1 / 34

Security Enforced Mediation System

Security Enforced Mediation System. Presenter: Li Yang School of Computer Science Florida International University. Outline. Introduction Background Mediation System Our Work Security Enforced Data Integration Related Work Future Work. Introduction.

dara
Télécharger la présentation

Security Enforced Mediation System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Enforced Mediation System Presenter: Li Yang School of Computer Science Florida International University

  2. Outline • Introduction • Background • Mediation System • Our Work • Security Enforced Data Integration • Related Work • Future Work

  3. Introduction • Pressing needs for data integration • Data are scattered in multiple data sources • Data sources are heterogeneous • Security is an important problem • Protect digital properties • Prevent unauthorized users from obtaining unauthorized data and resources i..e. Vladimir Levin, more than $10M stolen from citibank, 1994

  4. Security Architecture Security Features or Services Security Mechanisms Requirements & Policies Attackers/Intruders/ Malfeasors Introduction Information and Data Sources User

  5. Introduction • Security is an imperative condition in the context of data integration • Our system: • Integrates heterogeneous data sources • Secures system from unauthorized access i.e., global sensitive data, context-aware

  6. 1. <doctor, treatment, read> 4.<doctor, treatment, read> 5. treatment 5. treatment 2. <doctor, treatment, read> 3. Yes / “+” Security Enforcement– hospital system example diagnosis treatment Hospital • <doctor, diagnosis, + read>, • <doctor, treatment, + read>, • <nurse, diagnosis, - read>, <nurse, treatment, + read> Security Specification

  7. Outline • Introduction • Background • Mediation System • Our Work • Security Enforced Mediation System • Related Work • Future Work

  8. Mediation System-- Architecture Client • Mediation system architecture • Goal: integrated query processing • Global_Mediator • Mediator_Composer • Mediator_Connector Global_Mediator Mediator_ Composer Mediator_ Composer Mediator_ Composer Mediator_ Connector 1 Mediator_ Connector 2 Mediator_ Connector n Source 1 Source 2 Source 3 Contributions: IEEE ISPAN04: Three-layered Mediator Architecture based on DHT ACMMUM04: A Mediation Framework for Multimedia Delivery

  9. record id case address disease test Mediation System-- Exchange Model (XML) • XML and its tree structure • XPath, i.e., “//record” <record> <id> 00000 </id> <case> <disease> Fever </disease> <test> xray01.jpg</test> </case> <address> 123 SW 48th St, Miami, FL </address> </record>

  10. 1 4 record id case prescription address diagnosis test treatment medicine 3 3 2 2 patient record case id prescription id case address xray disease test medicine treatment Mediation System-- Execution • Offline Preparation: • Generate global view • Semantic mapping between the global view and source views • Online query: • Query against the global schema type • 2. Decompose query into sub-queries • Sub-queries process • return result Global view Local View 1 Local View 2

  11. Outline • Introduction • Background • Mediation System • Our Work • Security Enforced Mediation System • Related Work • Future Work

  12. Security Enforced Mediation System • Phase 1: Authentication • Users Login (Each user has a Role) • Phase 2: Authorization & Integration • User View is loaded and User can only query against his/her view • Query is checked for security constraints • Integrate the relevant results

  13. Security Enforced Mediation System User Authentication Security Check Global Mediator Mediator Composer Security Check Mediator Connector Data bases 1.log in 2. authenticate 3. returnSecureView 4. poseQuery 5.checkQuery decomposeQuery 6. translateQuery 7. checkQuery queryDatabases 8. returnResult 9. unifyResult 10. integrateResult 11. presentResult

  14. Security - Login • Users have: • Username • Password • Role associated with them • Unauthorized users cannot log in and use our system

  15. Security – Role Views • Each role has it’s own view • Example: Nurse can see everything except for social security number • Social Security Number is not in her view user = orask001 role = “nurse” System Login DB of Views visible view Nurse’s View

  16. Security –Role Views Role schema for a Nurse after he/she has logged in.

  17. Runtime Security Check • User’s Query is checked before the query is executed to prevent accessing forbidden information cando(nurse, //record, + read) ← workTime(sessionID) & workArea(sessionID) & attending(nurse, record) SQ= “//record” ? Q= “//record” Security Checker Secure Query Query DB Answer

  18. Runtime Security Check • List of Constraints for Security Checker • Context-based Constraints: • workTime(sessionID), Information is accessed during hospital’s work time (i.e. Clinic open 8am – 5pm) • workArea(sessionID), Information is accessed at hospital’s work area (i.e. Nurse works in workstation with IP=172.25.2.149)

  19. Runtime Security Check • Relationship Constraints • attending(nurse, record), the nurse’s name is in patient’s medical record. cando(nurse, record, + read) ← workTime(sessionID) & workArea(sessionID) & attending(nurse, record) • mySickRelative(user, patient), The relative is in the emergency contact of the patient. cando(relative, patient, read) ← mySickRelative (relative, patient)

  20. Runtime Security Check • History-based constraints • inHistory(user, diagnosis, read), user has read the diagnosis cando(user, name, -read) inHistory(user, diagnosis, read) A user can not read patient’s name if he/she has read patient’s diagnosis

  21. Security Enforced Data Integration • Relevant distributed data are retrieved • Data Integration • “Join” data from heterogeneous data sources by the common key (SSN). • “Run” records through Data Integration

  22. Clark Kent Clie N Tee 5558989 2867814 125 SW 49st Security Enhanced Data Integration record ssn full_name phone Clinic View Consultation View address ssn 123456789 123456789 Global view ssn 123456789 123456789 f_name Clark Clark full_Name Clie N Tee Clie N Tee l_name p_num Kent Kent 2867814 2867814 phone address 5558989 5558989 125 SW 49st 125 SW 49st CONSULTATION CLINIC

  23. Security Enforced Data Integration

  24. Security Enforcement Summary • Authentication • Authorization • Load the visible view based on the user’s role • Check the runtime security constraints • Query and integrate relevant results

  25. Demo • Security ON • Testing Technician: • During work hours and in work area • View only displays patient’s tests • Testing Patient: • Only patient’s own record is retrieved • Security Off • Users see all the information

  26. Outline • Introduction • Background • Mediation System • Our Work • Security Enforced Data Integration • Related Work • Future Work

  27. ACR Data offline Data source View online doctor view View Computing query user nurse view answer receptionist view ACR View-based Access Control [Damiani02] Query • View-based access control • ACR is stored together with D (spatially), and/or • ACR and D are first processed (temporally) • Query is safe without any further care • Each subject/role visible to only safe data for the subject/role

  28. Query ACR Data Data Source View ACR Secure query query user QFilter answer The Pre-Processing Approach • Pre-processing approach • ACR and Q are first processed while D is stored elsewhere • The QFilter approach [Luo04] • User’s query are rewritten such that any parts violating access control rules are pruned

  29. Contributions & Conclusion • Hybrid Enforcement Strategy • Extensibility (constraints) • Less maintenance efforts • Reusability (views) • Flexible and extensible security policy modeling • Context-aware • Different point policy specification • Semantic heterogeneity

  30. Outline • Introduction • Background • Mediation System • Our Work • Related Work • Future Work

  31. Future Work • An extended authorization model • Incorporating post events processing [Kudo00] • Post events include auditing, digital signature verification • An aspect-driven approach for security policy composition • Software systems evolve with the time • Composition method for structuring security policies • Aspect-driven framework for realization of security control policies for mediation systems Preliminary result: SEKE04: Enhancing mediation security by aspect-oriented approach ICECCS05: Secure software architecture design by aspect orientation

  32. Acknowledgement • Dr. Raimund K. Ege • Dr. Xudong He • SSA Group in School of Computer Science at Florida International University • Software Engineering Project Group: Adam,Fayaz Amirali; Raskin,Olga; Smith,Nikel Noima • NSF HRD 0317692 CREST Grant

  33. Selected Publications • Li Yang, Raimund K. Ege, Dynamic integration strategy for mediation framework.  SEKE’05. • Li Yang, Raimund K. Ege and Huiqun Yu, Modeling and verifying mediation framework. The 10th IEEE International Conference on the Engineering of Complex Computer Systems (ICECCS’05). • Li Yang, Raimund K. Ege and Huiqun Yu. Security specification and enforcement in heterogeneous databases. The 20th Annual ACM Symposium on Applied Computing (SAC’05), Computer Security Track, Santa Fe, New Mexico, March, 2005. • Li Yang, Raimund K. Ege and Huiqun Yu. Mediation framework modeling and verification (Abstract). The 20th Annual ACM Symposium on Applied Computing (SAC’05), Software Engineering Track Santa Fe, New Mexico, March, 2005. • Li Yang, Raimund K. Ege, Onyeka Ezenwoye and Qasem Kharma A role-based access control model for information mediation, The 2004 IEEE International Conference on Information Reuse and Integration, pages 277-282, Las Vegas, NV, 2004. • Li Yang and Raimund K. Ege and Huiqun Yu, Enhancing mediation security by aspect-oriented approach, Software Engineering and Knowledge Engineering (SEKE’04), Banff, Alberta, Canada, June, 2004. • Raimund K. Ege, Li Yang, Qasem Kharma, Xudong Ni, Three-layered mediator architecture based on DHT , International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN), IEEE Computer Society Press, Hong Kong, May, 2004. • Li Yang and Raimund K. Ege, Modeling and verification of real-time mediation systems, Advanced Simulation Technologies Conference (ASTC), pages 61-68, Arlington, Virginia, April, 2004.

  34. Thank you! Questions or Comments

More Related