260 likes | 398 Views
Agent Approaches to Role-Based Security. S. Demurjian, Y. He, T.C. Ting, and M. Saba Computer Science & Engineering Department The University of Connecticut Storrs, Connecticut 06269-3155. {steve, ting, saba}@engr.uconn.edu http://www.engr.uconn.edu/~steve (860) 486 - 4818.
E N D
Agent Approaches to Role-Based Security S. Demurjian, Y. He, T.C. Ting, and M. Saba Computer Science & Engineering Department The University of Connecticut Storrs, Connecticut 06269-3155 {steve, ting, saba}@engr.uconn.edu http://www.engr.uconn.edu/~steve (860) 486 - 4818 Work Presented Herein at IFIP WG 11.3 13th Conference on Database Security, Seattle, WA, 1999.
Overview of Presentation • Background and Motivation • Distributed and Web Based Applications • Software Agent Computing Paradigm • Previous and Related Work • Agent Approaches to Role-Based Security • Experimental Prototype via Java Aglets • Concluding Remarks and Future Work
Distributed and Web-Based Applications • Utilize New and Existing Info. Innovatively • Distributed/Web-Based Applications are: • Combo of Legacy, COTS, DBs, New C/S • Electronic Banking/Commerce • Information Dissemination (Push/Pull) • Leverage Computing and Network Resources • Transcend Available Alternatives • MAC, DAC, Role-Based • Employ as “Local” Solutions? • New Computing Paradigms Emerging • Software Agents • Various Implementations
Software Agent Computing Paradigm • What is an Agent? • Acts on Behalf of Individuals(Users) on Task • State and Behavior in Runtime Environment • Four Mandatory Properties • Sense/React to Environment Changes • Autonomously Control Own State/Behavior • Proactive to Specific User Goals • Constantly Executing in Runtime Environment • Stationary Agent: Limited to Single Node • Mobile Agent: Migrate Across Network to Accomplish Required Tasks
Software Agent Computing Paradigm • Agents Akin to Objects • Created and Destroyed • Interact by Passing Messages • Remote Method Invocation Prohibited • Attractiveness of Agents for Security • Agents Created by Client to Carry Out Secure Access to Remote Clients • Visit Multiple Nodes to Satisfy “Request” • Specificity of Role Dictates Agent Behavior • Caveat: Mobile Agents Significant Security Concern Due to Potential Ability to Act as Threat!
Influence of Previous and Related Work • Our Previous Efforts in • Software Architectural Alternatives with Limited Distribution • Java’s Impact and Potential on Distributed Computing/Security • Related work by • Hale 1998 • Secure Distributed Object and Language Programming Framework for Internet-Based Apps. • Tari 1998 • Distributed Object Kernel as Framework to Design and Implement Distributed Security Policies
Agent Approaches to Role-Based Security • Distributed/Web-Based Applications to Access Remote Objects of Legacy, COTs, DBs, C/S, etc. • Orthogonal Goals • Security to Control/Limit Interactions • Distributed/Web-Based Computing to Enable Interoperation/Facilitate Access • Propose and Discuss Three Agent Architectures • Baseline Agent Approach • Hierarchical Agent Approach • Object-Security Manager Agent Approach • Assume a Role-Based Context, but Other Security Approaches may also Apply
Architecture for Baseline Agent Approach Client Application UA IRA Client Server Object OSA IRA Key: UA: User Agent IRA: Information Retrieval Agent OSA: Object Security Agent
Components and Agents • Client Application (CA) • GUI/Software Tool for User • User Limited to Single Role at Any Time • Role/User Request Passed to UA • Users Modify Single Remote Object/Request • CA Manages Multiple Requests in Serial • User Agent (UA) • Stationary Agent Created by CA for User • UA Receives Request from CA • UA Transforms Request and Creates IRA • UA Forwards Request to IRA and Waits • UA Receives Response for IRA and Transforms for Return to CA
Components and Agents • Information Retrieval Agent (IRA) • Mobile Agent Created by UA • Limited to Interacting with UA and OSA • IRA Created and Dispatched by UA • IRA Moves from Client to Server to Client • Interact with Remote Object and Return Result • Object Security Agent (OSA) • Stationary Agent (or Collection of Security Objects) or a Mobile Agent • Enforce Security Policy for Remote Object • Based on Permissible Actions by Role • Object • Remote Object Provides Services to CA
User Agent (UA) • UA Arbitrates Interaction of CA and IRA • UA Allocation Strategies • User-Based Allocation (UBA) • UA Dedicated to Each User, Created Upon Login, Lives During Session to Enforce Single Role of CA • Multiple CAs Imply Multiple UAs - Resources • Role-Based Allocation (RBA) • UA Dedicated to Each Role, Shared by Multiple Users Playing Same Role • Use-Counts for Allocation/Deallocation • UBA Can Support Multiple Roles/User • UBA vs. RBA: Number and Activity of Agents
Information Retrieval Agent (IRA) • Mobile Agent Created by UA to Process CA Request • IRA Access Single Remote Object • Created on Client and Moves to Host (Server) • Interacts with OSA: Success or Denied Access • Returns to Client and Sends Result to UA • IRA Allocation/Lifetime Strategies • IRA Active as Long as UA • IRA De-allocated when Request Done • What are Tradeoffs of Each?
Object Security Agent (OSA) • OSA as Firewall to Separate Remote Object from Outside World • OSA Embodies Security Policy (Role-Based) • OSA Receives Request from IRA • OSA Deny Request or Forward Result to IRA • OSA as Agent: Allocation Strategies • “Few” Remote Objects, One OSA/Server • “Moderate” Remote Objects, OSA/Instance • “Many” Remote Objects, Same Type, OSA/Type • What are Tradeoffs of Each Allocation Strategy?
Architecture for Hierarchical Agent Approach Client Application UA IRA Client IRA IRA Server Object OSA IRA Security Policy Key: UA: User Agent IRA: Information Retrieval Agent OSA: Object Security Agent
Components and Agents • CA, UA, OSA (Security Policy), Object as in Baseline • Hierarchical Approach for Complex Requests • Complex Request to Access Multiple-Remote Objects • In Baseline, Serially Processed by CA or UA • In Hierarchical, Complex Request Sent to IRA as a Single Serializable Request • Processing in IRA by Hierarchy of • Root-IRA • Internal-IRA • Leaf-IRA
IRA Processing • Root-IRA for Complex Request of Multiple Ros • Root-IRA Spawned by UA • Root-IRA can Spawn Internal and Leaf IRAs • Root-IRA Spawns All Leaf-IRAs if • Complex Request Consists of Series of Simple Request to Single Remote Objects • Leaf-IRA Mobile Agent ala IRA (Baseline) • Leaf-IRAs can Move to Same/Different Nodes • Each Leaf-IRA Interacts with OSA, Collects Response, and Returns Result to Root-IRA • Root-IRA Processes all Leaf-IRA Results
IRA Processing • Root-IRA Spawns Internal-IRAs and Leaf-IRAs • Multi-Level Process to Handle Complex Request with Root-IRA Stationary • Internal-IRAs can Spawn Internal-IRAs and Leaf-IRAs as Request is Decomposed • Internal-IRAs may be Stationary or Mobile • Recursive Spawning of IRA Nodes • As Leaf-IRAs and Internal-IRAs Complete, Results are Collected by Internal-IRAs and Eventually Root-IRA • Allocate one Root-IRA per UA
Architecture for Object-Security Manager Agent Approach Client Application UA IRA IRA IRA OSA Manager Object OSA IRA Security Policy Client Server Key: UA: User Agent IRA: Information Retrieval Agent OSA: Object Security Agent
OSA Manager • OSA Manager has Active Role in Allocation • OSA Manager Oversees OSA Allocation: Recall • “Few” Remote Objects, One OSA/Server • “Moderate” Remote Objects, OSA/Instance • “Many” Remote Objects, Same Type, OSA/Type • OSA Manager Dynamically Chooses One or More Allocation Strategies Most Suited to System State • OSA Manager Adjust Strategies Dynamically • Mobile IRAs Ask OSA Manager for “Right” OSA • Well-Suited to Evolving Security Policy
Aglets - Java Agents • Many Java-Based Agent Computing Systems • Aglets http://aglets.trl.ibm.co.jp • Odyssey, Concordia, and Voyager • Aglets are Agents + Applets • Aglets Start Execute on Node • Suspend and Move to Another Node • Continue Execution where Left Off • Aglet Actions Restricted to Sandbox • Aglets can Ask Security Manager for Permission to Perform Local Operations
Architecture for Agent Implementation Client Application UA IRA Client Translator Database Server Translator OSA IRA Security Policy Key: UA: User Agent IRA: Information Retrieval Agent OSA: Object Security Agent
Version of Baseline Approach • Main Difference: Presence of Translator • Translator Encodes Outgoing Data from CA • Translator Decodes Incoming Data from UA • Similar Activities at Server Side • Implementation Includes User Identity in Message • Client Side Translator Does Authentication • Server Side Translator Invokes Methods on RO • Two Allocation Variants of Prototype • Two ROs (Course/Person DBs)/Single OSA • Two ROs (Course/Person DBs) on Different Servers with Dedicated OSAs
Illustration of Aglet Interaction Code • CA CODE TO INITIATE PROCESS BY SENDING MESSAGE TO UA • try{ • reply =(Message)userAgent.sendMessage(new Message("request", request)); • }catch(Exception e) {e.printStackTrace();} • UA COUNTERPART: FORWARDS TO IRA AND RECEIVES RESPONSE • public boolean handleMessage(Message msg) { • if (msg.sameKind("request")) // Request from CA • { • try{ // Dispatch message to IRA • iraProxy = (AgletProxy)iraProxy.sendMessage((Message)msg.getArg()); • waitMessage(); // Wait for Reply from IRA • msg.sendReply(reply); // Route Reply back to CA • } catch(Exception e) {e.printStackTrace();} • } • else • if (msg.sameKind("reply")) {// Upon Receipt of Reply • reply = msg; // Record the Reply from IRA • notifyAllMessages(); // Awaken UA • } • ... • }
Illustration of Aglet Interaction Code • IRA CODE FOR STATIONARY AND MOBILE INTERACTIONS • public boolean handleMessage(Message msg) { • if (msg.sameKind("askservice")) {// IRA Arrives at Server • try{ // Obtain OSA Proxy to Facilitate IRA-OSA Interaction • AgletProxy proxy = • (AgletProxy)getAgletContext().getProperty(osaName); • // Send Request to OSA and Receive Reply • reply = (Message)proxy.sendMessage(msg); • itinerary.go(home, "back"); // Return Back to Client • } catch(Exception e) {e.printStackTrace();} • } else if (msg.sameKind("back")) {// IRA Arrives Back at Client • // Obtain UA Proxy to Facilitate IRA-UA Interaction • AgletProxy proxy = getAgletContext().getAgletProxy( parentID ); • // Send the Request Response to UA • try{ proxy.sendMessage( reply ); • } catch( Exception e ) { e.printStackTrace(); } • } } • INTERACTIONS OF IRA WITH OSA • public boolean handleMessage( Message msg ) { • // Utilize Translator to Decode Message from IRA and Create Reply • Message reply = translator.GetReply( msg ); • // Route the Reply Back to IRA • msg.sendReply( reply ); return true;}
Concluding Remarks • Explored Architectures for Constructing Secure Distributed and Web-Based Applications: • Emerging Agent Computing Paradigm • Mobile and Stationary Agents to Realize Role-Based Security of Dynamic Remote Objects • Architectures with Varied Capabilities • Successful Prototyping Implementation • Future Work • Continued Exploration of Agent Approaches • Applicability to Other Agent Systems Such as Concordia, Voyager, etc. • Ph.D. Topic Related to Security, Agents, and IOA