Security Engineering for Large Scale Distributed Applications
|
|
- Irene Summers
- 5 years ago
- Views:
Transcription
1 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Security Engineering for Large Scale Distributed Applications Konstantin Beznosov Electrical and Computer Engineering University of British Columbia Copyright Konstantin Beznosov
2 airplanes vs. cars flying is fast driving is slow why isn t everybody flying? 2
3 why aren't secure systems almost completely insecure, or secure but too expensive and error-prone to build too complex to administer inadequate for real-world problems forever everywhere? examples 3
4 CORBA Security examples no compliant system over 600 pages 3 days to install and configure a toy set up Web services security harder than RPC-based CORBA 4
5 research direction outline access control mechanisms overview some things that can be done about it some specific things: attribute function, composable policy engines other research projects 5
6 what can be done about it? improvements towards inexpensive and error-proof to build effective and inexpensive in administration adequate for problem domains easy and inexpensive to change and integrate 6
7 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A access control mechanisms overview Copyright Konstantin Beznosov
8 conventional computer security protection from breaking rules Protection preventing bad things from happening Assurance Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Service Continuity Disaster Recovery Design Assurance Development Assurance Operational Assurance enforces the rules, when rule check is possible 8
9 9 overview of access control Specific to Application Domain Subject Security Attributes id=alice Not managed by security admin-s Subject Non-security Attributes age=40 role=physician Context sensitive Emergency Subjects Is attending physician? Action Attributes name=read actions Authorization Engine Reference monitor Authorization Decisions Access Control Mechanism Request-specific Objects Object Attributes patient=bob type=patient_record subtype=current_episode Fine grain Object Security Attributes owner=fred domain=hospital_a physician can read medical records attending physician can modify patient current episode sensitive records
10 decision-enforcement paradigm Decision Function access control data protection security audit subjects Enforcement Function policy decisions Security Mechanisms objects 10
11 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A some things that can make it better Copyright Konstantin Beznosov
12 separation of concerns application vendors sell application(s) product middleware vendors sell middleware products security vendors sell security products application owners sell service(s) 12
13 all security in middleware Application space Application Object Advantages security-unaware applications Both functions are implemented by security vendor Hard to bypass Separate from application easier to analyze Implementations CORBA, EJB, COM+, ASP.NET View Objects [Hailpern 1990] Role Classes [Barkley 1995] SafeBots [Filman 1996] Security Meta Objects [Riechmann 1998] Enforcement Function Decision Function 13 Access Request Middleware Security Middleware Space
14 studying DF expressiveness Psychiatrist Physician Physician Assistant Registration Clerk Nurse Caregiver [Sandhu 1998] RBAC Owner-based DAC Technician supports [Sandhu 1996] Lattice-based MAC Right 0..* 0..* Family : ExtensibleFamily +consists 0..* +consists RequiredRights Combinator : RightsCombinator requires 0..* 0..* 0..* GrantedRights +based on 0..* grante SecurityAttribute type : AttributeType defining_authority : Opaque value : Opaque 0..* Credentials 0..* 0..* 1..1 Operation +invoke Request Principal * 0..* +makes * 0..* +defined +on 0..* +acts on behalf * Interface 1..* DomainAccessPolicy inherits 0..* implement +applies User 0..* * +associated Interface Implementation SecurityPolicyDomain 0..* 1..* CORBA Security 0..* +contain 0..* +has K. Beznosov and Y. Deng, A Framework for Implementing Role-based Access Control Using CORBA Security Service, Fourth ACM Workshop on Role-Based Access Control, Fairfax, Virginia, USA,
15 making better to administer Application Application space Object Enforcement Function Decision Function Middleware Security Middleware Space Object Application Application space Security Policies Policy Administration Enforcement Function Decision Function Middleware Security Middleware Space Application space Application Object Enforcement Function Decision Function XACML-TC, OASIS extensible Access Control Markup Language (XACML), Committee Specification v1.0, OASIS, February Security Policy Mediators [Hale 1999] 15 Middleware Security Middleware Space
16 middleware security limitations Application Application space Object no application-specific information or logic only information known before the method is invoked method-level granularity Enforcement Function Decision Function 16 Access Request Middleware Security Middleware Space
17 reconfigurable decision function Application space Resource Access Decision (RAD) Application Object Policy EvaluatorLocator 2: get_policy_decision_evaluators PolicyEvaluator DynamicAttributeService 5: * evaluate 3: get_dynamic_attributes Enforcement Function 1: Access Decision Object 4: combine_decisions DecisionCombinator Enforcement Function Middleware Security K. Beznosov, Y. Deng, B. Blakley, C. Burt, and J. Barkley, A Resource Access Decision Service for CORBA-based Distributed Systems, Annual Computer Security Applications Conference (ACSAC), Phoenix, Arizona, USA, OMG, Resource Access Decision Facility, Object Management Group, OMG document number: formal/ , August
18 relationship-based access control Attending Psychiatrist Patient Attending Physician Spouse Assistant Attending Physician Guardian Attending Nurse Related Technician Relative Related Care-giver 18 J. Barkley, K. Beznosov, and J. Uppal, Supporting Relationships in Access Control Using Role Based Access Control, Fourth ACM Role-based Access Control Workshop, Fairfax, Virginia, USA, 1999.
19 RBAC RAD == RelBAC Application System 1: access_allowed 2: get_policy_decision_evaluators Access Decision Object 4: combine_decisions Policy EvaluatorLocator 3: get_dynamic_attributes DecisionCombinator RAD Relationships DynamicAttributeService RBAC PolicyEvaluator 5: evaluate 19
20 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A one specific thing: attribute function Copyright Konstantin Beznosov
21 enforcement in middleware Application space Application Advantages EF stays outside of the application DF can use application-specific policies and/or information Examples CORBA Security replaceable mech. Java Authorization Contract for Containers, (JACC) in J2EE v1.4 getaccess, Access Manager, SiteMinder Legion [Grimshaw 1998] Object Decision Function Enforcement Function 21 Access Request Middleware Security Middleware Space
22 how to get application data for decisions? Application space Application Coupled with the object Object Access Request Enforcement Function Back Door Application-specific Data Request Application-specific Data Decision Decision Function Decision Request Disadvantages Each business object has to implement the backdoor Could be inefficient on expensive to activate objects Weak in the face of denial of service attacks Middleware Security Subsystem Middleware Space Access Request 22
23 a better way Attribute Function Application Object Access Request Application space Enforcement Function Attribute Function Middleware Security Subsystem Middleware Decision Function Decision Decision Request Advantages + security out + application data in + separation of concerns EF middleware vendor DF authorization vendor AF application owner 23 Access Request K. Beznosov, "Object Security Attributes: Enabling Application-specific Access Control in Middleware," The 4th International Symposium on Distributed Objects & Applications, pp , Irvine, California, October 28 - November 1, 2002.
24 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A another specific thing: composable policy engines K. Beznosov, "On the Benefits of Decomposing Policy Engines into Components, in Proceedings of The 3rd Workshop on Reflective and Adaptive Middleware, Toronto, Canada. October Copyright Konstantin Beznosov
25 problem motivation Mechanism (Enforcement function) Policy (Decision function a.k.a. Policy engine) 25 Distributed app. developers/admins have limited choices: 1. Pre-built policy engines with limited capabilities e.g., JAAS default policy file, COM+, EJB authorization Limited support for non-trivial or application-specific policies 2. Pre-built policy engines one size fits all generic e.g., CORBA Unnecessary complex and expensive to use 3. plug-in APIs for creating custom do-it-yourself engines e.g., CORBA Sec. Replaceable, JSR 115, SiteMinder and alike Hard to do it right
26 premise common policy elements e.g., authorizations based on roles, groups, location differences in the weight and composition e.g., location ( role && group ) vs. role ( location && group ) application-specific factors e.g., relations, certification, license 26
27 component framework for A&A policy engine Legend 27 Replaceable Created by Replaceable Fixed
28 expected benefits wide range of supported policies pay as you go cost of supporting a policy determined by required policy not by policy engine complexity incremental changes proportional to policy Δ-s addition/removal/re-composition of policy components re-use of existing policy logic by developers/administrators 28
29 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A example 1 university course web service Copyright Konstantin Beznosov
30 university course web service policy 1. Anyone can lookup course descriptions. 2. All users should authenticate using HTTP-BA. 3. Registration clerks can list students registered for the course and (un)register students. 4. The course instructor can list registered students as well as manage course content. 5. Registered for the course students can download assignments and course material, as well as submit assignments. 30
31 policy engine assembly for example 1 HTTP BA Credential Retriever Permit Overrides Decision Combinator Course PolicyEvaluator Publicmethods PolicyEvaluator CourseId AttributeRetriever 31 Legend Generic Prebuilt Custom
32 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A example 2 human resources web service for an international organization Copyright Konstantin Beznosov
33 HR web service policy 1. Only users within the company s intranet or those who access the service over SSL and have valid X.509 certificates issued by the company should access. 2. Anybody in the company can look up any employee and get essential information about her/him. 3. HR employees can modify contact information and review salary information of any employee from the same division. 4. HR managers can modify any information about the employees of the same division. 33
34 policy engine assembly for example 2 HTTP BA Credential Retriever (A uthroizedip Certificate) (PublicMethod (Role Division)) Decision C ombinator X.509 Certificate Credential Retriever Authorized IP PE RBAC PE Division PE Public methods PE X.509 Certificate PE X.509 Certificate Credential Legend Generic Prebuilt Generic from Third-party Custom 34
35 summary what adequate for different application domains inexpensive and error-proof to build effective and inexpensive in administration and management easy and inexpensive to change, and replace how RBAC in CORBA XACML Resource Access Decision (RAD) RelBAC attribute function composable policy engines 35
36 T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A other research projects Copyright Konstantin Beznosov
37 multiple-channel SSL P 1 P n C S end-to-end security with partially trusted proxies selective data protection 37
38 usability of security administration improving visualization of the information existing cognitive models of security administration improving feedback to security administrators "what if" scenarios safe staging playgrounds testing system state better cognitive models mappings between different mental models/abstractions application-specific model oriented on business processes mechanism-specific technical model 38
39 agile security assurance 1. examined the mismatch between security assurance and agile methods 2. classified conventional security assurance practices according to the degree of clash 1) natural match, 2) methodology nuetral, 3) (semi-)atomatable, 4) complete mismatch 3. suggested ways of alleviating the conflict tool support, knowledge codification, agile-friendly assurance, intermittent assurance 39
40 Advanced ADAE/ADME Scheme Client Tier Presentation Tier Component Tier Back-Office Tier Application Infrastructure Application Client Brow ser Web Serv ers Web Serv ice s Application Serv ers Mainframes Databases EASI Application Env ironment Adapters EASI Security Unifier Authentication API Authorization API EASI Executiv e Audit API Secur ity Management Secur ity A dministr ation Secur ity Configur ation Security Policy Cryptography API EASI Security Serv ice Mappers Security Serv ices A uthentication Ser vices A uthorization Ser vices Cr yptogr aphy Ser vices A ccountability Ser vices Security A dministr ation Ser vices 40
41 security diffuses in applications Application Objects Application Objects Application Objects Middleware Operating System Hardware Middleware Operating System Hardware Middleware Operating System Hardware Network 41
42 42 Servant XOA attribute function in CORBA Application Servant POA Enforcement Function (security interceptor) Application space Attribute Function Attribute Manager Attribute Manager CORBA Security ORB Attribute Retriever Security Domain Membership Management Service, Final Submission, OMG, # orbos/ , July Decision Function (Decision Object) Decision Function (DecisionObject) Decision Request
A Critical Review of the Resource Access Decision Specification in CORBA
A Critical Review of the Resource Access Decision Specification in CORBA Michael Schneider, Markus Aleksy, Axel Korthaus, Martin Schader University of Mannheim, Germany {schneider aleksy korthaus schader}@wifo3.uni-mannheim.de
More informationSupporting Relationships in Access Control Using Role Based Access Control
Supporting Relationships in Access Control Using Role Based Access Control John Barkley National Institute of Standards and Technology jbarkley@nist.gov Konstantin Beznosov Baptist Health Systems of South
More informationJavaPolis 2004 Access Control Architectures: COM+ vs. EJB
JavaPolis 2004 Access Control Architectures: COM+ vs. EJB Dr. Konstantin Beznosov Assistant Professor University of British Columbia Overall Presentation Goal Learn about the capabilities of COM+ and EJB
More informationResource Access Decision Server: Design and Performance Considerations
Resource Access Decision Server: Design and Performance Considerations Konstantin Beznosov and Luis Espinal {beznosov,lespin03}@cs.fiu.edu CADSE October 22, November 5, 1999 Presentation Overview Introduction
More informationHealthcare Resource Access Control (HRAC)
OMG CORBAmed DTF Healthcare Resource Access Control (HRAC) Initial Submission 2AB, INC. Baptist Health Systems of South Florida CareFlow Net, Inc. IBM OMG TC Document corbamed/98-10-02 18 October 1998
More informationDEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS
DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS Igor Balabine, Arne Koschel IONA Technologies, PLC 2350 Mission College Blvd #1200 Santa Clara, CA 95054 USA {igor.balabine, arne.koschel}
More informationApplication Defense: An emerging Security Concept
Application Defense: An emerging Security Concept Basit Hussain, Ph.D. CTO Cerebit,, Inc. www.cerebit cerebit.com Copyright Cerebit, I nc 2003 1 Order of presentation Problem space and need Conventional
More informationDistribution Transparencies For Integrated Systems*
Distribution Transparencies For Integrated Systems* Janis Putman, The Corporation Ground System Architectures Workshop 2000 The Aerospace Corporation February 2000 Organization: D500 1 * The views and
More informationIdentity, Authentication and Authorization. John Slankas
Identity, Authentication and Authorization John Slankas jbslanka@ncsu.edu Identity Who or what a person or thing is; a distinct impression of a single person or thing presented to or perceived by others;
More informationLightweight Security Service for CORBA. Bob Burt
Lightweight Security Service for CORBA Bob Burt 1 Why Build A Lightweight Security Service?! Why developing implementation of the Resource Access Decision Facility is driving development of a lightweight
More informationNovell Access Manager 3.1
Technical White Paper IDENTITY AND SECURITY www.novell.com Novell Access Manager 3.1 Access Control, Policy Management and Compliance Assurance Novell Access Manager 3.1 Table of Contents: 2..... Complete
More informationTitle Page. FLORIDA INTERNATIONAL UNIVERSITY Miami, Florida ENGINEERING ACCESS CONTROL FOR DISTRIBUTED ENTERPRISE APPLICATIONS
Title Page FLORIDA INTERNATIONAL UNIVERSITY Miami, Florida ENGINEERING ACCESS CONTROL FOR DISTRIBUTED ENTERPRISE APPLICATIONS A dissertation submitted in partial fulfillment of the requirements for the
More informationPOAD Book: Chapter 4: Design Patterns as Components Chapter 5: Visual Design Models
POAD Book: Chapter 4: Design Patterns as Components Chapter 5: Visual Design Models Instructor: Dr. Hany H. Ammar Dept. of Computer Science and Electrical Engineering, WVU Outline Chapter 4: Design Patterns
More informationRB-GACA: A RBAC based Grid Access Control Architecture
RB-GACA: A RBAC based Grid Access Control Architecture Weizhong Qiang, Hai Jin, Xuanhua Shi, Deqing Zou, Hao Zhang Cluster and Grid Computing Lab Huazhong University of Science and Technology, Wuhan, 430074,
More informationData Security and Privacy. Topic 8: Role Based Access Control
Data Security and Privacy Topic 8: Role Based Access Control Plan for this lecture CodeShield: towards personalized application whitelisting. Christopher S. Gates, Ninghui Li, Jing Chen, Robert W. Proctor:
More informationPrivacy Policy Languages:
Privacy Policy Languages: XACML vs EPAL 5 th Annual Privacy & Security Workshop 29 October 2004 Anne Anderson Staff Engineer Sun Microsystems Labs Burlington, MA, USA Anne.Anderson@sun.com Copyright 2004
More informationSecuring ArcGIS for Server. David Cordes, Raj Padmanabhan
Securing ArcGIS for Server David Cordes, Raj Padmanabhan Agenda Security in the context of ArcGIS for Server User and Role Considerations Identity Stores Authentication Securing web services Protecting
More informationAttribute-Based Access Control Models
Institute for Cyber Security Attribute-Based Access Control Models Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair in Cyber Security University of Texas at
More informationAnalysis of ANSI RBAC Support in Commercial Middleware
Analysis of ANSI RBAC Support in Commercial Middleware by Wesam M. Darwish B.A.Sc., The University of British Columbia, 2001 A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE
More informationGroup-Centric Models for Secure and Agile Information Sharing
Institute for Cyber Security Group-Centric Models for Secure and Agile Information Sharing Ravi Sandhu Executive Director and Endowed Professor October 2010 ravi.sandhu@utsa.edu, www.profsandhu.com, www.ics.utsa.edu
More informationSpecification and Enforcement of Access Control in Heterogeneous Distributed Applications
Specification and Enforcement of Access Control in Heterogeneous Distributed Applications Torsten Fink, Manuel Koch, and Cristian Oancea Institut für Informatik Freie Universität Berlin, 14195 Berlin,
More informationApplication Servers in E-Commerce Applications
Application Servers in E-Commerce Applications Péter Mileff 1, Károly Nehéz 2 1 PhD student, 2 PhD, Department of Information Engineering, University of Miskolc Abstract Nowadays there is a growing demand
More informationGLOBUS TOOLKIT SECURITY
GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level
More informationThe Future of Access Control: Attributes, Automation and Adaptation
Institute for Cyber Security The Future of Access Control: Attributes, Automation and Adaptation Prof. Ravi Sandhu Executive Director and Endowed Chair IRI San Francisco August 15, 2013 ravi.sandhu@utsa.edu
More informationIntegrating Legacy Assets Using J2EE Web Services
Integrating Legacy Assets Using J2EE Web Services Jonathan Maron Oracle Corporation Page Agenda SOA-based Enterprise Integration J2EE Integration Scenarios J2CA and Web Services Service Enabling Legacy
More informationSymmetric Key Services Markup Language Use Cases
Symmetric Key Services Markup Language Use Cases Document Version 1.1 - February 28, 2007 The OASIS Symmetric Key Services Markup Language (SKSML) is the proposed language/protocol that defines how a client
More informationEnterprise Architecture Deployment Options. Mark Causley Sandy Milliken Sue Martin
Enterprise Architecture Deployment Options Mark Causley Sandy Milliken Sue Martin GIS is Being Implemented in Many Settings Organization Business to Business Department Workgroup GIS is Moving to the Enterprise
More informationA Language for Access Control in CORBA Security
A Language for Access Control in CORBA Security Polar Humenn Adiron, LLC Syracuse University CASE Center Syracuse, NY 13244-4100 polar@adiron.com polar@syr.edu ABSTRACT In this brief paper, I present the
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationAuthorization Recycling in RBAC Systems
Authorization Recycling in RBAC Systems Qiang Wei 1, Jason Crampton 2, Konstantin Beznosov 1, Matei Ripeanu 1 1 Laboratory for Education and Research in Secure Systems Engineering (LERSSE), University
More informationAppendix A - Glossary(of OO software term s)
Appendix A - Glossary(of OO software term s) Abstract Class A class that does not supply an implementation for its entire interface, and so consequently, cannot be instantiated. ActiveX Microsoft s component
More informationSecuring ArcGIS Server Services An Introduction
2013 Esri International User Conference July 8 12, 2013 San Diego, California Technical Workshop Securing ArcGIS Server Services An Introduction David Cordes & Derek Law Esri - Redlands, CA Agenda Security
More informationReference: Java Web Services Architecture James McGovern, Sameer Tyagi, Michael Stevens, and Sunil Mathew, 2003
CS551: Advanced Software Engineering Service-Oriented Architecture Reference: Java Web Services Architecture James McGovern, Sameer Tyagi, Michael Stevens, and Sunil Mathew, 2003 Yugi Lee STB #560D (816)
More informationArcGIS Server and Portal for ArcGIS An Introduction to Security
ArcGIS Server and Portal for ArcGIS An Introduction to Security Jeff Smith & Derek Law July 21, 2015 Agenda Strongly Recommend: Knowledge of ArcGIS Server and Portal for ArcGIS Security in the context
More informationWarm Up to Identity Protocol Soup
Warm Up to Identity Protocol Soup David Waite Principal Technical Architect 1 Topics What is Digital Identity? What are the different technologies? How are they useful? Where is this space going? 2 Digital
More informationSecurity aspects of XML and Web services
Security aspects of XML and Web services Eduardo B. Fernandez Florida Atlantic University Boca Raton, FL www.cse.fau.edu/~ed 9/1/01 1 Outline Introduction: architectures XML security: transmission XML
More informationPost-Class Quiz: Access Control Domain
1. In order to perform data classification process, what must be present? A. A data classification policy. B. A data classification standard. C. A data classification procedure. D. All of the above. 2.
More informationSemantic SOA - Realization of the Adaptive Services Grid
Semantic SOA - Realization of the Adaptive Services Grid results of the final year bachelor project Outline review of midterm results engineering methodology service development build-up of ASG software
More informationCourse 834 EC-Council Certified Secure Programmer Java (ECSP)
Course 834 EC-Council Certified Secure Programmer Java (ECSP) Duration: 3 days You Will Learn How To Apply Java security principles and secure coding practices Java Security Platform, Sandbox, JVM, Class
More informationCS 307: Software Engineering. Lecture 10: Software Design and Architecture
CS 307: Software Engineering Lecture 10: Software Design and Architecture Prof. Jeff Turkstra 2017 Dr. Jeffrey A. Turkstra 1 Announcements Discuss your product backlog in person or via email by Today Office
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationJohn Heimann Director, Security Product Management Oracle Corporation
John Heimann Director, Security Product Management Oracle Corporation Oracle9i Application Server v2 Security What s an Application Server? Development and deployment environment Web(HTML,XML,SOAP) J2EE
More informationSecuring ArcGIS Services
Federal GIS Conference 2014 February 10 11, 2014 Washington DC Securing ArcGIS Services James Cardona Agenda Security in the context of ArcGIS for Server Background concepts Access Securing web services
More information1.264 Lecture 16. Legacy Middleware
1.264 Lecture 16 Legacy Middleware What is legacy middleware? Client (user interface, local application) Client (user interface, local application) How do we connect clients and servers? Middleware Network
More informationCanada Education Savings Program (CESP) Data Interface Operations and Connectivity
(CESP) Version Number: 7.0 Version Date: November 24, 2016 Version History Version Release Date Description R 1.0 September 30, 1998 Initial version for HRSDC internal reviews. D 2.0 March 15, 1999 Ongoing
More informationAdvanced Access Control. Role-Based Access Control. Common Concepts. General RBAC Rules RBAC96
Advanced Access Control In many cases, identity is a bad criteria for authorization. We examine two modern paradigms for access control, which overcome this limitation: 1. Role-Based Access Control 2.
More informationChapter 10 Web-based Information Systems
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 10 Web-based Information Systems Role of the WWW for IS Initial
More informationService Interface Design RSVZ / INASTI 12 July 2006
Architectural Guidelines Service Interface Design RSVZ / INASTI 12 July 2006 Agenda > Mandatory standards > Web Service Styles and Usages > Service interface design > Service versioning > Securing Web
More informationBuilding High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways
Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways A PrismTech Product Line OMG's First Software Assurance Workshop: Working Together for
More informationCourse 10972B: Administering the Web Server (IIS) Role of Windows Server
Course 10972B: Administering the Web Server (IIS) Role of Windows Server Course Outline Module 1: Understanding and Installing Internet Information Services In this module, you will learn about the infrastructure
More informationAn Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 49-61 (2006) An Approach to XML-Based Administration and Secure Information Flow Analysis on an Object Oriented Role-Based Access Control Model CUNGANG
More informationW H IT E P A P E R. Salesforce Security for the IT Executive
W HITEPAPER Salesforce Security for the IT Executive Contents Contents...1 Introduction...1 Background...1 Settings Related to Security and Compliance...1 Password Settings... 1 Session Settings... 2 Login
More informationCooperative Secondary Authorization Recycling
Cooperative Secondary Authorization Recycling Qiang Wei, Matei Ripeanu, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (lersse.ece.ubc.ca) University of British
More informationFinancial Planning Institute of Southern Africa SETTING THE STANDARD. Continuous Professional Development (Cpd) Policy
FPI FPI Financial Planning Institute of Southern Africa SETTING THE STANDARD Continuous Professional Development (Cpd) Policy Table of Contents Definitions 3-4 Introduction 4 Primary Responsibility 5 Mandatory
More informationJ2EE Interview Questions
1) What is J2EE? J2EE Interview Questions J2EE is an environment for developing and deploying enterprise applications. The J2EE platform consists of a set of services, application programming interfaces
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationCertification Report
Certification Report Standard Edition v2.8.2 RELEASE Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of
More information2002 Journal of Software
1000-9825/2002/13(01)0092-07 2002 Journal of Software Vol13, No1,, (,100871) E-mail {zouwei,sjs,sunyc}@cspkueducn http//wwwpkueducn,,,,, ; ; ; TP311 A, (component-based software development, CBSD) CBSD,,,,
More informationCONNX SECURITY OVERVIEW
CONNX SECURITY OVERVIEW ConnX is a web-based application which can be installed in a variety of technical environments. This purpose of this document is to advise you on the security aspects that are provided
More informationConfiguring and Troubleshooting Windows Server 2008 Active Directory Domain Services
6425 - Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services Duration: 5 days Course Price: $2,975 Software Assurance Eligible Course Description Microsoft Windows Server
More informationIntroduction to application framework
Introduction to application framework for AGL Version 1.0 June 2016 Abstract This document presents the application framework created by IoT.bzh for AGL. Document revisions Date Version Designation Author
More informationDistributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, Abstract
Distributed Systems Security: Java, CORBA, and COM+ April L. Moreno September 14, 2002 Abstract Security can have varying levels of difficulty for implementation. One factor in determining the difficulty
More informationOASIS: Architecture, Model and Management of Policy
OASIS: Architecture, Model and Management of Policy Ken Moody Computer Laboratory, University of Cambridge 1 Overview OASIS : Architecture, Model and Policy 1. background to the research people, projects
More informationEnterprise SOA Experience Workshop. Module 8: Operating an enterprise SOA Landscape
Enterprise SOA Experience Workshop Module 8: Operating an enterprise SOA Landscape Agenda 1. Authentication and Authorization 2. Web Services and Security 3. Web Services and Change Management 4. Summary
More informationSecuring your Standards Based Services. Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri)
Securing your Standards Based Services Rüdiger Gartmann (con terra GmbH) Satish Sankaran (Esri) Agenda What are your security goals? Access control Standards and interoperability User management and authentication
More informationComponent-based software engineering. Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 19 Slide 1
Component-based software engineering Ian Sommerville 2004 Software Engineering, 7th edition. Chapter 19 Slide 1 Objectives To explain that CBSE is concerned with developing standardised components and
More informationVisit Mon General Registration
Visit Mon General Registration Fill-out your MyMonGen Registration card and present it to the registration staff at Mon General * Please Note: You must have a valid photo ID to sign up. Or Visit: MonGeneral.Com/MMG
More informationWeb Services. Lecture I. Valdas Rapševičius. Vilnius University Faculty of Mathematics and Informatics
Web Services Lecture I Valdas Rapševičius Vilnius University Faculty of Mathematics and Informatics 2014.02.28 2014.02.28 Valdas Rapševičius. Java Technologies 1 Outline Introduction to SOA SOA Concepts:
More informationOracle Fusion Middleware
Oracle Fusion Middleware What's New in Oracle WebLogic Server 11g Release 1 (10.3.5) E13852-07 April 2011 Welcome to Oracle WebLogic Server. The following sections describe new and changed functionality
More informationBusiness White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise
Business White Paper IDENTITY AND SECURITY Novell Access Manager Comprehensive Access Management for the Enterprise Simple, Secure Access to Network Resources Business Driver 1: Cost Novell Access Manager
More informationAuthentication and Authorization User Management within a Collaborative Community
Proceedings of the 11th WSEAS International Conference on COMPUTERS, Agios Nikolaos, Crete Island, Greece, July 26-28, 2007 565 Authentication and Authorization User Management within a Collaborative Community
More informationNETWORK DESIGN: MEDICAL FACILITY J.P. MARSHALL THOMAS ASHEY ROHAN GOTHWAL JENNIFER COLMAN SAMUEL CHERRY
NETWORK DESIGN: MEDICAL FACILITY J.P. MARSHALL THOMAS ASHEY ROHAN GOTHWAL JENNIFER COLMAN SAMUEL CHERRY Table of Contents Executive Summary 3 Written Description 4 Network Policies. 6 Security Policy.
More informationBraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationIdentity-based Access Control
Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like
More informationDigital Certificate Operation in a Complex Environment PKI ARCHITECTURE QUESTIONNAIRE
Digital Certificate Operation in a Complex Environment A project within the Joint Information Systems Committee s Authentication, Authorisation and Accounting middleware programme PKI ARCHITECTURE QUESTIONNAIRE
More informationMOC 6419B: Configuring, Managing and Maintaining Windows Server based Servers
MOC 6419B: Configuring, Managing and Maintaining Windows Server 2008- based Servers Course Overview This instructor-led course provides students with the knowledge and skills that are required to manage
More informationVMWARE NSX & OTRS. Automating Security with Help Desk Systems
TECHNICAL WHITE PAPER - MARCH 2018 VMWARE NSX & OTRS Automating Security with Help Desk Systems Sander Martijn (sander@vmguru.com) Anne Jan Elsinga (aelsinga@vmware.com) Martijn Smit (msmit@vmware.com)
More informationConfiguring a Windows Server 2008 Applications Infrastructure
Configuring a Windows Server 2008 Applications Infrastructure Course Number: 70-643 Course Length: 5 Days Course Overview The MCTS credential enables professionals to target specific technologies and distinguish
More informationSystem Security Features
System Security Features Overview Azeus Convene provides excellent user experience in holding meetings, as well as sharing, collaborating and accessing documents without compromising security. By using
More informationPrivileged Identity App Launcher and Session Recording
Privileged Identity App Launcher and Session Recording 2018 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are
More informationOracle Tuxedo. CORBA Technical Articles 11g Release 1 ( ) March 2010
Oracle Tuxedo CORBA Technical Articles 11g Release 1 (11.1.1.1.0) March 2010 Oracle Tuxedo CORBA Technical Articles, 11g Release 1 (11.1.1.1.0) Copyright 1996, 2010, Oracle and/or its affiliates. All rights
More informationSYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS
SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS David Murotake, (SCA Technica, Inc. Nashua NH, USA; david.murotak@scatechnica.com) Antonio Martin (SCA Technica, Inc., Nashua NH, USA;
More informationSoftware Components and Distributed Systems
Software Components and Distributed Systems INF5040/9040 Autumn 2017 Lecturer: Eli Gjørven (ifi/uio) September 12, 2017 Outline Recap distributed objects and RMI Introduction to Components Basic Design
More informationSSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More information"Web Age Speaks!" Webinar Series
"Web Age Speaks!" Webinar Series Java EE Patterns Revisited WebAgeSolutions.com 1 Introduction Bibhas Bhattacharya CTO bibhas@webagesolutions.com Web Age Solutions Premier provider of Java & Java EE training
More informationSecurity in the Privileged Remote Access Appliance
Security in the Privileged Remote Access Appliance 2003-2018 BeyondTrust, Inc. All Rights Reserved. BEYONDTRUST, its logo, and JUMP are trademarks of BeyondTrust, Inc. Other trademarks are the property
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationObject Security. Model Driven Security. Ulrich Lang, Rudolf Schreiner. Protection of Resources in Complex Distributed Systems
Object Security TM The Security Policy Company Protection of Resources in Complex Distributed Systems Ulrich Lang, Rudolf Schreiner ObjectSecurity Ltd. University of Cambridge Agenda COACH Project Model
More informationToday: Distributed Objects. Distributed Objects
Today: Distributed Objects Case study: EJBs (Enterprise Java Beans) Case study: CORBA Lecture 23, page 1 Distributed Objects Figure 10-1. Common organization of a remote object with client-side proxy.
More informationFLORIDA INTERNATIONAL UNIVERSITY SCHOOL OF COMPUTER SCIENCE THE CENTER FOR ADVANCED DISTRIBUTED SYSTEMS ENGINEERING (CADSE) TECHNICAL REPORT
FLORIDA INTERNATIONAL UNIVERSITY SCHOOL OF COMPUTER SCIENCE THE CENTER FOR ADVANCED DISTRIBUTED SYSTEMS ENGINEERING (CADSE) TECHNICAL REPORT 2000-01 DESIGN AND IMPLEMENTATION OF RESOURCE ACCESS DECISION
More informationData Backup and Contingency Planning Procedure
HIPAA Security Procedure HIPAA made Easy Data Backup and Contingency Planning Procedure Please fill in date implemented and updates for your facility: Goal: This document will serve as our back-up storage
More informationA Flexible Architecture for Enforcing and Composing Policies in a Service-Oriented Environment
A Flexible Architecture for Enforcing and Composing Policies in a Service-Oriented Environment Tom Goovaerts, Bart De Win, and Wouter Joosen DistriNet Research Group, Katholieke Universiteit Leuven Celestijnenlaan
More informationA Framework Supporting Quality of Service for SOA-based Applications
A Framework Supporting Quality of Service for SOA-based Applications Phung Huu Phu, Dae Seung Yoo, and Myeongjae Yi School of Computer Engineering and Information Technology University of Ulsan, Republic
More informationNAC 2007 Spring Conference
NAC 2007 Spring Conference Click to edit Master title style OASIS XACML Update Hal Lockhart Office of the CTO BEA Systems hlockhar@bea.com Hal Lockhart Senior Principal Technologist, OCTO Co-chair XACML
More informationAccess Control (slides based Ch. 4 Gollmann)
Access Control (slides based Ch. 4 Gollmann) Preliminary Remarks Computer systems and their use have changed over the last three decades. Traditional multi-user systems provide generic services to their
More informationControl-M and Payment Card Industry Data Security Standard (PCI DSS)
Control-M and Payment Card Industry Data Security Standard (PCI DSS) White paper PAGE 1 OF 16 Copyright BMC Software, Inc. 2016 Contents Introduction...3 The Need...3 PCI DSS Related to Control-M...4 Control-M
More informationFactsheet of Public Services Infrastructure (PSi) Updated on: 1st Sep 03
Factsheet of Public Services Infrastructure (PSi) Updated on: 1st Sep 03 1 Objective of Paper 1.1 This document provides an overview of the Public Services Infrastructure (PSi). 2 Overview of PSi 2.1 PSi
More informationService Mesh and Microservices Networking
Service Mesh and Microservices Networking WHITEPAPER Service mesh and microservice networking As organizations adopt cloud infrastructure, there is a concurrent change in application architectures towards
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationIntroduction. The Safe-T Solution
Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6 Introduction As the world becomes much more digital and global,
More information