1 / 24

Data and Applications Security Developments and Directions

Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #13 Secure Distributed Object Systems February 22, 2005. Outline. Background Object Request Brokers Secure Object Request Brokers

russellc
Download Presentation

Data and Applications Security Developments and Directions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #13 Secure Distributed Object Systems February 22, 2005

  2. Outline • Background • Object Request Brokers • Secure Object Request Brokers • Dependable Object Request Brokers • Directions

  3. Object Model: Review • Objects- every entity is an object • Example: Book, Film, Employee, Car • Class • Objects with common attributes are grouped into a class • Attributes or Instance Variables • Properties of an object class inherited by the object instances • Class Hierarchy • Parent-Child class hierarchy • Composite objects • Book object with paragraphs, sections etc. • Methods • Functions associated with a class

  4. D1 D2 J1 Example Class Hierarchy ID Name Author Publisher Document Class Method2: Method1: Print-doc(ID) Print-doc-att(ID) Journal Subclass Book Subclass Volume # # of Chapters B1

  5. Example Composite Object Composite Document Object Section 2 Object Section 1 Object Paragraph 1 Object Paragraph 2 Object

  6. Distributed Object Management Systems • Integrates heterogeneous applications, systems and databases • Every node, database or application is an object • Connected through a Bus • Examples of Bus include • Object Request Brokers (Object Management Group) • Distributed Component Object Model (Microsoft)

  7. Object-based Interoperability Server Client Object Object Object Request Broker Example Object Request Broker: Object Management Group’s (OMG) CORBA (Common Object Request Broker Architecture)

  8. Java-based Servers Clients RMI Business Objects Javasoft’s RMI (Remote Method Invocation)

  9. Objects and Security Secure OODB Secure OODA Secure DOM Persistent Design and analysis Infrastructure data store Secure OOPL Secure Frameworks Programming Business objects language Secure OOT Technologies Secure OOM Unified Object Model is Evolving

  10. Secure Object Request Brokers

  11. CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org

  12. OMG Security Specifications

  13. CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org

  14. CORBA (Common Object Request Broker Architecture) Security - 2 • Identification and Authentication of Principles • Authorization and Access Control • Security Auditing • Security of communications • Administration of security information • Non repudiation

  15. CORBA (Common Object Request Broker Architecture) Security - 2 • Identification and Authentication of Principles • Authorization and Access Control\ • Security Auditing • Security of communications • Administration of security information • Non repudiation

  16. Secure Frameworks

  17. Overview: Migrating Legacy Systems • Many of the current systems and applications may become obsolete • Need an approach to migrate these systems to new architectures • Evolutionary approach: incremental transition of today's systems into more flexible systems • Extensible system architecture ultimately replaces today's hardware and software architecture • Open systems approach, standards • Security has to be considered throughout the migration processes

  18. Migrating Legacy Database and Applications • Build business model in a sub-domain and relate data to existing databases and systems. • Wrap existing systems to provide access as needed. • Incorporate middle tier services and begin migrating workflow. • Gradually migrate business logic and rely on business objects for end-user systems. • Security policies must be enforced by the old and migrated systems

  19. blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, EDI Artifacts CORBA CORBA distribution services blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, word processing existing systems business objects Airspace time turnpoints Elevations Etc. ... xx,xx,xx xx,xx,xx Airspace nn:nn visualization ... container Airspace2 nn:nn xx,xx,xx xx,xx,xx ... xx,xx,xx xx,xx,xx Airspace3 nn:nn xx,xx,xx xx,xx,xx ... Airspace4 nn:nn xx,xx,xx xx,xx,xx ... Airspace5 nn:nn Airspace time turnpoints Elevations Etc. existing databases ... xx,xx,xx xx,xx,xx Airspace nn:nn ... Airspace2 nn:nn xx,xx,xx xx,xx,xx ... xx,xx,xx xx,xx,xx Airspace3 nn:nn xx,xx,xx xx,xx,xx ... Airspace4 nn:nn xx,xx,xx xx,xx,xx ... Airspace5 nn:nn data entry existing processes business logic client tier middle tier server tier Migrating Business Logic

  20. Application vs. Database Migration • Extract schema from the legacy code • Use reengineering tools • Extract metadata associated with the data • Deal with incomplete data and fill in the gaps • Build schemas in the target system from the extracted schema • Build the database • Enforce the security policies

  21. SB, CS Targetting Planning/ATO Collection Mgt... MCG&I Messaging Weather... User Interface Compound Data System & Task Mgt... OB; IDBTF IMOM Stored Procedures; SQL AUTODIN INTEL mesg; CSP USMTF, ASCII text ICM TNL, WO; IDBTF REM JANAP128 mesg: IDBTF Application Interfaces Domain Interfaces Common Facilities STOMPS USMTF, IDBTF ASCII WO; Parser JMEM IPL Cmd text Loader JANAP128 TNL, WO; mesg: RAAP ATO; USMTF IDBTF SQL USMTF, ACM CMS ASCII text JMPP ATO SQL CIDB CMS CMP SQL Mesg: SQL SQL USMTF EOB; SQL SQL ATO; USMTF BASS JOTS Object Request Broker WX Data; ASCII text - AWN ATO; SQL ACO; Text SQL SQL APS CAFMS WX Data; ASCII text ADS CAFWSP UGDF ACO; Text ACO; USMTF SQL ATO Data; SQL ACO Data; JDSS UFLINK ATO, ACO; SQL WCCS Data; USMTF - CI Object Services SQL WCCS Data; X.25 WCCS JQL TACREP, Data; ATO; JMAPS ABSTAT USMTF USMTF - X.25 UMSG ACSAMSTAT; WCCS CTAPS Security Concurrency Transactions... USMTF - X.25 Remote Logistics Data; SQL Example: Legacy Migration using Objects CTAPS - Contingency Theater Automated Planning System

  22. What does CORBA provide? • CORBA provides an evolvable system integration platform • CORBA provides a path for legacy migration • Applications can be coarsely wrapped as CORBA objects, providing 100% reuse • Wrapping is a relatively straight forward technique • Need to dig to uncover hidden dependencies • Does not address duplication of common functions • Applications can be reengineered to replace duplicated functions with CORBA based common services • Substantially more difficult than coarse wrapping

  23. Example: Migration using Object for Real-time Systems Technology provided by Project Navigation Display Consoles Data Analysis Programming Processor Data Links (14) Group (DAPG) & Sensors Refresh Channels Sensor Multi-Sensor Detections Tracks Interface to DAPG, etc., will be simulated for project demonstration Future Future Future App App App Data MSI Mgmt. App Data Xchg. Infrastructure Services Real Time Operating System Hardware

  24. Directions • Security cannot be an afterthought for object-based interoperability • Use ORBs that have implemented security services • Trends are moving towards Java based interoperability and Enterprise Application Integration (EAI) • Examples of EAI products are Web Sphere (IBM) and Web Logic (BEA)\ • Security has to be incorporated into EAI products

More Related