View
33
Download
0
Category
Tags:
Preview:
DESCRIPTION
Design of Secure CAMIN Application System based on Dependable and Secure TMO and RT-UCON. Jungin Kim Dr. Bhavani Thuraisingham The University of Texas at Dallas May 08, 2007. Contents. Introduction Background TMO RT-RBAC RT-UCON Secure CAMIN Access control TMO object - PowerPoint PPT Presentation
Citation preview
Design of Secure CAMIN Application System based on Dependable and
Secure TMO and RT-UCON
Jungin Kim
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
May 08, 2007
Contents
Introduction
Background- TMO
- RT-RBAC
- RT-UCON
Secure CAMIN- Access control TMO object
- Application Interfaces
Summary
Introduction
Computing paradigm shift
- More security concerns
- Serving real-time services with sufficient security features
Objective
- Ensure security for real-time system (TMO scheme)
- Incorporate access control mechanisms, RT-UCON into the CAMIN
Background
TMO scheme
- Time-triggered Message-triggered Object
- High-level real-time and distributed computing object
- A new paradigm for object-oriented real-time distributed computing
- Proposed by Dr. Kane Kim and Hermann Kopetz [94]
Components of the TMO
- ODS (Object Data Store)
- SpM (Spontaneous Method)
- SvM (Service Method)
- EAC (Environment Access Capability)
- AAC (Autonomous Activation Condition)
Background
TMO model
A TMO object
ODSS1 ODSS2
Object Data Store (ODS)
SpM1
Deadlines
AAC
SpM2AAC
SvM1
ConcurrencyControl
SvM2
AAC: Autonomous Activation Condition
ServiceRequestQueue
RemoteTMOClients
Lock/Condition/CREW for Concurrent AccessTime-triggered(TT) Spontaneous Methods(SpMs)
Message-triggered(MT) Service Methods(SvMs)
EAC
Capability for accessing other TMOs and network environment including logical multicast channels and I/O devices
Access Control mechanisms
- Role Based Access Control (RBAC) model Users (TMO objects) are associated with roles Roles are associated with permissions (Write, Read,
Execution, All) A user has permission only if the user has an authorized role
which is associated with that permission
- Inadequate for distributed real-time system Server side centralized model Need constraints on temporal behaviors of spontaneous
methods in TMO
RT-RBAC
RT-UCON
Access Control mechanisms
- Usage Control (UCON) Model encompasses traditional access control models
Authorization rules, conditions and obligations are involved in authorization process
Continuity of decision being either pre or ongoing with respect to the access
Mutability that can allow updates on subject or object attributes at different times
Subjects ObjectsUsageDecision
Obligations Conditions
Rights
Authorizations
RT-UCON
Basic authorization components for access control in TMO
• Continuity: dynamic and seamless constraints
• Mutability: control the scope of access
• Conditions: control the amount of access, access time, etc
• Obligations: pre-conditions for determining access decisions
Adequate for distributed real-time system
• Space and Time domain
• Server and Client side control
• Dynamic and Flexible
Developed at UC Irvine DREAM Lab
Mission: Defend target objects both in the sea and on the land from the hostile objects in the sky
Application
• Theater: application environment
• Alien: enemy and flying objects
• Command post, Command ship
CAMIN(Coordinated anti-missile interceptor network)
Secure CAMIN
Mission: Defend target objects both in the sea and on the land from the hostile objects in the sky
Access control checks policies and security levels Some malicious objects are added
Access control TMO object
Implemented with through a separated object or included inside object
Checks access right, maintain access policies in the system
• ODS: stores static and dynamic access policies
• SpM: controls access policies in ODS
• SvM: handles access decision requests
Structure of the TMO application with access control TMO object
A TMO object
ODSS
SpMAAC
SvM
EAC
Application TMO
Mutability &Continuity
Attributes of object
SvM
Environmental Conditions,
Policies
Communication Network
TMO MiddlewareOS
SpM
ODS
Access Decision TMO
Access decision
A TMO object
ODSS
SpMAAC
SvM
EAC
Application TMO
Mutability &Continuity
Attributes of object
SvMSvM
Environmental Conditions,
Policies
Communication Network
TMO MiddlewareOS
TMO MiddlewareOS
SpMSpM
ODSODS
Access Decision TMO
Access decision
Access control TMO object
Application Interfaces
Client TMO
ServerTMO
Access controlTMO
decision
access request(name, attributes)
get rights
Access PoliciesAttributesAttributes
Temporal constraints and environmental conditions of applications
- Access decision are performed many times during continuous activities
- Conditions can be changed over time To fully utilize the RT-UCON
- We need: set_access_time() to restrict the access time resume_access() block_access(time domain) set_access_count(attributes) More functions should be designed according to the
application specification in the design phase
Application Interfaces
Summary and Directions
Designed a model named the RT-UCON and secure real-time application utilizing CAMIN
Need to design sophisticated security APIs
Recommended