Upload
hank
View
51
Download
0
Embed Size (px)
DESCRIPTION
Ideas for future work. E. Fernandez 10/07/04. Where are we now?. We sent a proposal on medical security to NSF—It was not funded We got money for wireless web services security—Project is starting We wrote several papers and several more are being written - PowerPoint PPT Presentation
Citation preview
Ideas for future work
E. Fernandez
10/07/04
Where are we now?
• We sent a proposal on medical security to NSF—It was not funded
• We got money for wireless web services security—Project is starting
• We wrote several papers and several more are being written
• Thesis work—Tami and Juan finished their MS theses. Nelly, Andrei, Alvaro, Ajoy, and Laszlo are defining their future work
Medical security
• Survey of models—Andrei has done some work on this. We will write a survey paper.
• Access control model—We wrote two papers (LACCEI, eSociety). We are refining it.
• New version of NSF proposal (NIH?)
Work on medical modeling
• Study of medical requirements and policies: BRCH and another hospital (Tami)
• Study of HL7 and JADIS (Tami)
• Paper on analysis of HL7 for security (Ed and Tami)
• More patterns for medical applications and extension of model
readauthorizeUse
MedicalRecord
readmodify
custodian InChargeOf
MedicalRelationship
forAll(p: PatientID->notify(self.Log.accessor)
* **
1..*
Right
Patient.patientID = MedicalRecord.patientID
patientID: IntegerdateOfBirth: Datename: String address: Stringage: Integersex:{male, female}
Patient
InpatientOutpatient InpatientOutpatient
TreatmentHistory
medications:Stringprocedures:string
*
1
readmodify
Right
Doctor.LoginrID = MedicalRecord.doctorID
doctorID: IntegerdateOfBirth: Datename: String address: Stringage: Integersex:{male, female}
Doctor
custodian
0..*
1
accessor: Stringperiod: Stringdate: DateaccesType
Log
<<role>>
Patient
1
LoginID: Integer
<<role>>
Doctor
1
LoginID: Integer
Secure software development
• Paper for Las Vegas conference• Refine secure software development
methodology: use cases, mapping from conceptual model to component model
• More patterns for the catalog: XML firewall (Nelly, Ed, Saeed, Maria), network firewalls (Ed, Maria, Naeem, Nelly)
• Adapt for wireless secure systems
Secure systems development methodology
• Apply security principles throughout the whole software lifecycle
• Use of object-oriented design and RBAC
• Use cases define rights for roles
• Patterns build a secure conceptual model
• Multilayer architecture extends the model to the lower architectural levels
Specific items to do
• Extend use case templates to indicate security constraints
• Extend the component pattern to include security
• Map from conceptual model security to component security
Voterregistration
Voting
Keep voterslist
C ountyvoting
Local votingRemotevoting
Tally result
Voter
Precinct officer
Component pattern
Client
FactoryProxy
Component
Container
Enterprise Component Framework
PersistenceService
RemoteProxy
Context
<<call>>
<<call>>
<<call>>
<<call>>
<<call>>
<<call>>
<<call>>
Factory
Remote
Factory
Remote
Extend current work
• Firewalls—Basic types are done, develop varieties
• Attribute-based access control—Develop more pattern varieties and dynamic details
• New pattern for virtual machine security
• New pattern for virtual vault architecture
Network Firewalls
Proxy-Based Firewall
Packet Filter Firewall Stateful FirewallAddress Filtering
Address Filtering Keep State
Keep State
Proxy Filtering
Attribute-based RBAC
RBAC Pattern
Session Pattern
MBACPattern
MBAC Pattern w/Sessions
MBAC Pattern w/Predicates
CompositeMBAC Pattern
DAC Pattern
AuthorizationPattern
<<uses>> <<adapts>>
<<
use
s>>
VM Object-Oriented Class Model
VM OS
VM
OS
HyperVisor
supports *
*
1 *
*
*
Can run
<<controls>>
Virtual Vault architecture
W ebS erver
Au ditT ra il
C G IIns ide
Int .W eb
Serv er
Au th.Info
In tServ er
O u tsid e
E xt.B rowse r
Gateway
S ystem
H T M LPa ges
C G I S crip ts
In t.Br owser
Sys H i
Physical/ location-based access control
• Subjects are people. Protection object is a physical location. Type of access could be to a location or a part of a location.
• This model can be used to control access to physical locations, e.g., rooms in a hospital. Ph.D. thesis of Alvaro
• Mobile systems application—location privacy (MS Location-based services)
Wireless web services security
• We completed security survey (Wireless LAN handbook). Now being extended (Mike, Ed, Maria, Saeed)
• Survey of cryptographic methods for wireless security (Saeed)
• Survey of web services security (Ed, Tami, Maria)• Patterns for web services and distributed security
(XML firewall, Secure Broker, SAML)• Secure wireless systems architecture
Wireless web services
• Many standards and still evolving
• Some standards compete with each other or overlap
• The situation gets more complex when we add wireless architectures
• Clerify relationships between standards
XKMS
XACML
XML DSig
SAML
XrML
XML Enc
SOAP
Kerberos X.509
SSL
WS-Security
More standards
WS-SecureConversation WS-Federation WS-Authorization
WS-Trust WS-PrivacyWS-Policy
WS-PolicyAttachments Policy Assertions
WS-PolicyFramework
WS-Security
SOAP Foundation
Patterns for web services and distributed security
• Pattern for architecture of application firewall using multiple agents. Also Reverse Proxy pattern (Nelly)
• Authentication patterns (Nelly)
• Survey of web services security products
• Patterns for Secure Broker units (Ed)
idcredentials
Service
idcredentialsroles
serviceIdrolepredicate
Identity Policy
authenticate()grantAccess()log()definePolicy()defineUser()defineRole()removeUser()removeRole()
addSchema()removeSchema()updateSchema()
SchemaDatabase
XMLSchemaValidator
HarmfulDataDetector
ContentInspector
XMLFirewall
requestServiceXMLMessage
IdentityBase PolicyBase
PolicyDefinitionPoint
interceptMessage()controlAccess(url, id, credentials)
PolicyEnforecementPoint
Client
url
executeService()
Application
*
* *
*
*
* *
**
11
1
1 1
1 1
1
Application Level
Implementation Level
checkAccess
communicatesThrough
accessService
* 1
ApplicationConceptual Model
Layers MVC / PAC Reflection
Complexity Interaction Adaptability
Broker ProxyClient / Servant
accessAdapter
interoperation
Façadeservantmanagement
... resourcemanagement
Client / Dispatcher /Server
Communication
Lookupnamingservice
concurrency ......event handling
...structure /extension
distribution
Security of workflow and business levels
• Study UML model for ebXML registries and develop pattern.
• Workflow level security: BPL4WS, ebXML
• An area largely unexplored
WS1 WS2
Registry
PAYLOADHEADER . . .
. . . HTTP
XML
SOAP
Web Services
Catalog and Description
Business Workflow
ebXML Registry Security model
<<Interface>>AccessControlPolicy
Permission
Privilege
<<Interface>>PrivilegeAttribute
<<Interface>>RegistryObject
identity: Identitygroups: collectionroles: collectionsecurityClearances: collection
getGUID() : StringsetGUID(guid : String) : voidgetURL() : URLsetURL(url : URL) : voidgetName() : StringsetName(name : String) : voiddepricate() : voiddelete() : void
<<Interface>>SecurityClearance
<<Interface>>Group
<<Interface>>Role
<<Interface>>Identity
Principal
0.n 1
0..n
1..n
0..n
1..n
1
0..n
0..n 0..n
0..n 1
Privacy preferences
• User control over personal information
• P3P (Platform for Privacy Preferences), developed by the W3C
• A standardized set of multiple-choice questions about privacy policies
RBAC hierarchies
• R. Sandhu developed the ARBAC model
• Administrators and subjects are organized in a lattice
• They have applied this model to medical systems.
• It is too restrictive, we can find better ways
(I started in an old paper) (Saeed)
A role hierarchyClinicalManager
Doctor Nurse
Patient
ClinicalEmployee
Patient AffairsDirector
Patient AffairsManager
Other
• VoIP (Juan)—We are writing two papers (Ed, Mike)
• Chemical engineering patterns (Deepa)
• Third party assurance (Mike)
• Sarbanes/Oxley –regulation for financial institutions, this is a good area, nothing done on security aspects
Conclusions
• Many possibilities, all interesting• Look at Recent Publications in my web
page and at past talks, ask me for references • Select an idea, write something, submit it
for discussion (email)• Make a presentation for the group• Paper for conference or journal and/or
thesis/dissertation