1 / 32

Ideas for future work

Ideas for future work. E. Fernandez 10/07/04. Where are we now?. We sent a proposal on medical security to NSF—It was not funded We got money for wireless web services security—Project is starting We wrote several papers and several more are being written

hank
Télécharger la présentation

Ideas for future work

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ideas for future work E. Fernandez 10/07/04

  2. Where are we now? • We sent a proposal on medical security to NSF—It was not funded • We got money for wireless web services security—Project is starting • We wrote several papers and several more are being written • Thesis work—Tami and Juan finished their MS theses. Nelly, Andrei, Alvaro, Ajoy, and Laszlo are defining their future work

  3. Medical security • Survey of models—Andrei has done some work on this. We will write a survey paper. • Access control model—We wrote two papers (LACCEI, eSociety). We are refining it. • New version of NSF proposal (NIH?)

  4. Work on medical modeling • Study of medical requirements and policies: BRCH and another hospital (Tami) • Study of HL7 and JADIS (Tami) • Paper on analysis of HL7 for security (Ed and Tami) • More patterns for medical applications and extension of model

  5. Secure software development • Paper for Las Vegas conference • Refine secure software development methodology: use cases, mapping from conceptual model to component model • More patterns for the catalog: XML firewall (Nelly, Ed, Saeed, Maria), network firewalls (Ed, Maria, Naeem, Nelly) • Adapt for wireless secure systems

  6. Specific items to do • Extend use case templates to indicate security constraints • Extend the component pattern to include security • Map from conceptual model security to component security

  7. Extend current work • Firewalls—Basic types are done, develop varieties • Attribute-based access control—Develop more pattern varieties and dynamic details • New pattern for virtual machine security • New pattern for virtual vault architecture

  8. Network Firewalls

  9. Attribute-based RBAC

  10. Physical/ location-based access control • Subjects are people. Protection object is a physical location. Type of access could be to a location or a part of a location. • This model can be used to control access to physical locations, e.g., rooms in a hospital. Ph.D. thesis of Alvaro • Mobile systems application—location privacy (MS Location-based services)

  11. Wireless web services security • We completed security survey (Wireless LAN handbook). Now being extended (Mike, Ed, Maria, Saeed) • Survey of cryptographic methods for wireless security (Saeed) • Survey of web services security (Ed, Tami, Maria) • Patterns for web services and distributed security (XML firewall, Secure Broker, SAML) • Secure wireless systems architecture

  12. Wireless web services • Many standards and still evolving • Some standards compete with each other or overlap • The situation gets more complex when we add wireless architectures • Clerify relationships between standards

  13. Patterns for web services and distributed security • Pattern for architecture of application firewall using multiple agents. Also Reverse Proxy pattern (Nelly) • Authentication patterns (Nelly) • Survey of web services security products • Patterns for Secure Broker units (Ed)

  14. Application Conceptual Model Adaptability Complexity Interaction Layers MVC / PAC Reflection distribution interoperation Client / Servant Adapter Broker Proxy access servant Façade management Communication ... naming Lookup resource service management ... concurrency ... event handling Client / Dispatcher / Server ... structure / extension

  15. Security of workflow and business levels • Study UML model for ebXML registries and develop pattern. • Workflow level security: BPL4WS, ebXML • An area largely unexplored

  16. RBAC hierarchies • R. Sandhu developed the ARBAC model • Administrators and subjects are organized in a lattice • They have applied this model to medical systems. • It is too restrictive, we can find better ways (I started in an old paper) (Saeed)

  17. A role hierarchy

  18. Other • VoIP (Juan)—We are writing two papers (Ed, Mike) • Chemical engineering patterns (Deepa) • Third party assurance (Mike) • Sarbanes/Oxley –regulation for financial institutions, this is a good area, nothing done on security aspects

  19. Conclusions • Many possibilities, all interesting • Look at Recent Publications in my web page and at past talks, ask me for references • Select an idea, write something, submit it for discussion (email) • Make a presentation for the group • Paper for conference or journal and/or thesis/dissertation

More Related