Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways

Similar documents
Introduction. Enterprise Java Instructor: Please introduce yourself Name Experience in Java Enterprise Edition Goals you hope to achieve

Data-Centric Architecture for Space Systems

OMG Real Time Workshop

Data Consistency with SPLICE Middleware. Leslie Madden Chad Offenbacker Naval Surface Warfare Center Dahlgren Division

Today: Distributed Objects. Distributed Objects

Model-Driven QoS Provisioning Techniques for CCM DRE Systems

Towards integration of the Data Distribution Service with the CORBA Component Model

Distributed Middleware. Distributed Objects

MILS Multiple Independent Levels of Security. Carol Taylor & Jim Alves-Foss University of Idaho Moscow, Idaho

Component-based Engineering for Embedded Systems USA EU workshop

Web Services. Lecture I. Valdas Rapševičius. Vilnius University Faculty of Mathematics and Informatics

Introduction to Web Services & SOA

The MILS Partitioning Communication System + RT CORBA = Secure Communications for SBC Systems

PRISMTECH. Benchmarking OMG DDS for Large-scale Distributed Systems. Powering Netcentricity

Designing High Performance IEC61499 Applications on Top of DDS

SYSTEM THREAT ANALYSIS FOR HIGH ASSURANCE SOFTWARE DEFINED RADIOS

Object-Oriented Middleware for Distributed Systems

Deploying DDS on a WAN and the GIG: The DDS Routing Service. Gerardo Pardo-Castellote, Ph.D. The Real-Time Middleware Experts

WAN-DDS A wide area data distribution capability

Distribution and web services

Computing and Communications Infrastructure for Network-Centric Warfare: Exploiting COTS, Assuring Performance

A Data-Centric Approach for Modular Assurance Abstract. Keywords: 1 Introduction

Eclipse SOA Tooling Platform: Project Overview. An Overview of the Eclipse STP (SOA Tooling Platform) Project

Web Services. Lecture I. Valdas Rapševičius Vilnius University Faculty of Mathematics and Informatics

Cloud Computing Chapter 2

Appendix A - Glossary(of OO software term s)

WebSphere 4.0 General Introduction

CAS 703 Software Design

Introduction to Web Services & SOA

Real-time & Embedded Systems Workshop July 2007 Building Successful Real-time Distributed Systems in Java

From MDD back to basic: Building DRE systems

CORBA (Common Object Request Broker Architecture)

Model Driven Architecture and Rhapsody

Object Security. Model Driven Security. Ulrich Lang, Rudolf Schreiner. Protection of Resources in Complex Distributed Systems

Middleware definitions and overview

CHAPTER 1: OPERATING SYSTEM FUNDAMENTALS

An Intro to Service Oriented Architecture

UCSD Extension. Fundamentals of Web Services. Instructor: John Pantone. 2007, Objectech Corporation. All rights reserved

Towards a Unified Component & Deployment Model for Distributed Real Time Systems

A QoS-aware CCM for DRE System Development

Chapter 4 Communication

Enterprise Geographic Information Servers. Dr David Maguire Director of Products Kevin Daugherty ESRI

Introduction to Distributed Systems. INF5040/9040 Autumn 2018 Lecturer: Eli Gjørven (ifi/uio)

Distributed Systems. What is a Distributed System?

Component-based Architecture Buy, don t build Fred Broks

SimWare-Kernel Real Time Communication System for Simulation (Paper by: Bruno Calvo, Ignacio Seisdedos)

CHAPTER 2. Introduction to Middleware Technologies

Electronic Payment Systems (1) E-cash

the Corba/Java Firewall

Protecting the Hosted Application Server

Chapter 16. Layering a computing infrastructure

Vortex Whitepaper. Simplifying Real-time Information Integration in Industrial Internet of Things (IIoT) Control Systems

IEEE Issues in Microgrids Evolution towards a distributed energy future William J. Miller, President, MaCT USA

Data Model Considerations for Radar Systems

Introduction to Distributed Systems (DS)

Transforming Hierarchical C2 into Collaborative C2

Topics on Web Services COMP6017

Verteilte Systeme (Distributed Systems)

Course 7. Reusability, interoperability. S. Motogna - Software Quality

Building the Enterprise

KINGS COLLEGE OF ENGINEERING DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING ACADEMIC YEAR (ODD SEMESTER) QUESTION BANK

History of Enterprise Java

Weapon Systems Open Architecture Overview

Kepware Whitepaper. IIoT Protocols to Watch. Aron Semle, R&D Lead. Introduction

Web Service. Development. Framework and API. Management. Strategy and Best Practices. Yong Cao The Boeing Company RROI #: CORP

Distributed Object-Based Systems The WWW Architecture Web Services Handout 11 Part(a) EECS 591 Farnam Jahanian University of Michigan.

Service Oriented Architectures Visions Concepts Reality

Applying Microservices in Webservices, with An Implementation Idea

Chapter 4 Communication

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

Model-Driven Optimizations of Component Systems

Services Oriented Architecture and the Enterprise Services Bus

FIPS Validated i WLAN

Semantic SOA - Realization of the Adaptive Services Grid

Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006

Integrating esystems: Technology, Strategy, and Organizational Factors

Architecture of Distributed Systems Component-based Systems

Adapting Enterprise Distributed Real-time and Embedded (DRE) Pub/Sub Middleware for Cloud Computing Environments

Software Components and Distributed Systems

MODEL-DRIVEN DEVELOPMENT OF COMMAND AND CONTROL CAPABILITIES FOR JOINT AND COALITION WARFARE

Multi-Domain exchange (MDeX) System

ITSS Model Curriculum. - To get level 3 -

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

The Ocarina Tool Suite. Thomas Vergnaud

Vortex OpenSplice. Python DDS Binding

Best Practices for Deploying Web Services via Integration

Software MEIC. (Lesson 20)

AIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0

Beyond Web Services A network-centric approach to system design

Market leading web application server product

SOA Architect. Certification

Multiple Independent Layers of Security (MILS) Network Subsystem Protection Profile (MNSPP) An Approach to High Assurance Networking Rationale

Distributed Information Processing

Service-Oriented Architecture (SOA)

Solace JMS Broker Delivers Highest Throughput for Persistent and Non-Persistent Delivery

F6 Model-driven Development Kit (F6MDK)

Identity-Enabled Web Services

Using JBI for Service-Oriented Integration (SOI)

Vortex Whitepaper. Intelligent Data Sharing for the Business-Critical Internet of Things. Version 1.1 June 2014 Angelo Corsaro Ph.D.

Symantec Network Access Control Starter Edition

Transcription:

Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways A PrismTech Product Line OMG's First Software Assurance Workshop: Working Together for Confidence Fairfax, VA, March 6, 2007

Building High-Assurance Systems with Middleware Security Gateways Presentation Outline Introduction Motivation Background Distribution Middleware Level Security Application Level vs. Distribution Middleware Level Security Domain Protection Approach Supported Middleware Types Enforcement Aspects Application Level Security Management Security Policy Creation and Definition Support Security Policy Adaptation and Administration Support Addressing Information Assurance Information Assurance @ Application/Middleware Level Defense-in-Depth What about MILS? Slide 2 PrismTech 2007

Introduction Motivation PrismTech involved in a number of projects where customers build systems (and systems of systems) with high information assurance requirements based on distribution middleware as much as possible from COTS hardware and software infrastructure products using several types of standardized middleware CORBA OMG Data Distribution Service for Real-time Systems (DDS) XML/SOAP/WSDL following a paradigm of interacting components Client/Server closely coupled SOA-like (loosely coupled) Publish/Subscribe (LAN, WAN) Problem: How to keep control how the components effect each other One approach: declarative security enforcement for component interactions by middleware-level security gateways What about improving the assurance of the overall system by smart partitioning into components and enforcing declarative security controls on the interactions? Slide 3 PrismTech 2007

Introduction Background: OACE (example multi-middleware CE) A Technical Architecture for systems of systems mandated by the US Navy Mainstream Standards Based... Open Architecture Computing Environment (OACE) Middleware Operating Systems Mainstream COTS Computing Technology A Functional Architecture Technical Reference Model That Identifies Software Domains and Interface Relationships Warfighting Applications Common Service Applications Specifications, Standards & Design Guidance An OA Approach is an Integrated Technical and Business Strategy Focused on Increasing the Effectiveness of a Capability, While Decreasing Cost, Increasing Operational Life and Providing Improvements Through Planned Upgrades Operating System & Middleware View Non-Real-Time e.g. IT21 Administrative Unclassified High Security Enclave Network & Computer View External K F E D E R A T E D R Security Gateway High Avail. Switched Tactical Displays Layer 3 Switch / Router Primary Real-Time Computing Interconnect Domains Std. LAN Non- Critical Link Broker I N T E G R A T E D R Tactical Links L Routed Link S T O R A G E R K Embedded & Legacy e.g Sig Pro Unique Domains e.g. HM&E Sensors Security Domains Unclassified System High Limited Access KG / TAC LANE Standards Based Standards Based Domain Unique Open Architecture Computing Environment (OACE) Standards-based Commercial mainstream Warfighting Applications & Common services Middleware (OMG) Operating Systems (IEEE POSIX ) Mainstream COTS Processors Cable Plant & Layer 3 Switched/Routed LAN (TIA, IETF) App App App App Svc Svc Svc Distribution Adaptation Frameworks OS OS OS OS OS OS CPU CPU CPU CPU CPU CPU R e s o u r c e M a n a g e m e n t Components are defined and interact with each other using distribution middleware CORBA DDS XML/SOAP expected Slide 4 PrismTech 2007

Introduction Background: PrismTech Providing distribution middleware, component technologies, and modeling/development environments (productivity tools) is PrismTech s core competence With its enterprise middleware security gateway product line (firewall like, for IIOP [CORBA, Java-RMI] and SOAP), substantial experience gained in the enforcement of security at the middleware layer following a gateway approach (incl. performance and high-availability issues) Where we re going: middleware security gateways for DRE environments Vision: such gateways together with appropriate modeling (deployment) support can also serve for higher assurance (bringing separation to the higher abstraction levels (inspired by separation kernel OSs) Slide 5 PrismTech 2007

Introduction Application Level vs. Middleware Level Security COTS best-practice security technology (network level or transport level encryption, firewalls, 3A products, IDS products etc.) does not support application level authorization/access control application level content inspection/filtering application level audit for any of the distribution middleware expected to be used in OACE-like computing environments Application level security being built per application would be contrary to many goals of an Open Architecture (e.g., portability, reusability, cost reduction) Most appropriate architectural layer for application security enforcement seems to be the distribution middleware layer, but lack of mature standards and/or products wrt. Security (CORBA, DDS) Slide 6 PrismTech 2007

Distribution Middleware Level Security Domain Protection Approach Question: What is the best approach (and implementation technique) for security enforcement to achieve information assurance (somehow similar to the question of best granularity of components) A fact of life: Application level security can best be implemented for interactions between software components (coherent function blocks under one security administration) Our proposal: using the domain concepts (familiar from dealing different security/classification levels) for the structuring wrt. security in general. Security is achieved by domain protection. A domain can typically be A component server (EJB, CCM etc.) A sub network with a defined entry point. Sub network can be protected more effectively (one component of higher level evaluation) Security Gateways Slide 7 PrismTech 2007

Distribution Middleware Level Security Middleware Types Targeted RT-CORBA Well defined interoperability protocol Well defined message formats DDS Well defined interoperability protocol on the way of standardization Well defined message formats Web Services Well defined interoperability protocol Well defined message formats XML as format very widely used Further distribution middleware as soon as adopted Slide 8 PrismTech 2007

Distribution Middleware Level Security Typical Environmental Enforcement Aspects Distribution Middleware Security Gateway must be able to act autonomously, e.g., if network connection to infrastructure servers is lost. However, security policy changes (e.g., for reflective resource management) must be enforced without any delay. Distribution Middleware Security Gateway must itself be real-time capable (e.g. prioritization of message handling) Very high performance, delay, throughput, and jitter requirements Slide 9 PrismTech 2007

Application Level Security Management Security Policy Creation and Definition Support Security policies to be enforced by the middleware security gateway are formalized policies (XACML, possibly extended) in form of files to be held locally Are loaded and activated in a secure way (encryption) Can be subject to evaluation and certification Initial policies can be generated as a result of the modeling of the system to be protected Security policies (in the formal representation) can be analyzed/evaluated with regards to consistency in itself Security policies (in the formal representation) can be analyzed/evaluated with regards to consistency with the security policies of other domains Slide 10 PrismTech 2007

Application Level Security Management Policy Adaptation and Administration Support The middleware security gateways have a secure policy upload facility that interacts with a security policy server (push and pull modes supported). Each rule can have an annotation if it still applies in case the gateway cannot be sure the policy version locally available is still the most current one (e.g., if the policy server cannot be reached). Policy adaptation before deployment and binding Graphical User Interfaces for policy administration Programming Interfaces Command-line interfaces Automated tools for security policy versioning, audit, and roll-back. Slide 11 PrismTech 2007

Addressing Information Assurance Information Assurance @ Application/Middleware Level Application security policy enforcement between domains of the same security level (and other classifications) enables the implementation of a divide-and-rule security philosophy High assurance only needed at the control/enforcement point (middleware security gateways, active security policies, incl. gateway software, OS hardware) Not all software run within a domain must have the same high assurance Effort and cost for the verification and certification of the overall system/platform (system of systems, potentially from different vendors) can drastically be reduced. Best practice security (encryption and network or transport level firewalling) cannot ensure this Application security policy enforcement between domains of different security levels can be made easier (requires MLS certification / future option) Slide 12 PrismTech 2007

Addressing Information Assurance Defense-in-Depth Security measures of a domain can be implemented following a defense-in-depth strategy, e.g., Packet filter, transport level or stateful inspection at the domain entry point Encryption/decryption of the stream The middleware security gateway Application level security logic at the component server Security gateways enable the ad-hoc implementation of security checks without access or replacement of the applications Third-party vendors Immediate action required Slide 13 PrismTech 2007

Addressing Information Assurance What about MILS? The middleware security gateway enables the implementation of the MILS philosophy (minimum chunks of code that need verification) for an increased overall system/platform assurance at the higher abstraction level of distribution middleware. It can be implemented on top of a MILS system, e.g., in a separate partition Separate domains which interactions are security controlled by the middleware security gateway can be implemented in different partitions of one MILS system Slide 14 PrismTech 2007

Deployment Scenarios Multi-Purpose Component Often, CORBA based application systems and architectures (also in RTE systems) use object references as a means of implicit authorization. Implicit authorization (in this context) means handing over an object reference to a client object does not only provide the necessary addressing and context information but also authorizes the client entity to access the respective object. An implicit assumption in such schemes is that other entities which have not legally received an object reference for the object can not access the object. (object references are often provided by a CORBA Name Service instance only and access to the Name Services is restricted to legal client entities). The main advantage of the implicit authorization principle is that it avoids the need for the implementation of an additional logic consisting of explicit access rights basically just restate the interaction logic between the CORBA objects. Slide 15 PrismTech 2007

Building High-Assurance Systems out of Software Components of Lesser Assurance Using Middleware Security Gateways A PrismTech Product Line OMG's First Software Assurance Workshop: Working Together for Confidence Fairfax, VA, March 6, 2007

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback