Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,

Published byMary Anderson Modified over 9 years ago

Similar presentations

Presentation on theme: "Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,"— Presentation transcript:

1 Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale, and Doug Schmidt March 20, 2007 Modeling CCM role-based access control (RBAC) rules and rights at design time Eliminates tedious and error-prone role-based checking at run-time Allows definition of platform-specific rights families like a PIM Allowing multilevel Security QoS provisioning through a configurable security policy framework Eliminates time consuming and inefficient runtime checks for consistency, conflicts, redundancy. Tailored to meet domain & application specific QoS requirements Providing fine-grained as well as coarse-grained access control and security guarantees Facilitates flexibility as well as customization Defining annotations for configuring security in component middleware Allows middleware configurations specific to the needs of different parts of a system Enables secure application deployment through middleware configuration Provisioning for defining Workflow/Business Process/Critical Path security Addressing Security via the Security Quality of Service (QoS) Modeling Language (SQML) Addressing Trust & Resiliency via the DDS Quality of Service (QoS) Modeling Language (DQML) Enhances trust by supporting correct-by-construction QoS configurations at design time Eliminates complex, tedious, and error-prone QoS compatibility and consistency checking at run- time or compile-time Provides separation of concerns to facilitate configuration analysis better Generates application artifacts (e.g., configuration files) Supports resiliency research by providing a base for higher level DDS resiliency services Model redundant replicas with desired properties in DQML Basis for DDS fault-tolerant service Data flows as intended via correct-by-construction QoS configurations (e.g., Power Grid ULS System) Durability- Volatile Durability- Transient Reliability- Reliable Reliability- Reliable Deadline- 10ms Deadline- 20ms Liveliness- Manual By Topic Liveliness- Automatic Nuclear Reactor Status Timebased- 5ms Nuclear Reactor Control Room Power Grid Control Room Power Substation Status Deadline- 10ms Deadline- 15ms Power Substation 1 Nuclear Reactor Deadline- 10ms Power Substation 2 Power Substation 3 Deadline- 15ms Reliability- Reliable Ongoing Research Creation of higher level DDS services built on DQML work Discovery and documentation of DDS patterns Creation of DDS fault-tolerance service (e.g., using ownership/ownership strength, durability policies, multiple readers and writers, hot-swap and failover DDS pattern) Creation of DDS real-time data service (e.g., using deadline, transport priority, latency budget policies, continuous data pattern) Generation of security mapping and security platform independent model (PIM) Map SQML’s RBAC onto DDS security service Develop security PIM with SQML and DQML security services as input Motivating Example: Ultra-Large Scale (ULS) Systems ULS systems require: Security – capability of the system to provide confidentiality, integrity, and availability on the ULS system data and services both locally and globally Trust – extent to which users of the ULS system will be able to rely on the data and services of the ULS system Resiliency – capability of the ULS system to maintain an acceptable level of service while under stress from adverse environmental conditions such as attacks or cascading failures National/International Power Grid Air Traffic Management Constellations of Satellites Homeland Defense Challenges for EDRE Middleware: End-to-end Security – security must be incorporated into all aspects and layers of the application Correctness – design of the application must be ensured when deployed Redundancy – backups of critical pieces of the application must be configured properly and take over when needed Durability- Volatile Durability- Transient Reliability- Reliable Reliability- Reliable Deadline- 10ms Deadline- 20ms Liveliness- Automatic Nuclear Reactor Status Nuclear Reactor Control Room Nuclear Reactor Timebased- 5ms Deadline- 10ms Liveliness- Manual By Topic Map SQML security onto DQML Security PIM SQML input to security PIM DQML input to security PIM Interface Security QoS Domain-Specific Security Policy Component Security QoS Conforms to Policy

Download ppt "Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,"

Similar presentations

1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.

1 Service Oriented Architectures (SOA): What Users Need to Know. OGF 19: January 31, 2007 Charlotte, NC John Salasin, Ph.D, Visiting Researcher National.
Configuration management

Configuration management
Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.

Unveiling ProjectWise V8 XM Edition. ProjectWise V8 XM Edition An integrated system of collaboration servers that enable your AEC project teams, your.
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
22 May 2015Joe Hoffert Quality of Service Configuration DSML for the Data Distribution Service Joe Hoffert

22 May 2015Joe Hoffert Quality of Service Configuration DSML for the Data Distribution Service Joe Hoffert
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.

Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter.
1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.

1 12/10/03CCM Workshop QoS Engineering and Qoskets George Heineman Praveen Sharma Joe Loyall Richard Schantz BBN Technologies Distributed Systems Department.
Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.

Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.
Model Driven Architecture (MDA) Partha Kuchana. Agenda What is MDA Modeling Approaches MDA in a NutShell MDA Models SDLC MDA Models (an Example) MDA -

Model Driven Architecture (MDA) Partha Kuchana. Agenda What is MDA Modeling Approaches MDA in a NutShell MDA Models SDLC MDA Models (an Example) MDA -
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.

Software Dependability CIS 376 Bruce R. Maxim UM-Dearborn.
Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.

Chapter 1 Database Systems. Good decisions require good information derived from raw facts Data is managed most efficiently when stored in a database.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Accounts management software simplifies the process of accounting for any individual or for an organization. 3 Star Info takes utmost effort so that beyond.

Accounts management software simplifies the process of accounting for any individual or for an organization. 3 Star Info takes utmost effort so that beyond.
Issues and Ideas in Software Reliability for FCS Joe Loyall BBN Technologies.

Issues and Ideas in Software Reliability for FCS Joe Loyall BBN Technologies.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 18 Slide 1 Software Reuse.
Managing Software Quality

Managing Software Quality

Similar presentations

Ads by Google