QuanTM Architecture for Web Services

Similar documents
QuanTM Architecture for Web Services

Service Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003

Running CyberCIEGE on Linux without Windows

Multi-Modal Communication

ARINC653 AADL Annex Update

Kathleen Fisher Program Manager, Information Innovation Office

FUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.

Using Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland

2013 US State of Cybercrime Survey

DoD Common Access Card Information Brief. Smart Card Project Managers Group

C2-Simulation Interoperability in NATO

Towards a Formal Pedigree Ontology for Level-One Sensor Fusion

Empirically Based Analysis: The DDoS Case

4. Lessons Learned in Introducing MBSE: 2009 to 2012

ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)

A Review of the 2007 Air Force Inaugural Sustainability Report

Using Templates to Support Crisis Action Mission Planning

Information, Decision, & Complex Networks AFOSR/RTC Overview

75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS

Concept of Operations Discussion Summary

COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)

Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED

Technological Advances In Emergency Management

Dana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:

Topology Control from Bottom to Top

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

A Distributed Parallel Processing System for Command and Control Imagery

Web Site update. 21st HCAT Program Review Toronto, September 26, Keith Legg

Setting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series. Digital IF Standardization

Space and Missile Systems Center

Washington University

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

U.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC

Wireless Connectivity of Swarms in Presence of Obstacles

MODELING AND SIMULATION OF LIQUID MOLDING PROCESSES. Pavel Simacek Center for Composite Materials University of Delaware

An Update on CORBA Performance for HPEC Algorithms. Bill Beckwith Objective Interface Systems, Inc.

Corrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011

Architecting for Resiliency Army s Common Operating Environment (COE) SERC

Space and Missile Systems Center

75 TH MORSS CD Cover Page. If you would like your presentation included in the 75 th MORSS Final Report CD it must :

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Data Warehousing. HCAT Program Review Park City, UT July Keith Legg,

ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD

SINOVIA An open approach for heterogeneous ISR systems inter-operability

The C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links

Ross Lazarus MB,BS MPH

PreSTA: Preventing Malicious Behavior Using Spatio-Temporal Reputation. Andrew G. West November 4, 2009 ONR-MURI Presentation

Headquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS

Using the SORASCS Prototype Web Portal

BUPT at TREC 2009: Entity Track

Accuracy of Computed Water Surface Profiles

ATCCIS Replication Mechanism (ARM)

A Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud

Components and Considerations in Building an Insider Threat Program

Guide to Windows 2000 Kerberos Settings

Cyber Threat Prioritization

Dynamic Information Management and Exchange for Command and Control Applications

Office of Global Maritime Situational Awareness

Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024

LARGE AREA, REAL TIME INSPECTION OF ROCKET MOTORS USING A NOVEL HANDHELD ULTRASOUND CAMERA

Distributed Real-Time Embedded Video Processing

Shallow Ocean Bottom BRDF Prediction, Modeling, and Inversion via Simulation with Surface/Volume Data Derived from X-Ray Tomography

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

SURVIVABILITY ENHANCED RUN-FLAT

SCICEX Data Stewardship: FY2012 Report

Exploring the Query Expansion Methods for Concept Based Representation

David W. Hyde US Army Engineer Waterways Experiment Station Vicksburg, Mississippi ABSTRACT

By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community

PRIS at TREC2012 KBA Track

Basing a Modeling Environment on a General Purpose Theorem Prover

Col Jaap de Die Chairman Steering Committee CEPA-11. NMSG, October

Lessons Learned in Adapting a Software System to a Micro Computer

Energy Security: A Global Challenge

Balancing Transport and Physical Layers in Wireless Ad Hoc Networks: Jointly Optimal Congestion Control and Power Control

Preventing Insider Sabotage: Lessons Learned From Actual Attacks

CENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE

VICTORY VALIDATION AN INTRODUCTION AND TECHNICAL OVERVIEW

A Methodology for End-to-End Evaluation of Arabic Document Image Processing Software

MATREX Run Time Interface (RTI) DoD M&S Conference 10 March 2008

Approaches to Improving Transmon Qubits

WAITING ON MORE THAN 64 HANDLES

An Efficient Architecture for Ultra Long FFTs in FPGAs and ASICs

Introducing I 3 CON. The Information Interpretation and Integration Conference

32nd Annual Precise Time and Time Interval (PTTI) Meeting. Ed Butterline Symmetricom San Jose, CA, USA. Abstract

HEC-FFA Flood Frequency Analysis

Agile Modeling of Component Connections for Simulation and Design of Complex Vehicle Structures

2011 NNI Environment, Health, and Safety Research Strategy

DEVELOPMENT OF A NOVEL MICROWAVE RADAR SYSTEM USING ANGULAR CORRELATION FOR THE DETECTION OF BURIED OBJECTS IN SANDY SOILS

Better Contextual Suggestions in ClueWeb12 Using Domain Knowledge Inferred from The Open Web

Automation Middleware and Algorithms for Robotic Underwater Sensor Networks

Next generation imager performance model

Computer Aided Munitions Storage Planning

Secure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool

Current Threat Environment

Nationwide Automatic Identification System (NAIS) Overview. CG 939 Mr. E. G. Lockhart TEXAS II Conference 3 Sep 2008

DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation

ASPECTS OF USE OF CFD FOR UAV CONFIGURATION DESIGN

Advanced Numerical Methods for Numerical Weather Prediction

PEO C4I Remarks for NPS Acquisition Research Symposium

Transcription:

QuanTM Architecture for Web Services Insup Lee Computer and Information Science University of Pennsylvania ONR MURI N00014-07-1-0907 Review Meeting June 10, 2010

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 10 JUN 2010 2. REPORT TYPE 3. DATES COVERED 00-00-2010 to 00-00-2010 4. TITLE AND SUBTITLE QuanTM Architecture for Web Services 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) University of Pennsylvania,Computer and Information Science,3451 Walnut St,Philadelphia,PA,19104 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES MURI Review, June 2010. U.S. Government or Federal Rights License 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 24 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

QuanTM Architecture ( I I ----... Local Policy f I -- --... ( '\ I Compliance Value Request & Credentials Action Reputation Database Decision Meta-Polic \ - Trust Manager - - -./ \ Reputation Manager - - - -./ Decision 1 Manager '----"' Feedback 1 ~ Penn ~ Engineering 6/10/2010 QuanTM for mashup 2

Application Area: Service Mashups What is Mashup: Wikipedia definition A mashup is a web page or application that uses or combines data or functionality from two or many more external sources to create a new service. Definition from academia literature A mashup is a website or web application that seamlessly combines content from more than one source into an integrated experience. Key aspect: It involves multiple administrative/trust domains 6/10/2010 QuanTM for mashup 3

Service Mashup Mashup Architecture For example, the content may be drawn from local data repositories, from existing local and external web pages, accessed via SOA based APIs, and from intermediate content brokers. 6/10/2010 QuanTM for mashup 4

More on Mashup (cont.) Mashup Types: Data mashups combine similar types of media and information from multiple sources into a single representation Consumer mashups combines different data types. Generally visual elements and data from multiple sources Business mashups generally define applications that combine own resources, application and data, with other external web services, allowing for collaborative action among businesses and developers 6/10/2010 QuanTM for mashup 5

Data Mashup Example RSS Feed Integrate new post on from various blogs, websites using Google Reader Integrate headline news from various news source, such as: NY-Times.com, CNN.com, and BBC.com Enterprise Data Mashup aggregate relational datastores represented as federated query server 6/10/2010 QuanTM for mashup 6

Client Mashup Example One widely-cited example of web mashup: www.housingmaps.com combines Google Maps data with Craigslist s housing data and presents an integrated view of the prices of the houses at various locations on the Google map. 6/10/2010 QuanTM for mashup 7

Business Mashup Example E-trading mashup is a trading platform to allow their customers to trade globally. For a particular trading transaction: Customer Alice initiates the trade request with Service B. This is based on the pricing chart provided by Service C s charting service, with real-time price input from Service D. Identity Alice Service B Role Trade Requestor Trade Provider Service B Alice Service C Charting Service Provider Service D Real-time Price Provider Service C Service D 6/10/2010 QuanTM for mashup 8

Web-based Mashup (WbM) Definition: mashup typically use the user's Web browser to combine and reformat the data Challenges: Need to transfer/share information cross multiple trust domains Limitations: The current security model used by web browsers, the Same Origin Policy (SOP), does not support secure cross-domain communication desired by web mashup developers. The developers need to choose between: no trust: where no cross-site communication is allowed full trust: where third-party content runs with the full privilege of the integrator (mashup provider), after explicit user consent 6/10/2010 QuanTM for mashup 9

Server-based Mashup (SbM) Definition: analyze and reformat the data on a remote server and transmit the data to the user's browser in its final form Features: It does not suffer from the SOP limitation Security issues can be addressed using corresponding security protocols/standards, such as: OAuth authentication technique Limitations: Requires user to give complete trust to mashup providers on accessing his/her private data Need a proxy mashup service instead of using client-side computation resource. 6/10/2010 QuanTM for mashup 10

QuanTM to the rescue! Trust manager evaluates if a mashup site is acceptable Reputation manager evaluates service reputation attributes Decision manager evaluates overall mashup fitness 6/10/2010 QuanTM for mashup 11

Which mashup to use/trust? QuanTM can be applied as a powerful trust framework, replacing current SOP Some mashups may be ruled out by local policy. E.g.,: no mashup is allowed to execute, if: some service components do not support secure connections it needs third-party service to read user email contacts Acceptable mashup according to static local policy may have various trust-levels: E.g., one service component is known to leak user information to third-party violating privacy requirement Decision policy used to make the final decision Different from the aforementioned local policy above 6/10/2010 QuanTM for mashup 12

Trust Manager I I ----" -- Local Policy Compliance Value -- Request & Credentials i---;'.----1 -,.;~ Reputation Algorithm t Action \ Trust Manager / \ Reputation Manager / Decision lvfanager,,. Feedback ~ Penn ~ Engineering 6/10/2010 QuanTM for mashup 13

Trust Manager Indentify service components of mashup DNS name as identifier Use local policy to evaluate mashup compliance Qualitative value representing compliance with the policy Construct trust dependency graph (TDG) Based on mashup dataflow and workflow May require analyzing underlying javascript code 6/10/2010 QuanTM for mashup 14

Trust Dependency Graph (TDG) An encoding of mashup workflow/dataflow Reflect trust in principals and trust relations Edges represent trust dependencies Reputations are assigned to TDG elements 6/10/2010 QuanTM for mashup 15

TDG for Housingmaps Data sources: map data house listings Services: Google overlay data on maps Craiglslist deliver user data Housingmaps parse and filter data from Craigslist send to Google arrange results Housingmaps ^ Google Craigslist Map data User data 6/10/2010 QuanTM for mashup 16

Reputation Manager I I ---- ~.-----... Reputation Quantifier Request & Credentials 1 ~t-- Reputation 1 ~ Action Algorithm v I / I TDG I.., \ < Reputation Database Reputation Manager..._---./ ~ Penn ~ Engineering 6/10/2010 QuanTM for mashup 17

Reputation Manager Calculate trust value Assign reputations to TDG edges using reputation values push reputation values up the graph Build reputation using existing databases, e.g., General DNS reputation DB Google PageRank Trust-of-Web reputation DB Update reputation based on feedback Past performance of the service Experiences from other mashups and direct uses 6/10/2010 QuanTM for mashup 18

TDG for Housingmaps with reputation Data sources: map data house listings Services: Google overlay data on maps Craiglslist deliver user data Housingmaps parse and filter data from Craigslist send to Google arrange results Housingmaps 0.54 0.99 Google Craigslist 0.99 Map data User data ^ MIN 0.9 0.6 6/10/2010 QuanTM for mashup 19

Decision Manager Reqllest & Credentials < Reputation Database 1 ( '\ < I I Context > Tnfonnatiol)' I I I I I I <rv/ -+-+' v I..._ I ~ Decision Meta-Policy Decision Manager Action Feedback ~ Penn ~ Engineering 6/10/2010 QuanTM for mashup 20

Decision Manager Uses an user-specific meta-policy Context monitors Cost-benefit analysis Game-theoretic formalization Simple example: Threshold policy If CV='maybe' and TV>0.5 -> Fulfill request If CV='true' always fulfill request In general, thresholds can be adaptive 6/10/2010 QuanTM for mashup 21

Current and Future Work Design local policy language for WbM Allow user to specify their static trust requirement Technique to construct TDG for WbM based on code (e.g., javascript) analysis Integerate availble service reputaton E.g., DNS reputation, PageRank, Trust-of-Web Score Design Decision policy language for WbM Allow user to specify their dynamic trust requirement Implementation of QuanTM WbM as extension for real-world application (e.g., Firefox web brower) TDG-carrying services 6/10/2010 QuanTM for mashup 22

End

Applying QTM to Mashup Evaluation and selection of services to use Differences from access control: request is now an entry for consideration Services may be evaluated initially and/or re-evaluated periodically delegation is one service using another as part of its operation policy describes rules for selecting and comparing services Similarities: Trust in an entity depends on dependencies and past performance Issues Accountability Authentication (access control) and non-repudiation guarantees need to be provided. Service Selection Need to understand the QoS of available service components, and choose the most suitable/trustworthy ones to build mashup 6/10/2010 QuanTM for mashup 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback