140 likes | 224 Views
Secure Pipes & Filters Pattern. Pre requisites. Pipes & Filters: Provides a structure for system that process a stream of data RBAC : Assign rights to users according to their roles in an institution. Intro.
E N D
Pre requisites Pipes & Filters: Provides a structure for system that process a stream of data RBAC: Assign rights to users according to their roles in an institution.
Intro The Secure Pipes and Filters pattern provides secure handling of data streams. Each processing step applies some data transformation or filtering. The rights to perform the filtering and the movement of data are controlled.
Example Law Firm
Context Processing data streams in different stages, with different levels of responsibility and rights, used to control who can perform data transformations.
Problem Different stages are needed before data reaches the final stage, this happens for several reasons: every component performs specialized functions over the data, the global architecture or hierarchical organization requires this flow and this approach makes the system more flexible. Every time the data reach a different stage, exclusive functions are applied. In the previous example the secretary can create the legal document, but privileges such as inserting legal advisory or signing the document are restricted to her level. In this kind of system, we may need the flexibility to reorder the steps of the process or change the processing steps. In the example above a new lawyer may be assigned to the case, but the responsibilities and privileges should remain intact.
Problem The design of the system has to consider the following forces: • The information can go in either direction in the system. Filtering can be applied in each case. • The system needs to assign privileges according to each stage of processing and roles involved. • We might require using signatures or authentication between stages. • The right to reconfigure the stages within the data flow must be controlled
Solution The Secure Pipes and filters pattern provides a secure way to divide the processing of data to different sequential stages or steps. The exchange of information between stages is secured. In the figure below we can observe one approach to add security, implementing RBAC.
Solution Authentication Information Authentication Information 1 1 check check 1 1 Right Filter j Filter i Right Right Pipeline i op1 op1 op2 op3 op1 op2 op1 op2 op1 op2 Right configure « role » Role1 « role » Role2 « role » Role3 « role » Role4 Class Diagram
Dynamics :Subject :RefMonitor :Right :Filter i :Data Source :Data Sink request_op1 checkRights decision decision request_op1 read data op1 write data Sequence Diagram
Example Resolved Authentication Information Authentication Information 1 1 check check 1 1 Document Creation Pipeline i Document Registration read addTemplate write read write sign Right Right Right Right configure read write sign read read addTemplate write « role » Administrator « role » Principal Lawyer « role » Assistant Lawyer « role » Secretary Class Diagram
Known Uses XML Pipeline Definition Language (XPL) Role-Based Trust-Management Markup Language (RTML) xoRBAC SeMoA
Consequences The use of this pattern yields to the following benefits: • The system assigns privileges according to each stage of processing. The use of operations over the data, is now restricted with the implementation of either RBAC or Access Matrix models. • The use of encryption between stages is possible, adding the possibilities of secure messages and digital signatures. • The Administrator role controls the reconfiguration of stages. Applying this pattern imposes the following liabilities: • The general performance of the system worsens due to the overhead of the security checks.
References • [Bus96] F. Buschmann, R. Meunier, H. Rohnert, P. Sommerlad, M. Stal. Pattern-Oriented Software Architecture: A System of Patterns, Volume 1, West Sussex, England: John Wiley & Sons, 1996. • [Fer01a] E. B. Fernandez and R. Pan,“ A Pattern Language for security models”, Procs. of the 8th Annual Conference on Pattern Languages of Programs (PLoP 2001), 11-15 September 2001, Allerton Park Monticello, Illinois, USA, 2001. Also available from: http://jerry.cs.uiuc.edu/~plop/plop2001/accepted_submissions • [Sch06] M. Schumacher, E.B.Fernandez, D. Hybertson, F. Buschmann, and P. Sommerlad, Security Patterns: Integrating security and systems engineering, West Sussex, England: John Wiley & Sons 2006. • [Xpl] http://www.orbeon.com/ops/doc/reference-xpl-pipelines • [Rtm] http://xml.coverpages.org/ni2004-04-05-a.html • [Xor] http://wi.wu-wien.ac.at/home/mark/xoRBAC/index.html • [Sem] http://www.semoa.org/docs/features.html