Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Trust By Troy Lee. Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural.

Published byLouise Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Trust By Troy Lee. Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural."— Presentation transcript:

1 Security and Trust By Troy Lee

2 Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural Access Control Distributed Security Protection Against Piracy Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

3 Computer Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” – National Institute of Standards and Technology

4 3 Main Aspects Confidentiality (aka Secrecy) Integrity Availability

5 Confidentiality Preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information

6 Cryptography Equations Cipher = Encryption Function(Encryption_Key, ClearText) ClearText = Decryption Function(Decryption_Key, Cipher) 2 Forms Shared-Key Cryptography Public-Key Cryptography Best Practices Evaluate Performance, Architecture, and Security Requirements Choose a Suitable Public Algorithm Use Frequently Changing Keys as the Primary Secrecy Mechanism

7 Integrity Only authorized parties can manipulate the information and do so only in authorized ways

8 Availability Accessible by authorized parties on all appropriate occasions

9 Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation of Privilege Least Common Mechanism Psychological Acceptability Defense in Depth

10

11 Architectural Access Control Access Control Models Connector-Centric Architectural Access Control

12 Access Control Models Classic Discretionary Access Control Role-Based Access Control Mandatory Access Control

13 Connector-Centric Architectural Access Control Basic Concepts Central Role of Architectural Connectors Algorithm to Check Architectural Access Control Integrating Security in ASTER

14 Basic Concepts Subject Principal Resource Permission Privilege Safeguard

15 Central Role of Architectural Connectors Components Connectors Secure Architecture Description Language

16 Secure xADL

17 Algorithm to Check Architectural Access Control

18 Secure Cooperation

19 Firefox

20 Integrating Security in ASTER

21 Distributed Security

22 Protection Against Piracy Goals Raise Cost of Breaking Protection Mechanism Increase Probability of Being Caught Discourage Attempts at Piracy Technologies Hardware and Software Tokens Water Marking Code Partitioning

23 Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

24 Trust “A particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action” – Diego Gambetta

25 Trust Model Describes the trust information that is used to establish trust relationships, how that trust information is obtained, how that trust information is combined to determine trustworthiness, and how that trust information is modified in response to personal and reported experiences

26 Reputation-Based Systems Types Decentralized Centralized Examples Ebay XREP

27 Phase 1 – Resource Searching Phase 2 – Resource Selection and Vote Polling Phase 3 – Vote Evaluation Phase 4 – Best Servent Check Phase 5 – Resource Downloading

28 Phase 1

29 Phase 2

30 Phase 3

31 Phase 4

32 Phase 5

33 Architectural Approach to Decentralized Trust Management Threats Measures to Address Threats Guidelines to Incorporate into an Architectural Style Resultant Architectural Style PACE Architectural Style PACE-Based Trust-Enabled Decentralized File-Sharing App

34 Threats Impersonation Fraudulent Actions Misrepresentation Collusion Denial of Service Addition of Unknowns Deciding Whom to Trust Out-of-Band Knowledge

35 Measures to Address Threats Use of Authentication Separation of Internal Beliefs and Externally Reported Information Making Trust Relationships Explicit Comparable Trust

36 Guidelines to Incorporate into an Architectural Style Digital Identities Separation of Internal and External Data Making Trust Visible Expression of Trust

37 Resultant Architectural Style Functional Units Communication Information Trust Application

38 PACE Architectural Style

39 PACE-Based Trust-Enabled Decentralized File-Sharing App

40 Summary Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural Access Control Protection Against Piracy Trust Management Trust Trust Model Reputation-Based Systems Architectural Approach to Decentralized Trust Management

41 References Bidan, C., and V. Issarny. Security Benefits from Software Architecture. Web. 7 Apr. 2012.. Devanbu, Premkumar T., and Stuart Stubblebine. Software Engineering for Security: A Roadmap. 2000. Web. 7 Apr. 2012.. Nagaratnam, Nataraj, Philippe Janson, John Dayka, Anthony Nadalin, Frank Siebenlist, Von Welch, Ian Foster, and Steve Tuecke. The Security Architecture for Open Grid Services. 17 July 2002. Web. 7 Apr. 2012.. Taylor, Richard N., Nenad Medvidovic, and Eric M. Dashofy. Software Architecture: Foundations, Theory, and Practice. Hoboken, NJ: Wiley, 2010. Print.

Download ppt "Security and Trust By Troy Lee. Overview Security Design Principles Architectural Access Control Access Control Models Connector-centric Architectural."

Similar presentations

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
PACE: An Architectural Style for Trust Management in Decentralized Applications Girish Suryanarayana Justin Erenkrantz Scott Hendrickson.

PACE: An Architectural Style for Trust Management in Decentralized Applications Girish Suryanarayana Justin Erenkrantz Scott Hendrickson.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.
Chapter 1 – Introduction

Chapter 1 – Introduction
1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.

1 Design Principles CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 13, 2004.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (http://cups.cs.cmu.edu/course-guide/)

Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.

January 2011 As a precaution, re-check the exam time in early January. Various rooms are used, your room will be on your personal timetable, available.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture Lecture 21.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.

April 1, 2004ECS 235Slide #1 Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational.
“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)

“Network Security” Introduction. My Introduction Obaid Ullah Owais Khan Obaid Ullah Owais Khan B.E (I.T) – Hamdard University(2003), Karachi B.E (I.T)
Protection and Security An overview of basic principles CS5204 – Operating Systems1.

Protection and Security An overview of basic principles CS5204 – Operating Systems1.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.

Similar presentations

Ads by Google