1 / 14

Secure middleware patterns

Secure middleware patterns. E.B.Fernandez. Middleware security. Architectures have been studied and several patterns exist Security aspects have not been studied in detail Architectures are complex and a source of many possibilities. Patterns selected initially.

wallacemoore
Télécharger la présentation

Secure middleware patterns

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure middleware patterns E.B.Fernandez

  2. Middleware security • Architectures have been studied and several patterns exist • Security aspects have not been studied in detail • Architectures are complex and a source of many possibilities

  3. Patterns selected initially How to store and execute a business enterprise model. Business models are handled through component frameworks, typically using an object-oriented model. Part of this model may consume or provide web services. Its distributed systems architecture. Distribution is handled through distributed objects or web services protocols.

  4. Component patterns • The Component Configurator lets an application dynamically attach and detach components or processes. • The Interceptor allows the transparent addition of services to an application or framework. These services are automatically invoked when certain events occur. • The Extension Interface defines multiple interfaces for a component. • The Home pattern separates the management of components from their use by defining an interface for creating instances of components.

  5. Hiding patterns • The Façade provides a unified, higher-level interface to a set of interfaces in a subsystem. • The Adapter converts the interface of an existing class into a more convenient interface. • The Wrapper Facade encapsulates the functions and data provided by existing subsystems or levels and defines a higher-level interface.

  6. Security aspects • The Component Configurator can be used to reduce the time when modules are exposed to attacks. Also, modules with different degrees of security could be used in the presence of attacks or for critical applications. • The Interceptor is useful to add security to a framework, e.g. a CORBA-based system, if the original implementation did not have it. • The Extension Interface can be used to define views that let a user or role access only some parts of the information in specific ways, according to their authorizations.

  7. Adding security to components

  8. More security • The Home pattern can be used to apply authorization rules to control the creation of objects in components as it has been done in operating systems [Fer03]. • The Façade can hide implementation details that could be exploited by hackers and can apply security checks in the operations of the Façade. • The Adapter can be used to define a new interface with fewer operations for some uses according to their security restrictions or to map database security constraints to application constraints. • The Wrapper Façade can be used to hide the implementation of the lower levels. This prevents attackers form taking advantage of implementation flaws. A higher-level interface restricts the possibilities of a hacker.

  9. Interface security

  10. Approach • To add security to a pattern, compose it with other patterns that correspond to appropriate security mechanisms • The mechanisms selected depend on the expected attacks and institution policies

  11. Adding security to the Broker

  12. Authorization Authentication ServerSide Proxy Servant 1 1 1 1 * * 1 Client-side Proxy Client Adapter * * * 1 1 * Authorization 1 1 Broker 1 Cryptography Security services

  13. Conclusions • Secure Broker pattern—Pat Morrison • We need to complete the other patterns • Several conference papers with specific patterns • A journal paper with the whole approach • Combine with AOP • Proposal NSF, DARPA

More Related