240 likes | 256 Views
Data and Applications Security Developments and Directions. Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #13 Secure Distributed Object Systems February 22, 2005. Outline. Background Object Request Brokers Secure Object Request Brokers
E N D
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #13 Secure Distributed Object Systems February 22, 2005
Outline • Background • Object Request Brokers • Secure Object Request Brokers • Dependable Object Request Brokers • Directions
Object Model: Review • Objects- every entity is an object • Example: Book, Film, Employee, Car • Class • Objects with common attributes are grouped into a class • Attributes or Instance Variables • Properties of an object class inherited by the object instances • Class Hierarchy • Parent-Child class hierarchy • Composite objects • Book object with paragraphs, sections etc. • Methods • Functions associated with a class
D1 D2 J1 Example Class Hierarchy ID Name Author Publisher Document Class Method2: Method1: Print-doc(ID) Print-doc-att(ID) Journal Subclass Book Subclass Volume # # of Chapters B1
Example Composite Object Composite Document Object Section 2 Object Section 1 Object Paragraph 1 Object Paragraph 2 Object
Distributed Object Management Systems • Integrates heterogeneous applications, systems and databases • Every node, database or application is an object • Connected through a Bus • Examples of Bus include • Object Request Brokers (Object Management Group) • Distributed Component Object Model (Microsoft)
Object-based Interoperability Server Client Object Object Object Request Broker Example Object Request Broker: Object Management Group’s (OMG) CORBA (Common Object Request Broker Architecture)
Java-based Servers Clients RMI Business Objects Javasoft’s RMI (Remote Method Invocation)
Objects and Security Secure OODB Secure OODA Secure DOM Persistent Design and analysis Infrastructure data store Secure OOPL Secure Frameworks Programming Business objects language Secure OOT Technologies Secure OOM Unified Object Model is Evolving
CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org
CORBA (Common Object Request Broker Architecture) Security • Security Service provides the following: • Confidentiality • Integrity • Accountability • Availability • URLs • http://www.javaolympus.com/J2SE/NETWORKING/CORBA/CORBASecurity.jsp • http://student.cosy.sbg.ac.at/~amayer/projects/corbasec/sec_overview.html • www.omg.org
CORBA (Common Object Request Broker Architecture) Security - 2 • Identification and Authentication of Principles • Authorization and Access Control • Security Auditing • Security of communications • Administration of security information • Non repudiation
CORBA (Common Object Request Broker Architecture) Security - 2 • Identification and Authentication of Principles • Authorization and Access Control\ • Security Auditing • Security of communications • Administration of security information • Non repudiation
Overview: Migrating Legacy Systems • Many of the current systems and applications may become obsolete • Need an approach to migrate these systems to new architectures • Evolutionary approach: incremental transition of today's systems into more flexible systems • Extensible system architecture ultimately replaces today's hardware and software architecture • Open systems approach, standards • Security has to be considered throughout the migration processes
Migrating Legacy Database and Applications • Build business model in a sub-domain and relate data to existing databases and systems. • Wrap existing systems to provide access as needed. • Incorporate middle tier services and begin migrating workflow. • Gradually migrate business logic and rely on business objects for end-user systems. • Security policies must be enforced by the old and migrated systems
blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, EDI Artifacts CORBA CORBA distribution services blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, blah,blah,blah,blah,blah,blah,blah, word processing existing systems business objects Airspace time turnpoints Elevations Etc. ... xx,xx,xx xx,xx,xx Airspace nn:nn visualization ... container Airspace2 nn:nn xx,xx,xx xx,xx,xx ... xx,xx,xx xx,xx,xx Airspace3 nn:nn xx,xx,xx xx,xx,xx ... Airspace4 nn:nn xx,xx,xx xx,xx,xx ... Airspace5 nn:nn Airspace time turnpoints Elevations Etc. existing databases ... xx,xx,xx xx,xx,xx Airspace nn:nn ... Airspace2 nn:nn xx,xx,xx xx,xx,xx ... xx,xx,xx xx,xx,xx Airspace3 nn:nn xx,xx,xx xx,xx,xx ... Airspace4 nn:nn xx,xx,xx xx,xx,xx ... Airspace5 nn:nn data entry existing processes business logic client tier middle tier server tier Migrating Business Logic
Application vs. Database Migration • Extract schema from the legacy code • Use reengineering tools • Extract metadata associated with the data • Deal with incomplete data and fill in the gaps • Build schemas in the target system from the extracted schema • Build the database • Enforce the security policies
SB, CS Targetting Planning/ATO Collection Mgt... MCG&I Messaging Weather... User Interface Compound Data System & Task Mgt... OB; IDBTF IMOM Stored Procedures; SQL AUTODIN INTEL mesg; CSP USMTF, ASCII text ICM TNL, WO; IDBTF REM JANAP128 mesg: IDBTF Application Interfaces Domain Interfaces Common Facilities STOMPS USMTF, IDBTF ASCII WO; Parser JMEM IPL Cmd text Loader JANAP128 TNL, WO; mesg: RAAP ATO; USMTF IDBTF SQL USMTF, ACM CMS ASCII text JMPP ATO SQL CIDB CMS CMP SQL Mesg: SQL SQL USMTF EOB; SQL SQL ATO; USMTF BASS JOTS Object Request Broker WX Data; ASCII text - AWN ATO; SQL ACO; Text SQL SQL APS CAFMS WX Data; ASCII text ADS CAFWSP UGDF ACO; Text ACO; USMTF SQL ATO Data; SQL ACO Data; JDSS UFLINK ATO, ACO; SQL WCCS Data; USMTF - CI Object Services SQL WCCS Data; X.25 WCCS JQL TACREP, Data; ATO; JMAPS ABSTAT USMTF USMTF - X.25 UMSG ACSAMSTAT; WCCS CTAPS Security Concurrency Transactions... USMTF - X.25 Remote Logistics Data; SQL Example: Legacy Migration using Objects CTAPS - Contingency Theater Automated Planning System
What does CORBA provide? • CORBA provides an evolvable system integration platform • CORBA provides a path for legacy migration • Applications can be coarsely wrapped as CORBA objects, providing 100% reuse • Wrapping is a relatively straight forward technique • Need to dig to uncover hidden dependencies • Does not address duplication of common functions • Applications can be reengineered to replace duplicated functions with CORBA based common services • Substantially more difficult than coarse wrapping
Example: Migration using Object for Real-time Systems Technology provided by Project Navigation Display Consoles Data Analysis Programming Processor Data Links (14) Group (DAPG) & Sensors Refresh Channels Sensor Multi-Sensor Detections Tracks Interface to DAPG, etc., will be simulated for project demonstration Future Future Future App App App Data MSI Mgmt. App Data Xchg. Infrastructure Services Real Time Operating System Hardware
Directions • Security cannot be an afterthought for object-based interoperability • Use ORBs that have implemented security services • Trends are moving towards Java based interoperability and Enterprise Application Integration (EAI) • Examples of EAI products are Web Sphere (IBM) and Web Logic (BEA)\ • Security has to be incorporated into EAI products