Presentation is loading. Please wait.

Presentation is loading. Please wait.

SoBeNeT Project DistriNet status report Bart De Win Wouter Joosen Frank Piessens June 25, 2004.

Published bySherman Lambert Modified over 9 years ago

Similar presentations

Presentation on theme: "SoBeNeT Project DistriNet status report Bart De Win Wouter Joosen Frank Piessens June 25, 2004."— Presentation transcript:

1 SoBeNeT Project DistriNet status report Bart De Win Wouter Joosen Frank Piessens June 25, 2004

2 SoBeNeT - DistriNet status reportBart De Win 2 DistriNet research group Open, distributed object support platforms for advanced applications Task forces: –Networking –Multi-agent systems –Embedded systems –Language technology and middleware –Security

3 SoBeNeT - DistriNet status reportBart De Win 3 Project involvement Tracks –Track 1: programming and composition –Track 2: software engineering Members –Wouter Joosen, Frank Piessens, Pierre Verbaeten, Bart De Win, Eddy Truyen, Tine Verhanneman, Lieven Desmet, Bart Jacobs, Bert Lagaisse, Liesje Demuynck, Yves Younan

4 SoBeNeT - DistriNet status reportBart De Win 4 Current activities: track 1 Security vulnerabilities –Programming language, architecture, classification Case Studies –CRM, e-banking, e-health Solution techniques –Inventory: ACM survey paper –Programming language: C(++), Java, Spec# Complex composition –Doctoral work (Bart, Eddy, Tine)

5 SoBeNeT - DistriNet status reportBart De Win 5 Current activities: track 2 Security requirements –Functional vs. technological vs. quality Technology study –CC, STRIDE, CMM, ISO17799, … ECOOP tutorial (TS1)

6 Engineering application-level security through AOSD Highlights of a Ph.D. dissertation

7 SoBeNeT - DistriNet status reportBart De Win 7 Security is Pervasive Application-level security is crosscutting in location /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. */ public void engineReset(){ count = 0 ; state[0] = 0x67452301 ; state[1] = 0xefcdab89 ; state[2] = 0x98badcfe ; state[3] = 0x10325476 ; } /** Method to add a byte to the current message. *@param input : the byte to append to the current message. */ public void engineUpdate(byte input){ //append byte to currentBlock currentBlock[(int)(count & 63)] = input ; //count&63 = count%64 //if currentBlock full => process if ((int)(count & 63) == 63){ //whole block => process MD5Transform() ; } //and update internal state (count) count++ ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@return returns the message digest in a bytearray. */ public byte[] engineDigest(){ //calculate correct number of bits in total message long origMsgCount = count << 3 ; //append padding bits engineUpdate((byte)128) ; // append byte "10000000" while (((int)(count & 63)) != 56){ engineUpdate((byte)0) ; //append byte 0 until 56 mod 64 } //append length (big endian) int[] cnt = new int[2] ; cnt[0] = (int) (origMsgCount & 0xffffffff) ; cnt[1] = (int) (origMsgCount >> 32) ; intToByte(currentBlock, 56, cnt, 0, 8) ; //process last block MD5Transform() ; //return digest byte[] result = new byte[16] ; intToByte(result, 0, state, 0, 16) ; //reset the engine for JCA compatibility engineReset() ; return result ; } /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@param buf : the byte array in which the digest is put. *@param offset : the offset from where the digest is put in the bytearray. *@param len : the length of free space in the bytearray. *@return returns the length of the messagedigest. */ public int engineDigest(byte[] buf, int offset, int len) throws DigestException { //if not enough space in buf, return if (len < 16) throw new DigestException("Buffer too small.") ; //calculate digest, copy into buf and return byte[] result = engineDigest() ; System.arraycopy(result, 0, buf, offset, result.length) ; return result.length ; } /* Method to get the length of a digest. } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i, int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); }

8 SoBeNeT - DistriNet status reportBart De Win 8 /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. */ public void engineReset(){ count = 0 ; state[0] = 0x67452301 ; state[1] = 0xefcdab89 ; state[2] = 0x98badcfe ; state[3] = 0x10325476 ; } /** Method to add a byte to the current message. *@param input : the byte to append to the current message. */ public void engineUpdate(byte input){ //append byte to currentBlock currentBlock[(int)(count & 63)] = input ; //count&63 = count%64 //if currentBlock full => process if ((int)(count & 63) == 63){ //whole block => process MD5Transform() ; } //and update internal state (count) count++ ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i, int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i, int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i, int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5 }tch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + digest.update(args[0].getBytes()) ; System.out.println("Input : " + digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16 System.out.println("Digest : " formatBin2Hex(digest.digest(), 1formatBin2Hex(digest.digest(), 16 formatBin2Hex(digest.digest(), 16 int m = ( n % s1 ); } Security is Pervasive (ctd.) Application-level security is crosscutting in structure Security Attributes SubjectObject Security Attributes Role ID Non-Security Attributes Age Time Non-Security Attributes Location Action ID Domain

9 SoBeNeT - DistriNet status reportBart De Win 9 Security is Evolving Security of a system is often implemented once and for all Unanticipated risks and changes –Threat analysis incomplete –Change in environment System Security policy (company, law, …)

10 SoBeNeT - DistriNet status reportBart De Win 10 Our research Optimization of the modularization of application-level security using Aspect-Oriented Software Development Rationale Address identified problems (pervasiveness, evolution) Applicability claimed [Filman98, Devanbu00, Suvee03, …] Challenges Security binding Complex requirements Flexibility and reuse /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ */ public void engineReset(){ count = 0 ; } /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@return returns the message digest in a bytearray. */ public byte[] engineDigest(){ //calculate correct number of bits in total message digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ long origMsgCount = count << 3 ; //append padding bits engineUpdate((byte)128) ; // append byte "10000000" while (((int)(count & 63)) != 56){ engineUpdate((byte)0) ; //append byte 0 until 56 mod 64 } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } Security Attributes SubjectObject Security Attributes Role ID Non-Security Attributes Age Time Non-Security Attributes Location Action ID Domain Security Binding

11 SoBeNeT - DistriNet status reportBart De Win 11 Two approaches Interception-based AOSD –Intercept application execution events and execute extra behavior on these events –Application modules are not modified Weaving-based AOSD –Language-based approach –Application modules are modified

12 SoBeNeT - DistriNet status reportBart De Win 12 Basic Access Control in AspectJ Aspect Authorization { pointcut checkedMethods(): execution(* Account.withdraw(..)) ; Object around() throws Exception: checkedMethods() { Subject subj = null ; try { subj = ; boolean allowed = ; if (allowed) {return proceed ; } else {throw new AccessControlException(“Access denied”) ; } } catch(RuntimeException e){…} } Security mechanism Security binding

13 SoBeNeT - DistriNet status reportBart De Win 13 Evaluation InterceptionWeavingTraditional OO paradigm- 00 abstraction0+ initialization+ - + input/output0++ dependencies0++ interaction0+ state- 0+ superimposition+ +- adaptation- - intrusiveness0+ - merging0-- ordering- 0- distribution0- 0 + + good support + 0 basic support - - - no support

14 SoBeNeT - DistriNet status reportBart De Win 14 Impact on Security

15 SoBeNeT - DistriNet status reportBart De Win 15 Secure Software Development Process

Download ppt "SoBeNeT Project DistriNet status report Bart De Win Wouter Joosen Frank Piessens June 25, 2004."

Similar presentations

Formal Language, chapter 4, slide 1Copyright © 2007 by Adam Webber Chapter Four: DFA Applications.

Formal Language, chapter 4, slide 1Copyright © 2007 by Adam Webber Chapter Four: DFA Applications.
Software Engineering Implementation Lecture 3 ASPI8-4 Anders P. Ravn, Feb 2004.

Software Engineering Implementation Lecture 3 ASPI8-4 Anders P. Ravn, Feb 2004.
Programming Languages and Paradigms

Programming Languages and Paradigms
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)

Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.

Aspect Oriented Programming. AOP Contents 1 Overview 2 Terminology 3 The Problem 4 The Solution 4 Join point models 5 Implementation 6 Terminology Review.
Decorator Pattern Applied to I/O stream classes. Design Principle Classes should be open for extension, but closed for modification –Apply the principle.

Decorator Pattern Applied to I/O stream classes. Design Principle Classes should be open for extension, but closed for modification –Apply the principle.
Lecture 27 Exceptions COMP1681 / SE15 Introduction to Programming.

Lecture 27 Exceptions COMP1681 / SE15 Introduction to Programming.
Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.

Reseach in DistriNet (department of computer science, K.U.Leuven) General overview and focus on embedded systems task-force.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
The DiPS+ software architecture for self-healing protocol stacks Sam Michiels, Lieven Desmet, Wouter Joosen and Pierre Verbaeten.

The DiPS+ software architecture for self-healing protocol stacks Sam Michiels, Lieven Desmet, Wouter Joosen and Pierre Verbaeten.
Portable Support for Transparent Thread Migration in Java Eddy Truyen, Bert Robben, Bart Vanhaute, Tim Coninx, Wouter Jousen and Pierre Verbaeten Department.

Portable Support for Transparent Thread Migration in Java Eddy Truyen, Bert Robben, Bart Vanhaute, Tim Coninx, Wouter Jousen and Pierre Verbaeten Department.
Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.

Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.
Aspect-Oriented Software Development (AOSD) Tutorial #8 Composition Filters.

Aspect-Oriented Software Development (AOSD) Tutorial #8 Composition Filters.
Aspect-Oriented Software Development (AOSD) Tutorial #2 AspectJ Basics.

Aspect-Oriented Software Development (AOSD) Tutorial #2 AspectJ Basics.
SOS OOP Fall 2001 Object Oriented Programming in Java Week 1 Read a design Design a small program Extract a design Run a VAJ program Change that program,

SOS OOP Fall 2001 Object Oriented Programming in Java Week 1 Read a design Design a small program Extract a design Run a VAJ program Change that program,
Aspect-Oriented Software Development (AOSD) Tutorial #3 AspectJ - continued.

Aspect-Oriented Software Development (AOSD) Tutorial #3 AspectJ - continued.
Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.

Java Exceptions. Intro to Exceptions  What are exceptions? –Events that occur during the execution of a program that interrupt the normal flow of control.
1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.

1 Model Interface Implementation for Two-Way Obliviousness in Aspect-Oriented Modeling Presented by Wuliang Sun Department of Computer Science Baylor University.
A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich 15-819: Objects and Aspects Carnegie Mellon University.

A Formal Model of Modularity in Aspect-Oriented Programming Jonathan Aldrich : Objects and Aspects Carnegie Mellon University.
CS2110 Recitation Week 8. Hashing Hashing: An implementation of a set. It provides O(1) expected time for set operations Set operations Make the set empty.

CS2110 Recitation Week 8. Hashing Hashing: An implementation of a set. It provides O(1) expected time for set operations Set operations Make the set empty.

Similar presentations

Ads by Google