Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer.

Published byOphelia Hancock Modified over 9 years ago

Similar presentations

Presentation on theme: "Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer."— Presentation transcript:

1 Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer Science University of Illinois at Urbana-Champaign

2 Motivation Increasing connectivity and mobility Emerging software-intensive networks Software based protection at system level Acceptance of mobile agent technology Extensible and adaptable software architecture

3 Existing Solutions Firewall, VPN, Kerberos, SSL, SOCKS Limited support for fine-grained application specific security Hard to evolve, adapt and inter-operate No guard against grudging insiders Too complex and resource intensive for mobile clients

4 Our Approach Mobile security agents Secure bootstrapping process with minimal core security services Active capability providing application specific access control Interoperable security policies CORBA compliant security services and APIs

5 Achievement Security representation framework Security extensions to OMG IDL Minimal core security services Mobile collaborative testbed environment ‘Dynamic Security for Active Network’ Proof of Concept

6 Contents Overview of Cherubim Core Services Dynamic Policies Example Applications Demonstration Future Summary

7 Core Security Services Abstracts underlying cryptographic functionality Provides five basic functions –Encryption –Decryption –Signature –Signature Verification –Authentication

8 Core Implementation Based on Cryptix Package, a free implementation of the Java Cryptographic Architecture Authentication Protocol –2048 bit prime for Diffie-Hellman exchange –1024 bit DSA keys for signatures on key exchange and mobile classes –128 bit IDEA session keys

9 Authentication Client Server, signature g ab IDEA Session key IDEA Session key SHA-1 a b

10 Class Request Data Format Class Name TimeStamp (5 min) Sequence Number Destination Encrypted with IDEA Key Signature Packet Data Format

11 Class Response Data Format Class Name TimeStamp (5 min) Sequence Number Destination Encrypted with IDEA Key Signature Packet Data Format Class

12 Classloader Hierarchy Java core classes, Necessary Cryptix and Cherubim classes Jacorb classes, home application classes, Cherubim policy library Specific policies, remote application classes Primordial Classloader Jurassic Classloader CORBA Classloader

13 Dynamic Policies Framework –Primitives (sets, maps, mappings) –OS entities (devices, processes, users) –Interfaces with Security Policy Decision Function Underlying system –Policy classes Demo examples atop framework Active capabilities

14 Policy Classes DAC - Discretionary Access Control –Double DAC NDAC - Non... –DONDAC, Domain Oriented... –MAC formed from customized NDAC DSP Device Specific Policies –DANDAC, Device Aware...

15 Policy Framework OS DSPDACNDAC DANDAC DONDAC Interfaces Primitives DDAC

16 Policy Formulation for Demo Double Discretionary Access Control –Traditional Allowed Lists –Disallowed Lists –Policies that are functions of underlying mechanisms like time Corba monitoring and authorization for each RMI

17 Role-Base Access Control Separation of duties –Invocation of mutually exclusive roles for a task to increase security Least privilege –Assign only needed role/right to users Simplified authorization management –Independent mappings: role-permission, user- role, and role-role relationships –Suitable for dynamic mobile environment

18 Role Management Hierarchical roles –Simple, clear role management Object classes –Classify objects based on access type Roles to manage roles –Administrative roles Net effect of a configuration: open question

19 Environment System defines role permissions –Can dynamically define new role, or modify permissions, though should do so infrequently User-role binding by password/certificate –User can dynamically attain role –Can attain multiple non-exclusive roles

20 Current Implementation Two ids in policy framework: user and role –Access control entry can be for either user, role, or both Grant access if no conflict –Check ACL for both user and role One user can have multiple roles –Must be non-exclusive –Grant access if access control returns yes for user and one role

21 Architecture CORBA compliant security services Security enhanced IDL Agent-based dynamic security framework

22 CORBA Security Services OMG’s general security model OMG’s Security Service Interface Extensions defining binding between security policies and applications Principals, Roles, Privilege Attributes, Credentials, Active Capabilities Security Domain defines scope of policy and security authority

23 Object Access in Cherubim Active Capability/Certificates Network Transport Dynamic Policies BOA Security Mechanisms Application Client Orb Stub Active Capability/Certificates Application Server

24 Active Capability Smart packet containing certificate Signed policy code External mechanisms, framework interfaces –Time –Encryption –System/Device state

25 Security Enhanced IDL Interface definition extended to specify –enforced by, …, Declarations of variables, methods, and parameters extended to specify mechanisms: –authenticated, authorized, encrypted, audited, non-repudiated,

26 Demonstration Secure Bootstrap from ‘Smart Card’ Process Management System example Double Discretionary Access Control –2 hosts (system objects) –2 users –8 process management operations –Allowed and denied lists for various accesses CORBA monitoring and authentication for method invocations

27 Bootstrap from Smart Card File -> passphrase decryption -> credentials Credentials –home server, public key, private key Mutual authentication with home server Download Jacorb, security classes, application with active capabilities Cherubim Smart Card

28 Process Management Example System Manager Client 1 User Application Host Manager Remote User Process Remote User Process Remote User Process Client 2 User Application Client 3 User Application Host Manager Remote User Process Remote User Process Remote User Process Host Manager Remote User Process Remote User Process Remote User Process Server 1 Server 2 Server 3

29 Laptop Mickunas Key Components in Demonstration Denny Client Application NameServer PolicyServer Service Manager Denny Server Application Hostmanager Roy Client Application Laptop Roy Roy Server Application

30 Future Dynamic Distributed Objects with Dynamic Adaptable Security Policies over Heterogeneous Networks “Instant” Security Policy Response to Attacks Automated and Flexible Configurability Dynamic Security for Active Networks

31 Cherubim Summary Dynamic policies Compatibility Extensibility Customizability Interoperability Multiple Policies Multiple Mechanisms Multiple Protocols Secure Orb, Security Server Public Key Infrastructure Architecture for and Demonstration of:-

32 What’s missing from Tucson meeting

Download ppt "Cherubim Dynamic Security System Roy Campbell and Denny Mickunas Tin Qian, Vijay Raghavan, Tim Fraser, Chuck Willis, Zhaoyu Liu Department of Computer."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Mobile Agents Mouse House Creative Technologies Mike OBrien.

Mobile Agents Mouse House Creative Technologies Mike OBrien.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
1 Secure Dynamic Reconfiguration of Scalable Systems with Mobile Agents Fabio Kon, Binny Gill, Manish Anand, Roy Campbell, and M. Dennis Mickunas

1 Secure Dynamic Reconfiguration of Scalable Systems with Mobile Agents Fabio Kon, Binny Gill, Manish Anand, Roy Campbell, and M. Dennis Mickunas
Access Control Chapter 3 Part 3 Pages 209 to 227.

Access Control Chapter 3 Part 3 Pages 209 to 227.
Access Control Methodologies

Access Control Methodologies
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
DCS Architecture Bob Krzaczek. Key Design Requirement Distilled from the DCS Mission statement and the results of the Conceptual Design Review (June 1999):

DCS Architecture Bob Krzaczek. Key Design Requirement Distilled from the DCS Mission statement and the results of the Conceptual Design Review (June 1999):
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Distributed Service Architectures Yitao Duan 03/19/2002.

Distributed Service Architectures Yitao Duan 03/19/2002.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.

Role Based Access Control Models Presented By Ankit Shah 2 nd Year Master’s Student.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Mobile Agents for Integrating Cloud-Based Business Processes with On-Premises Systems and Devices Janis Grundspenkis Antons Mislēvičs Department of Systems.

Similar presentations

Ads by Google