1 / 20

Research Project

Research Project. Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PI Ganesh Godavari, GRA Department of Computer Science University of Colorado at Colorado Springs Sponsored by NISSC - AFSOR. USNORTHCOM Research Question Addressed.

monicasmith
Télécharger la présentation

Research Project

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Research Project Techniques and Tools for Supporting Secure Information Sharing and Collaborative Work C. Edward Chow, PIGanesh Godavari, GRADepartment of Computer ScienceUniversity of Colorado at Colorado Springs Sponsored by NISSC - AFSOR SIS/chow

  2. USNORTHCOM Research Question Addressed SIS/chow

  3. Research Focus and Purpose Research Focus: Investigate Critical Techniques and Tools for Supporting Secure Information Sharing (SIS) and Collaborative Work Tasks: • Investigate efficient key and attributed certificate management for large-scale information sharing and collaborative workeasier/faster to share. • Study Infrastructure support for secure web-based collaborative applicationsfast to setup, reliable, secure • Research ubiquitous computing for sharing sensor and web informationaccess/distribute info anywhere, anytime, anyway SIS/chow

  4. Schedule Update • Follow the same schedule. SIS/chow

  5. Current Project Status: Task 1 Investigate efficient key and attributed certificate management for large-scale information sharing and collaborative work • Studied issues in large scale web-based secure access control using Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI). • Developed a concept prototype that demonstrate secure web access control with enhanced LDAP and Apache web servers. • Working on distributed directory server systems for supporting information sharing among multiple agencies SIS/chow

  6. Current Project Status: Task 2 Study Infrastructure support for secure web-based collaborative applications • Explored the use of Content Delivery Network (CDN) Infrastructure to support secure web-based collaborative applications. • Idea  Utilize existing CDN such as Akamai; extend existing web document caching functions to soft real-time collaborative applications (IM). • Investigating the solutions for resolving security issues between Java applets and cache servers. SIS/chow

  7. Current Project Status: Task 3 Research ubiquitous computing for sharing sensor and web information • Keeping track of current sensor network and ubiquitous computing literature. • Investigated new MicaZ sensor based on new 802.15.4 standard. • Plan to focus on this task Spring 2005. SIS/chow

  8. Current Funding Status • Paid for one faculty summer month salary. • Paid for two GRA summer month salary. • Paid for a Sony VGN-A170B notebook. SIS/chow

  9. Anticipated Results • Identify issues and present solutions for creating and managing a large scale secure web-based information sharing system among multiple independent agencies  Sharing results through publications. • Design prototypes for demonstrating the key concepts from the above research  Sharing software developed in this project by posting on CS and NISSC web sites. SIS/chow

  10. Preliminary Findings • Attribute certificate (RFC 328) based Privilege Management Infrastructure (PMI) make it easy to implement the secure role based access control in large scale SIS. • Web Servers can be enhanced with LDAP module to allow role-based access control. • LDAP can be extended to include attributed certificates. • LDAP can function as a central place for creating and managing the roles of users. SIS/chow

  11. Privilege Management Infrastructure (PMI) • Privilege Management Infrastructure • Similar to Public Key Infrastructure • Function is to specify the policy for the attribute certificate issuance and management Comparison of PKIs and PMIs [2] SIS/chow

  12. PKC vs. AC PKC binds a subject (DN) to a public key AC's binds permission (attributes) to an entity SIS/chow

  13. Unanticipated Results • Single LDAP is easy to configure. • Ganesh had a tough time to extend LDAP to include attribute certificates to work with the current stable version of openldap 2.2-15. We use an older version 2.0.27-8 instead. • Octetstringmatch does not work in new version and the suggestions of Dr. Chadwick of Permis Group for adding new object ID type was not accepted by openldap group (wait for standard?). • But it is really a pain to configure a set of LDAP server for cooperation (delegation/trust). SIS/chow

  14. Unanticipated ResultsPerformance Results on a single agency scenario SIS/chow

  15. Issues and Challenges • Automated tools for setting up SIS infrastructure with LDAP/Web servers/clients from multiple agencies. • Further Investigation on Federated Identity, RBAC policy and Security Assertion Markup Language (SAML) • Study policy-based systems and policy enforcing mechanisms, e.g., Michigan’s Antigone. • It is difficult to set up secure information sharing prototype without a real CA. Need tools to speed up the creation of certificates and the installation of fake CA certificates on every client/server. SIS/chow

  16. Needed Assistance • Large scale multiple agencies field trials to obtain real benchmarking results. • Help obtain samples of policies used in agencies, in terms of • Data sent over non-secure channels (such as Internet, wireless access) • Account creation • Certificate issuing SIS/chow

  17. Expectations Moving Forward • Explore issues in supporting large scale notification systems. • Potential new funding…(DHS,DoD,NSF) • Submit results to conferences IDCS/USENIX. SIS/chow

  18. SIS Testbed SIS/chow

  19. Directory Information Tree for sis-canada dc=sis-canada, dc=edu ou=coordinationExcercise ou=Research Similar DIT is for all the servers alpha-sis-canada epsilon-sis-canada SIS/chow

  20. Demo • alpha-sis-nissc access information from sis-connecticut.csnet.uccs.edu (level1 directory requires level1 manager role, which alpha is) • https://sis-connecticut.csnet.uccs.edu/level1/review.txt • https://sis-connecticut.csnet.uccs.edu/level1/upload.html • beta-sis-connecticut access information from sis-nissc.csnet.uccs.edu and sis-canada.csnet.uccs.edu (level2 directory requires level2 asstmanager role, which beta is) • https://sis-nissc.csnet.uccs.edu/level2/review.txt • https://sis-canada.csnet.uccs.edu/level2/review.txt • epsilon-sis-newjersey access information from sis-newjersey.csnet.uccs.edu (level3 directory requires level3 submanager role, which epsilon is) • https://sis-newjersey.csnet.uccs.edu/level3/review.txt SIS/chow

More Related