1 / 15

Status Report on Advanced Open Distributed Object Platforms and Security Technology - June 2004

This report details the progress of the DistriNet research group in developing advanced open distributed object support platforms for various applications, including networking, multi-agent systems, embedded systems, and security. Key activities include investigating security vulnerabilities, programming languages, software engineering, and application-level security. The report outlines the involvement of team members, task forces, and the specific research tracks currently being pursued, including programming, composition, and software security techniques.

darrin
Télécharger la présentation

Status Report on Advanced Open Distributed Object Platforms and Security Technology - June 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SoBeNeT ProjectDistriNet status report Bart De Win Wouter Joosen Frank Piessens June 25, 2004

  2. DistriNet research group • Open, distributed object support platforms for advanced applications • Task forces: • Networking • Multi-agent systems • Embedded systems • Language technology and middleware • Security Bart De Win

  3. Project involvement • Tracks • Track 1: programming and composition • Track 2: software engineering • Members • Wouter Joosen, Frank Piessens, Pierre Verbaeten, Bart De Win, Eddy Truyen, Tine Verhanneman, Lieven Desmet, Bart Jacobs, Bert Lagaisse, Liesje Demuynck, Yves Younan Bart De Win

  4. Current activities: track 1 • Security vulnerabilities • Programming language, architecture, classification • Case Studies • CRM, e-banking, e-health • Solution techniques • Inventory: ACM survey paper • Programming language: C(++), Java, Spec# • Complex composition • Doctoral work (Bart, Eddy, Tine) Bart De Win

  5. Current activities: track 2 • Security requirements • Functional vs. technological vs. quality • Technology study • CC, STRIDE, CMM, ISO17799, … • ECOOP tutorial (TS1) Bart De Win

  6. Engineering application-level security through AOSD Highlights of a Ph.D. dissertation

  7. Security is Pervasive • Application-level security is crosscutting in location /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@return returns the message digest in a bytearray. */ public byte[] engineDigest(){ //calculate correct number of bits in total message long origMsgCount = count << 3 ; //append padding bits engineUpdate((byte)128) ; // append byte "10000000" while (((int)(count & 63)) != 56){ engineUpdate((byte)0) ; //append byte 0 until 56 mod 64 } //append length (big endian) int[] cnt = new int[2] ; cnt[0] = (int) (origMsgCount & 0xffffffff) ; cnt[1] = (int) (origMsgCount >> 32) ; intToByte(currentBlock, 56, cnt, 0, 8) ; //process last block MD5Transform() ; //return digest byte[] result = new byte[16] ; intToByte(result, 0, state, 0 , 16) ; //reset the engine for JCA compatibility engineReset() ; return result ; } /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@param buf : the byte array in which the digest is put. *@param offset : the offset from where the digest is put in the bytearray. *@param len : the length of free space in the bytearray. *@return returns the length of the messagedigest. */ public int engineDigest(byte[] buf, int offset, int len) throws DigestException { //if not enough space in buf, return if (len < 16) throw new DigestException("Buffer too small.") ; //calculate digest, copy into buf and return byte[] result = engineDigest() ; System.arraycopy(result, 0, buf, offset, result.length) ; return result.length ; } /* Method to get the length of a digest. } } /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. */ public void engineReset(){ count = 0 ; state[0] = 0x67452301 ; state[1] = 0xefcdab89 ; state[2] = 0x98badcfe ; state[3] = 0x10325476 ; } /** Method to add a byte to the current message. *@param input : the byte to append to the current message. */ public void engineUpdate(byte input){ //append byte to currentBlock currentBlock[(int)(count & 63)] = input ; //count&63 = count%64 //if currentBlock full => process if ((int)(count & 63) == 63){ //whole block => process MD5Transform() ; } //and update internal state (count) count++ ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i , int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } } Bart De Win

  8. public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i , int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } } /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. */ public void engineReset(){ count = 0 ; state[0] = 0x67452301 ; state[1] = 0xefcdab89 ; state[2] = 0x98badcfe ; state[3] = 0x10325476 ; } /** Method to add a byte to the current message. *@param input : the byte to append to the current message. */ public void engineUpdate(byte input){ //append byte to currentBlock currentBlock[(int)(count & 63)] = input ; //count&63 = count%64 //if currentBlock full => process if ((int)(count & 63) == 63){ //whole block => process MD5Transform() ; } //and update internal state (count) count++ ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } /** Method to add a byte array to the current message. *@param buf : the bytearray to append to the current message. *@param offset : the offset to start from appending the bytearray to the current message. *@param len : the length of the message to append to the current message. */ public void engineUpdate(byte[] buf, int offset, int len){ //FIRST : process first part of buffer until no more or full block //calculate number of bytes that fit in current block int no = java.lang.Math.min(len, 64 - (int)(count&63)) ; System.arraycopy(buf, offset, currentBlock, (int)(count&63), no) ; count += no ; len -= no ; offset += no ; } Security Domain public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i , int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } } Attributes Security Role ID Attributes ID Action Subject Object public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); for ( int i = m ; i < s1 ; i++ ) { if ( ( i % s2 ) == 0 ) result += " "; result += " "; ascii += " "; } if ( m > 0 ) { result += " [" + ascii + "]\r\n"; } return result; } private static String _hexmap = "0123456789abcdef"; private static String _int2hex ( long i , int n ) { String result = ""; for ( int j = 0 ; j < n ; j++ ) { int m = (int)(i & (long)0xf); } } Non-Security Non-Security public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5 }tch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + digest.update(args[0].getBytes()) ; System.out.println("Input : " + digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16 System.out.println("Digest : " formatBin2Hex(digest.digest(), 1formatBin2Hex(digest.digest(), 16 formatBin2Hex(digest.digest(), 16 int m = ( n % s1 ); } } Attributes Attributes public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ e.printStackTrace() ; System.exit(1) ; } digest.update(args[0].getBytes()) ; System.out.println("Input : " + formatBin2Hex(args[0].getBytes(), 16, 2) +"\n" ) ; System.out.println("Digest : " + formatBin2Hex(digest.digest(), 16, 2) +"\n" ) ; int m = ( n % s1 ); } } Age Location Time Security is Pervasive (ctd.) • Application-level security is crosscutting in structure Bart De Win

  9. Security is Evolving • Security of a system is often implemented once and for all • Unanticipated risks and changes • Threat analysis incomplete • Change in environment • System • Security policy (company, law, …) Bart De Win

  10. Security Domain Attributes Security Role /** Method to calculate the digest of the current message. *After calculation, the engine is reset. *@return returns the message digest in a bytearray. */ public byte[] engineDigest(){ //calculate correct number of bits in total message digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ long origMsgCount = count << 3 ; //append padding bits engineUpdate((byte)128) ; // append byte "10000000" while (((int)(count & 63)) != 56){ engineUpdate((byte)0) ; //append byte 0 until 56 mod 64 } /** Current 64 byte block to process */ private byte[] currentBlock = new byte[64] ; /** Constructor. */ public MD5(){ super("MD5") ; engineReset() ; } // *********************** // JCA JAVA ENGINE METHODS // *********************** /** Method to reset the MD5 engine. digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ */ public void engineReset(){ count = 0 ; } ID SecurityBinding Attributes ID public class MD5Test { public static void main(String[] args){ MessageDigest digest = null ; Security.addProvider(new DistriNet()) ; try{ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } digest = MessageDigest.getInstance("MD5", "Distrinet") ; } catch(Exception e){ catch(Exception e){ digest = MessageDigest.getInstance("MD5", "Distrinet") ; } Action Subject Object • Rationale • Address identified problems (pervasiveness, evolution) • Applicability claimed [Filman98, Devanbu00, Suvee03, …] • Challenges • Security binding • Complex requirements • Flexibility and reuse Non-Security Non-Security Attributes Attributes Age Location Time Our research Optimization of the modularization of application-level security using Aspect-Oriented Software Development Bart De Win

  11. Two approaches • Interception-based AOSD • Intercept application execution events and execute extra behavior on these events • Application modules are not modified • Weaving-based AOSD • Language-based approach • Application modules are modified Bart De Win

  12. Security binding Security mechanism Basic Access Control in AspectJ Aspect Authorization { pointcut checkedMethods(): execution(* Account.withdraw(..)) ; Object around() throws Exception: checkedMethods() { Subject subj = null ; try { subj = <get subject> ; boolean allowed = <access control decision> ; if (allowed) {return proceed ; } else {throw new AccessControlException(“Access denied”) ; } } catch(RuntimeException e){…} } } Bart De Win

  13. Evaluation + + good support + 0 basic support - - - no support Bart De Win

  14. Impact on Security Bart De Win

  15. Secure Software Development Process Bart De Win

More Related