktop player. Bitmap video and decoded-MP3 audio are streamed to the handheld device The desktop player selects a “high” level of security that uses signature authentication and AES data encryption with a 256bits key. The handheld player selects a “low” level of security that uses password authentication and no data encryption. This allows the handheld player to maintain the audio and video playback quality. As the data stream is handoff-ed from one device to another, the security level for each device is preserved.

Download ppt "Quality of Protection (QoP) An approach that separates the development of security services from the application development partitions security services."

Similar presentations

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.

Computer Systems & Architecture Lesson 2 4. Achieving Qualities.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1.

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.

Chapter 17 Networking Patricia Roy Manatee Community College, Venice, FL ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William.
H. 323 Chapter 4.

H. 323 Chapter 4.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Context Awareness System and Service SCENE 2011.05.07 JS Lee 1 An Energy-Aware Framework for Dynamic Software Management in Mobile Computing Systems.

Context Awareness System and Service SCENE JS Lee 1 An Energy-Aware Framework for Dynamic Software Management in Mobile Computing Systems.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.

Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.

ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Data and Computer Communications

Data and Computer Communications
Copy Protection for DVD Video Aline Martin ECE 738 Project – Spring 2005 J.Bloom, I.Cox,T.Kalker,J.P.Linnartz,M.Miller, and C.B.S.Traw.

Copy Protection for DVD Video Aline Martin ECE 738 Project – Spring 2005 J.Bloom, I.Cox,T.Kalker,J.P.Linnartz,M.Miller, and C.B.S.Traw.
InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.
Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Chapter 3 Mohammad Fozlul Haque Bhuiyan Assistant Professor CITI Jahangirnagar University.

Similar presentations

Ads by Google