Csci283 Presentation Spring2009
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Csci283 Presentation Spring2009 as PDF for free.
More details
- Words: 1,061
- Pages: 17
Application Access Control
Moving from the web to the cloud with robust security
Introduction • Process hosted applications have become the norm – Hosting processes run as a secured user for the process, not the user – Impersonation can be used, but it’s expensive and requires user accounts – Each user account on the OS is another attack vector
• Distributed systems, cloud computing and peer-to-peer are growing in popularity – All of these system types imply a hosted environment
A Framework Based Model • An enterprise application framework can be developed to centralize user authentication and authorization • Transcends all forms of authentication – Provider based model for “pluggable” credentials – Multiple types of authenticators may be used
• Separation of authorization into an orthogonal implementation – Permissions are extensible – User mapping to permissions are modularized
Framework Integration • Each system component is isolated • Security is itself an isolated component • Component integration is dynamic in the core framework • Security is extended to code access security as well
Deployment Capabilities • Architecture of isolated components and registries allows for flexible deployments • Coop is simply a form of deployment accommodated by the architecture
Application Design • Core framework provides all “cross-cutting” functionality including security • Access model is based upon component-level security, each module declares a distinct permission set • Application is based upon a required set of components that are deployed across a cluster of registered nodes
Module Structure • A module is conceptually a public API that is accessed by the application • Each request passes linearly through dynamically injected providers • Providers are loaded via reflection and use a dynamic binding protocol to ensure they only respond when called appropriately
Security Design • Dynamic loading is key – Engine performs all loading and binding (fail-safe defaults applied) – Module loads and binds all providers directly based upon registry (open design) – Access to all is secured and directly checked per call (complete mediation) – Each “part” of security is isolated from the others • Extensibility is built-in
• All enhancements are made by changing providers
Overarching Implementation • A single framework instance can tie together multiple applications across multiple nodes • Security can be deployed in isolated chunks to separate information stores • Constructs like single-sign on are “free” – Black-listing / auditing of users can transcend applications
• The unified security mechanism is the SecurityContext entity
SecurityContext Entity • Any execution of code must be on behalf of some user – At the system (OS) level, this is the hosting process user – For a user request, the code is constrained virtually by framework code access – A request must pass the user along for authorization
• A SecurityContext entity encapsulates the user or “process” requesting the action – Engine (the hosting engine entity itself) – Module (the originating module that is brokering the operation request) – Application (the application the request is made from) – User (the actual user account token the request is for)
Passing a Context • All modules are provided a single SecurityContext object at initialization time • Only the Engine (Singleton) can create an original SecurityContext – The engine embeds itself into the initial SecurityContext object – All module SecurityContexts are derived from the engine context – Each module can compare a received context engine to it’s own to ensure a common engine instance is there
• User Interface elements interact with users and generate a SecurityContext object with an associated user
Users • A user is a token representing an authorized “account” within the system • Users can represent a person or an external system (application) – All users must be granted permissions to be useful – System users (applications) are used to exchange data between systems with equal security mechanisms to a person user account
Permissions • A permission is a named token, owned by a code module that represents an action – Permission “names” are broken into 3 areas • Verb (e.g. create, execute) • Scope (e.g. application, global, system) • Access Type (e.g. class, object, field, spatial, time, cell)
– Permissions are registered and unregistered as part of the installation of a module
• Permissions are used by the owning module – The owning module’s current security provider “asks” the framework if the requesting user “has” the permission and executes any additional code for verification of authorization – Changing the module security provider changes the currently implemented authorization enforcement • Each node may be configured differently (by enclave)
Roles • A role is an application scoped, named entity for relating users to permissions – Users cannot be directly assigned permissions (cleaner model) – Roles may be nested – Resolution of roles is performed by the role provider
• Each applications roles are isolated – Users are at the system level and therefore transcend all applications (SSO is free)
• Role provider can be replaced to accommodate any resolution model – Grant model is default (no-deny) – Grant/Deny model is a simple provider change
Authentication • Authentication is the process of verifying the requesting party knows a shared secret to resolve the requesting party to a user account – Authentication can be done in many ways
• Authentication module supports pluggable providers for any type of authentication – Username / password (default) – X.509 certificate (or similar) – Biometric (any type of factors can be applied)
• Credential storage is centralized to a single model – Minimized development of a new provider to the credential classes and a comparator
Module Security Provider • Each executable module of code has one or more providers, each of which have a single registered security provider – Security providers evaluate security rules to perform authorization – May be simple user look-up or permission resolution – May include ANY form of validation as designed by the implementor of the security provider
• Unlimited flexibility in design – Change is extremely cheap – Multiple deployments can each use a common module base with custom security providers – Minimizes deployment costs
Conclusions • The implementation of an enterprise application framework with integrated security will: – Enhance security capabilities – Reduce complexity of implementation (fewer “moving parts” – Maintains separation of concerns – Incredible flexibility
• Pluggable provider construct permits integration into existing technologies – Cost is minimized when changing underlying technologies used
Moving from the web to the cloud with robust security
Introduction • Process hosted applications have become the norm – Hosting processes run as a secured user for the process, not the user – Impersonation can be used, but it’s expensive and requires user accounts – Each user account on the OS is another attack vector
• Distributed systems, cloud computing and peer-to-peer are growing in popularity – All of these system types imply a hosted environment
A Framework Based Model • An enterprise application framework can be developed to centralize user authentication and authorization • Transcends all forms of authentication – Provider based model for “pluggable” credentials – Multiple types of authenticators may be used
• Separation of authorization into an orthogonal implementation – Permissions are extensible – User mapping to permissions are modularized
Framework Integration • Each system component is isolated • Security is itself an isolated component • Component integration is dynamic in the core framework • Security is extended to code access security as well
Deployment Capabilities • Architecture of isolated components and registries allows for flexible deployments • Coop is simply a form of deployment accommodated by the architecture
Application Design • Core framework provides all “cross-cutting” functionality including security • Access model is based upon component-level security, each module declares a distinct permission set • Application is based upon a required set of components that are deployed across a cluster of registered nodes
Module Structure • A module is conceptually a public API that is accessed by the application • Each request passes linearly through dynamically injected providers • Providers are loaded via reflection and use a dynamic binding protocol to ensure they only respond when called appropriately
Security Design • Dynamic loading is key – Engine performs all loading and binding (fail-safe defaults applied) – Module loads and binds all providers directly based upon registry (open design) – Access to all is secured and directly checked per call (complete mediation) – Each “part” of security is isolated from the others • Extensibility is built-in
• All enhancements are made by changing providers
Overarching Implementation • A single framework instance can tie together multiple applications across multiple nodes • Security can be deployed in isolated chunks to separate information stores • Constructs like single-sign on are “free” – Black-listing / auditing of users can transcend applications
• The unified security mechanism is the SecurityContext entity
SecurityContext Entity • Any execution of code must be on behalf of some user – At the system (OS) level, this is the hosting process user – For a user request, the code is constrained virtually by framework code access – A request must pass the user along for authorization
• A SecurityContext entity encapsulates the user or “process” requesting the action – Engine (the hosting engine entity itself) – Module (the originating module that is brokering the operation request) – Application (the application the request is made from) – User (the actual user account token the request is for)
Passing a Context • All modules are provided a single SecurityContext object at initialization time • Only the Engine (Singleton) can create an original SecurityContext – The engine embeds itself into the initial SecurityContext object – All module SecurityContexts are derived from the engine context – Each module can compare a received context engine to it’s own to ensure a common engine instance is there
• User Interface elements interact with users and generate a SecurityContext object with an associated user
Users • A user is a token representing an authorized “account” within the system • Users can represent a person or an external system (application) – All users must be granted permissions to be useful – System users (applications) are used to exchange data between systems with equal security mechanisms to a person user account
Permissions • A permission is a named token, owned by a code module that represents an action – Permission “names” are broken into 3 areas • Verb (e.g. create, execute) • Scope (e.g. application, global, system) • Access Type (e.g. class, object, field, spatial, time, cell)
– Permissions are registered and unregistered as part of the installation of a module
• Permissions are used by the owning module – The owning module’s current security provider “asks” the framework if the requesting user “has” the permission and executes any additional code for verification of authorization – Changing the module security provider changes the currently implemented authorization enforcement • Each node may be configured differently (by enclave)
Roles • A role is an application scoped, named entity for relating users to permissions – Users cannot be directly assigned permissions (cleaner model) – Roles may be nested – Resolution of roles is performed by the role provider
• Each applications roles are isolated – Users are at the system level and therefore transcend all applications (SSO is free)
• Role provider can be replaced to accommodate any resolution model – Grant model is default (no-deny) – Grant/Deny model is a simple provider change
Authentication • Authentication is the process of verifying the requesting party knows a shared secret to resolve the requesting party to a user account – Authentication can be done in many ways
• Authentication module supports pluggable providers for any type of authentication – Username / password (default) – X.509 certificate (or similar) – Biometric (any type of factors can be applied)
• Credential storage is centralized to a single model – Minimized development of a new provider to the credential classes and a comparator
Module Security Provider • Each executable module of code has one or more providers, each of which have a single registered security provider – Security providers evaluate security rules to perform authorization – May be simple user look-up or permission resolution – May include ANY form of validation as designed by the implementor of the security provider
• Unlimited flexibility in design – Change is extremely cheap – Multiple deployments can each use a common module base with custom security providers – Minimizes deployment costs
Conclusions • The implementation of an enterprise application framework with integrated security will: – Enhance security capabilities – Reduce complexity of implementation (fewer “moving parts” – Maintains separation of concerns – Incredible flexibility
• Pluggable provider construct permits integration into existing technologies – Cost is minimized when changing underlying technologies used
Related Documents
Csci283 Presentation Spring2009
June 2020 2
Nynetnews-spring2009
May 2020 4
Overview Paper Spring2009
June 2020 2
Design Paper Spring2009
June 2020 3
Florida Media Quarterly Spring2009
April 2020 3
Policy Paper Spring2009
June 2020 4More Documents from "Michael Corsello"
Overview Paper Spring2009
June 2020 2
Design Paper Spring2009
June 2020 3
Policy Paper Spring2009
June 2020 4
