Transcript
Page 1: Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,

Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale, and Doug Schmidt

March 20, 2007

• Modeling CCM role-based access control (RBAC) rules and rights at design time• Eliminates tedious and error-prone role-based checking at run-time• Allows definition of platform-specific rights families like a PIM

• Allowing multilevel Security QoS provisioning through a configurable security policy framework• Eliminates time consuming and inefficient runtime checks for consistency, conflicts, redundancy.

• Tailored to meet domain & application specific QoS requirements• Providing fine-grained as well as coarse-grained access control and security guarantees

• Facilitates flexibility as well as customization• Defining annotations for configuring security in component middleware

• Allows middleware configurations specific to the needs of different parts of a system

• Enables secure application deployment through middleware configuration

• Provisioning for defining Workflow/Business Process/Critical Path security

Addressing Security via the Security Quality of Service (QoS) Modeling Language (SQML)

Addressing Trust & Resiliency via the DDS Quality of Service (QoS) Modeling Language (DQML)

• Enhances trust by supporting correct-by-construction QoS configurations at design time• Eliminates complex, tedious, and error-prone QoS compatibility and consistency checking at run-time or compile-time

• Provides separation of concerns to facilitate configuration analysis better• Generates application artifacts (e.g., configuration files)• Supports resiliency research by providing a base for higher level DDS resiliency services• Model redundant replicas with desired properties in DQML• Basis for DDS fault-tolerant service

Data flows as intended via correct-by-construction QoS configurations (e.g., Power Grid ULS System)

Durability-Volatile

Durability-Transient

Reliability- Reliable

Reliability- Reliable Deadline-

10ms

Deadline-20ms

Liveliness-Manual By Topic

Liveliness-Automatic

Nuclear Reactor Status

Timebased-5ms

Nuclear Reactor Control Room Power Grid

Control Room

Power Substation Status

Deadline-10ms

Deadline-15ms

Power Substation 1

Nuclear Reactor

Deadline-10ms

Power Substation 2

Power Substation 3

Deadline-15ms

Reliability- Reliable

Ongoing Research

• Creation of higher level DDS services built on DQML work• Discovery and documentation of DDS patterns• Creation of DDS fault-tolerance service (e.g., using ownership/ownership strength, durability policies, multiple readers and writers, hot-swap and failover DDS pattern)

• Creation of DDS real-time data service (e.g., using deadline, transport priority, latency budget policies, continuous data pattern)

• Generation of security mapping and security platform independent model (PIM)• Map SQML’s RBAC onto DDS security service• Develop security PIM with SQML and DQML security services as input

Motivating Example: Ultra-Large Scale (ULS) SystemsULS systems require:

• Security – capability of the system to provide confidentiality, integrity, and availability on the ULS system data and services both locally and globally

• Trust – extent to which users of the ULS system will be able to rely on the data and services of the ULS system

• Resiliency – capability of the ULS system to maintain an acceptable level of service while under stress from adverse environmental conditions such as attacks or cascading failures

National/International Power Grid

Air Traffic ManagementConstellations of Satellites

Homeland Defense

Challenges for EDRE Middleware:• End-to-end Security – security must be incorporated into all aspects and layers of the application

• Correctness – design of the application must be ensured when deployed• Redundancy – backups of critical pieces of the application must be configured properly and take over when needed

Planner1Durability-

Volatile

Durability-Transient

Reliability- Reliable

Reliability- Reliable

Deadline-10ms Deadline-

20ms

Liveliness-Automatic

Nuclear Reactor Status

Nuclear Reactor Control Room

Nuclear Reactor

Timebased-5ms

Deadline-10ms

Liveliness-Manual By Topic

Map SQML security onto DQML

Security PIM

SQML input to security

PIM DQML input to security PIM

Interface Security QoS

Domain-Specific Security Policy

Component Security QoS

Planner1

Conforms to Policy

Recommended