Upload
christopher-craig
View
213
Download
0
Embed Size (px)
Citation preview
1
Presenter: Li Yang
School of Computer Science
Florida International University
Security Enforced Mediation System
2
Outline
Introduction Background
Mediation System Our Work
Security Enforced Data Integration Related Work Future Work
3
Introduction
Pressing needs for data integration Data are scattered in multiple data sources Data sources are heterogeneous
Security is an important problem Protect digital properties Prevent unauthorized users from obtaining
unauthorized data and resources i..e. Vladimir Levin, more than $10M stolen
from citibank, 1994
4
Introduction
Attackers/Intruders/Malfeasors
Security Architecture
SecurityFeatures
orServices
Requirements& Policies
SecurityMechanisms
User
InformationInformationandandData SourcesData Sources
5
Security is an imperative condition in the context of data integration
Our system:– Integrates heterogeneous data sources– Secures system from unauthorized
accessi.e., global sensitive data, context-aware
Introduction
6
Security Enforcement – hospital system example
diagnosistreatment
<doctor, diagnosis, + read>, <doctor, treatment, + read>,<nurse, diagnosis, - read>, <nurse, treatment, + read>
<doctor, diagnosis, + read>, <doctor, treatment, + read>,<nurse, diagnosis, - read>, <nurse, treatment, + read>
1. <doctor, treatment, read>
2. <doctor, treatment, read> 3. Yes / “+”
4.<doctor, treatment, read>
5. treatment
5. treatment
Hospital
Security Specification
7
Outline
Introduction Background
Mediation System Our Work
Security Enforced Mediation System
Related Work Future Work
8
Mediation System-- Architecture
Mediation system architecture
Contributions: IEEE ISPAN04: Three-layered Mediator Architecture based on DHT
ACMMUM04: A Mediation Framework for Multimedia Delivery
Global_Mediator
Mediator_Composer
Mediator_Composer
Mediator_Composer
Source 1Source 1 Source 2Source 2 Source 3Source 3
Mediator_Connector 1
Mediator_Connector 2
Mediator_Connector n
Client
Goal: integrated query processing
Global_Mediator
Mediator_Composer
Mediator_Connector
9
Mediation System-- Exchange Model (XML)
XML and its tree structure XPath, i.e., “//record”
<record>
<id> 00000 </id>
<case>
<disease> Fever </disease>
<test> xray01.jpg</test>
</case>
<address> 123 SW 48th St, Miami, FL </address>
</record>
record
id case
disease test
address
10
Mediation System-- Execution
record
id case
address
diagnosis test
prescription
medicine
treatmentGlobal view
Local View 1 Local View 2
Offline Preparation: Generate global view Semantic mapping
between the global view and source views
23
1 4
23
id
patient
prescription
medicine treatment
case
xray
record
id case
disease test
address
Online query:1. Query against the global
schema type2. Decompose query into sub-
queries3. Sub-queries process4. return result
11
Outline
Introduction Background
Mediation System Our Work
Security Enforced Mediation System Related Work Future Work
12
Phase 1: Authentication– Users Login (Each user has a Role)
Phase 2: Authorization & Integration– User View is loaded and User can only
query against his/her view– Query is checked for security constraints– Integrate the relevant results
Security Enforced Mediation System
13
User Authentication Global Mediator
MediatorComposer
MediatorConnector
Databases
SecurityCheck
SecurityCheck
1.log in2.
authenticate
3. returnSecureVie
w4. poseQuery 5.checkQuery decomposeQu
ery 6. translateQuer
y
7. checkQuery
queryDatabases
8. returnResult9.
unifyResult10. integrateResult11.
presentResult
Security Enforced Mediation System
14
Security - Login Users have:
– Username– Password– Role associated with them
→Unauthorized users cannot log in and use our system
15
Security – Role Views
Each role has it’s own view– Example: Nurse can see everything
except for social security number→Social Security Number is not in her view
DB of Views
System Login
Nurse’s View
user = orask001
role = “nurse”
visible view
17
Runtime Security Check
User’s Query is checked before the query is executed to prevent accessing forbidden information
QuerySecurity Checker
Secure Query
DBAnswer
cando(nurse, //record, + read)
← workTime(sessionID) & workArea(sessionID)
& attending(nurse, record)Q= “//record”SQ=
“//record” ?
18
List of Constraints for Security Checker Context-based Constraints:
– workTime(sessionID), Information is accessed during hospital’s work time (i.e. Clinic open 8am – 5pm)
– workArea(sessionID), Information is accessed at hospital’s work area (i.e. Nurse works in workstation with IP=172.25.2.149)
Runtime Security Check
19
Relationship Constraints– attending(nurse, record), the nurse’s name
is in patient’s medical record. cando(nurse, record, + read) ←
workTime(sessionID) & workArea(sessionID) & attending(nurse, record)
– mySickRelative(user, patient), The relative is in the emergency contact of the patient.
cando(relative, patient, read) ← mySickRelative (relative, patient)
Runtime Security Check
20
History-based constraints– inHistory(user, diagnosis, read), user has read the
diagnosis
cando(user, name, -read) inHistory(user, diagnosis, read)
A user can not read patient’s name if he/she has read patient’s diagnosis
Runtime Security Check
21
Security Enforced Data Integration
Relevant distributed data are retrieved→ Data Integration
“Join” data from heterogeneous data sources by the common key (SSN).
“Run” records through Data Integration
22
Security Enhanced Data Integration
123456789 123456789
Clie N Tee
2867814
125 SW 49st
Clark
Kent
5558989
ssn
f_namel_namephone
CLINIC CONSULTATION
ssn
full_Namep_numaddress
ssn
address
phone
full_name
123456789
Clark
Kent
5558989
123456789
Clie N Tee
2867814
125 SW 49st
record
Global view
Clinic View Consultation View
Clark KentClie N Tee
125 SW 49st
55589892867814
24
Security Enforcement Summary
Authentication Authorization
1. Load the visible view based on the user’s role
2. Check the runtime security constraints 3. Query and integrate relevant results
25
Demo
Security ONSecurity ON Testing Technician:
1. During work hours and in work area2. View only displays patient’s tests
Testing Patient:1. Only patient’s own record is retrieved
Security OffSecurity Off Users see all the information
26
Outline
Introduction Background
Mediation System Our Work
Security Enforced Data Integration Related Work Future Work
27
View-based Access Control [Damiani02]
Query DataACR
View-based access control
ACR is stored together with D (spatially), and/or
ACR and D are first processed (temporally)
Query is safe without any further care
Each subject/role visible to only safe data for the subject/role
nurse view
receptionist view
Data source View
doctor view
View Computing
ACR
offline
userquery
answer
online
28
The Pre-Processing Approach
Query ACR Data
Pre-processing approach
ACR and Q are first processed while D is stored elsewhere
The QFilter approach [Luo04]
User’s query are rewritten such that any parts violating access control rules are pruned
answer
Data Source View
user queryQFilter
ACR
Secure query
29
Contributions & Conclusion
Hybrid Enforcement Strategy Extensibility (constraints) Less maintenance efforts Reusability (views)
Flexible and extensible security policy modeling Context-aware Different point policy specification Semantic heterogeneity
31
Future Work
An extended authorization model Incorporating post events processing [Kudo00] Post events include auditing, digital signature verification
An aspect-driven approach for security policy composition Software systems evolve with the time Composition method for structuring security policies Aspect-driven framework for realization of security control
policies for mediation systems
Preliminary result: SEKE04: Enhancing mediation security by aspect-oriented approach ICECCS05: Secure software architecture design by aspect orientation
32
Acknowledgement
Dr. Raimund K. Ege Dr. Xudong He SSA Group in School of Computer
Science at Florida International University
Software Engineering Project Group: Adam,Fayaz Amirali; Raskin,Olga; Smith,Nikel Noima
NSF HRD 0317692 CREST Grant
33
Selected Publications
Li Yang, Raimund K. Ege, Dynamic integration strategy for mediation framework. SEKE’05. Li Yang, Raimund K. Ege and Huiqun Yu, Modeling and verifying mediation framework. The
10th IEEE International Conference on the Engineering of Complex Computer Systems (ICECCS’05).
Li Yang, Raimund K. Ege and Huiqun Yu. Security specification and enforcement in heterogeneous databases. The 20th Annual ACM Symposium on Applied Computing (SAC’05), Computer Security Track, Santa Fe, New Mexico, March, 2005.
Li Yang, Raimund K. Ege and Huiqun Yu. Mediation framework modeling and verification (Abstract). The 20th Annual ACM Symposium on Applied Computing (SAC’05), Software Engineering Track Santa Fe, New Mexico, March, 2005.
Li Yang, Raimund K. Ege, Onyeka Ezenwoye and Qasem Kharma A role-based access control model for information mediation, The 2004 IEEE International Conference on Information Reuse and Integration, pages 277-282, Las Vegas, NV, 2004.
Li Yang and Raimund K. Ege and Huiqun Yu, Enhancing mediation security by aspect-oriented approach, Software Engineering and Knowledge Engineering (SEKE’04), Banff, Alberta, Canada, June, 2004.
Raimund K. Ege, Li Yang, Qasem Kharma, Xudong Ni, Three-layered mediator architecture based on DHT , International Symposium on Parallel Architectures, Algorithms, and Networks (I-SPAN), IEEE Computer Society Press, Hong Kong, May, 2004.
Li Yang and Raimund K. Ege, Modeling and verification of real-time mediation systems, Advanced Simulation Technologies Conference (ASTC), pages 61-68, Arlington, Virginia, April, 2004.