• Home

  • Documents

  • Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific...
1
Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale, and Doug Schmidt March 20, 2007 •Modeling CCM role-based access control (RBAC) rules and rights at design time •Eliminates tedious and error-prone role-based checking at run-time •Allows definition of platform-specific rights families like a PIM •Allowing multilevel Security QoS provisioning through a configurable security policy framework •Eliminates time consuming and inefficient runtime checks for consistency, conflicts, redundancy. •Tailored to meet domain & application specific QoS requirements •Providing fine-grained as well as coarse-grained access control and security guarantees •Facilitates flexibility as well as customization •Defining annotations for configuring security in component middleware •Allows middleware configurations specific to the needs of different parts of a system •Enables secure application deployment through middleware configuration •Provisioning for defining Workflow/Business Process/Critical Path security Addressing Security via the Security Quality of Service (QoS) Modeling Language (SQML) Addressing Trust & Resiliency via the DDS Quality of Service (QoS) Modeling Language (DQML) •Enhances trust by supporting correct-by-construction QoS configurations at design time •Eliminates complex, tedious, and error-prone QoS compatibility and consistency checking at run-time or compile-time •Provides separation of concerns to facilitate configuration analysis better •Generates application artifacts (e.g., configuration files) •Supports resiliency research by providing a base for higher level DDS resiliency services •Model redundant replicas with desired properties in DQML •Basis for DDS fault-tolerant service Data flows as intended via correct-by-construction QoS configurations (e.g., Power Grid ULS System) Durability- Volatile Durability- Transient Reliability- Reliable Reliability- Reliable Deadline- 10ms Deadline- 20ms Liveliness- Manual By Topic Liveliness- Automatic Nuclear Reactor Status Timebased- 5ms Nuclear Reactor Control Room Power Grid Control Room Power Substation Status Deadline- 10ms Deadline- 15ms Power Substation 1 Nuclear Reactor Deadline- 10ms Power Substation 2 Power Substation 3 Deadline- 15ms Reliability- Reliable Ongoing Research •Creation of higher level DDS services built on DQML work •Discovery and documentation of DDS patterns •Creation of DDS fault-tolerance service (e.g., using ownership/ownership strength, durability policies, multiple readers and writers, hot-swap and failover DDS pattern) •Creation of DDS real-time data service (e.g., using deadline, transport priority, latency budget policies, continuous data pattern) •Generation of security mapping and security platform independent model (PIM) •Map SQML’s RBAC onto DDS security service •Develop security PIM with SQML and DQML security services as input Motivating Example: Ultra-Large Scale (ULS) Systems ULS systems require: Security – capability of the system to provide confidentiality, integrity, and availability on the ULS system data and services both locally and globally Trust – extent to which users of the ULS system will be able to rely on the data and services of the ULS system Resiliency – capability of the ULS system to maintain an acceptable level of service while under stress from adverse environmental conditions such as attacks or cascading failures National/International Power Grid Air Traffic Management Constellations of Satellites Homeland Defense Challenges for EDRE Middleware: End-to-end Security – security must be incorporated into all aspects and layers of the application Correctness – design of the application must be ensured when deployed Redundancy – backups of critical pieces of the application must be configured properly and take over when needed Planner1 Durability- Volatile Durability- Transient Reliability- Reliable Reliability- Reliable Deadline- 10ms Deadline- 20ms Liveliness- Automatic Nuclear Reactor Status Nuclear Reactor Control Room Nuclear Reactor Timebased- 5ms Deadline- 10ms Liveliness- Manual By Topic Map SQML security onto DQML Security PIM SQML input to security PIM DQML input to security PIM Interface Security QoS Domain- Specific Security Policy Component Security QoS Planner1 Conforms to Policy

Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,

Embed Size (px)

Citation preview

Page 1: Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale,

Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale, and Doug Schmidt

March 20, 2007

• Modeling CCM role-based access control (RBAC) rules and rights at design time• Eliminates tedious and error-prone role-based checking at run-time• Allows definition of platform-specific rights families like a PIM

• Allowing multilevel Security QoS provisioning through a configurable security policy framework• Eliminates time consuming and inefficient runtime checks for consistency, conflicts, redundancy.

• Tailored to meet domain & application specific QoS requirements• Providing fine-grained as well as coarse-grained access control and security guarantees

• Facilitates flexibility as well as customization• Defining annotations for configuring security in component middleware

• Allows middleware configurations specific to the needs of different parts of a system

• Enables secure application deployment through middleware configuration

• Provisioning for defining Workflow/Business Process/Critical Path security

Addressing Security via the Security Quality of Service (QoS) Modeling Language (SQML)

Addressing Trust & Resiliency via the DDS Quality of Service (QoS) Modeling Language (DQML)

• Enhances trust by supporting correct-by-construction QoS configurations at design time• Eliminates complex, tedious, and error-prone QoS compatibility and consistency checking at run-time or compile-time

• Provides separation of concerns to facilitate configuration analysis better• Generates application artifacts (e.g., configuration files)• Supports resiliency research by providing a base for higher level DDS resiliency services• Model redundant replicas with desired properties in DQML• Basis for DDS fault-tolerant service

Data flows as intended via correct-by-construction QoS configurations (e.g., Power Grid ULS System)

Durability-Volatile

Durability-Transient

Reliability- Reliable

Reliability- Reliable Deadline-

10ms

Deadline-20ms

Liveliness-Manual By Topic

Liveliness-Automatic

Nuclear Reactor Status

Timebased-5ms

Nuclear Reactor Control Room Power Grid

Control Room

Power Substation Status

Deadline-10ms

Deadline-15ms

Power Substation 1

Nuclear Reactor

Deadline-10ms

Power Substation 2

Power Substation 3

Deadline-15ms

Reliability- Reliable

Ongoing Research

• Creation of higher level DDS services built on DQML work• Discovery and documentation of DDS patterns• Creation of DDS fault-tolerance service (e.g., using ownership/ownership strength, durability policies, multiple readers and writers, hot-swap and failover DDS pattern)

• Creation of DDS real-time data service (e.g., using deadline, transport priority, latency budget policies, continuous data pattern)

• Generation of security mapping and security platform independent model (PIM)• Map SQML’s RBAC onto DDS security service• Develop security PIM with SQML and DQML security services as input

Motivating Example: Ultra-Large Scale (ULS) SystemsULS systems require:

• Security – capability of the system to provide confidentiality, integrity, and availability on the ULS system data and services both locally and globally

• Trust – extent to which users of the ULS system will be able to rely on the data and services of the ULS system

• Resiliency – capability of the ULS system to maintain an acceptable level of service while under stress from adverse environmental conditions such as attacks or cascading failures

National/International Power Grid

Air Traffic ManagementConstellations of Satellites

Homeland Defense

Challenges for EDRE Middleware:• End-to-end Security – security must be incorporated into all aspects and layers of the application

• Correctness – design of the application must be ensured when deployed• Redundancy – backups of critical pieces of the application must be configured properly and take over when needed

Planner1Durability-

Volatile

Durability-Transient

Reliability- Reliable

Reliability- Reliable

Deadline-10ms Deadline-

20ms

Liveliness-Automatic

Nuclear Reactor Status

Nuclear Reactor Control Room

Nuclear Reactor

Timebased-5ms

Deadline-10ms

Liveliness-Manual By Topic

Map SQML security onto DQML

Security PIM

SQML input to security

PIM DQML input to security PIM

Interface Security QoS

Domain-Specific Security Policy

Component Security QoS

Planner1

Conforms to Policy

5 - Mr. Aniruddha Basu - Managing Distribution - The Other Side of Regulaion.pdf

5 - Mr. Aniruddha Basu - Managing Distribution - The Other Side of Regulaion.pdf

Documents
Sumant Tambe* Jaiganesh Balasubramanian Aniruddha Gokhale Thomas Damiano

Sumant Tambe* Jaiganesh Balasubramanian Aniruddha Gokhale Thomas Damiano

Documents
20 February 2016Joe Hoffert Quality of Service Configuration DSML for the Data Distribution Service Joe Hoffert

20 February 2016Joe Hoffert Quality of Service Configuration DSML for the Data Distribution Service Joe Hoffert

Documents
FOR LEASE€¦ · Retail Casey McClelland 780.969.3003 casey.mcclelland@colliers.com Mike Hoffert hungerfordproperties.com780.969.3035 mike.hoffert@colliers.com Rendering and sketches

FOR LEASE€¦ · Retail Casey McClelland 780.969.3003 [email protected] Mike Hoffert hungerfordproperties.com780.969.3035 [email protected] Rendering and sketches

Documents
Jeff Gray and Aniruddha Gokhale · Jeff Gray and Aniruddha Gokhale Software Composition and Modeling Laboratory University of Alabama at Birmingham Institute for Software Integrated

Jeff Gray and Aniruddha Gokhale · Jeff Gray and Aniruddha Gokhale Software Composition and Modeling Laboratory University of Alabama at Birmingham Institute for Software Integrated

Documents
Common Spider Families of Mumbai by Aniruddha Dhamorikar

Common Spider Families of Mumbai by Aniruddha Dhamorikar

Technology
Susanna Hoffert

Susanna Hoffert

Documents
Wanderer's Eye: Medway Creek Reflections by Aniruddha H D

Wanderer's Eye: Medway Creek Reflections by Aniruddha H D

Education
Bulletin -- CHRISTMAS & NEW YEAR EDITION 315 Douglas Ave ... · OFFICE WILL RESUME ON JAN. 3, 2018. CHRISTMAS & NEW YEAR’S DAY MASS TIMES ... MARLENE & GORDON HOFFERT rian Hoffert

Bulletin -- CHRISTMAS & NEW YEAR EDITION 315 Douglas Ave ... · OFFICE WILL RESUME ON JAN. 3, 2018. CHRISTMAS & NEW YEAR’S DAY MASS TIMES ... MARLENE & GORDON HOFFERT rian Hoffert

Documents
Scanned with CamScanner · Title: Aniruddha Chalisa Author: CamScanner Subject: Aniruddha Chalisa

Scanned with CamScanner · Title: Aniruddha Chalisa Author: CamScanner Subject: Aniruddha Chalisa

Documents
By Aniruddha Bagchi Dissertation Submitted to the Faculty of the … · 2016. 11. 21. · Aniruddha Bagchi Dissertation Submitted to the Faculty of the Graduate School of Vanderbilt

By Aniruddha Bagchi Dissertation Submitted to the Faculty of the … · 2016. 11. 21. · Aniruddha Bagchi Dissertation Submitted to the Faculty of the Graduate School of Vanderbilt

Documents
Order of progress reports March 11 Yamrus/Wirth Terry/Kolansky Hoffert/Sluhocki March 18

Order of progress reports March 11 Yamrus/Wirth Terry/Kolansky Hoffert/Sluhocki March 18

Documents
Wanderer's Eye - Manitoulin Island Chapter by Aniruddha H D

Wanderer's Eye - Manitoulin Island Chapter by Aniruddha H D

Education
Rationalist, - lokayat.org.inlokayat.org.in/books/Rationalist_Scientific_Socialis_Vivekananda.pdf · Rationalist, Scientific, Socialist Vivekananda Author Dattaprasad Dabholkar Translation

Rationalist, - lokayat.org.inlokayat.org.in/books/Rationalist_Scientific_Socialis_Vivekananda.pdf · Rationalist, Scientific, Socialist Vivekananda Author Dattaprasad Dabholkar Translation

Documents
Training at Khan Electrical Aniruddha

Training at Khan Electrical Aniruddha

Documents
Arvind S. Krishna, Aniruddha S. Gokhale , Douglas C. Schmidt

Arvind S. Krishna, Aniruddha S. Gokhale , Douglas C. Schmidt

Documents
18 December 2015Joe Hoffert, Aniruddha Gokhale, Doug Schmidt Enabling Trustworthy Systems with the DDS Quality of Service Modeling Language Joe Hoffert,

18 December 2015Joe Hoffert, Aniruddha Gokhale, Doug Schmidt Enabling Trustworthy Systems with the DDS Quality of Service Modeling Language Joe Hoffert,

Documents
Presented By: Luis (Lead) Sonal Aniruddha Manjil

Presented By: Luis (Lead) Sonal Aniruddha Manjil

Documents
ANIRUDDHA MEENA 10603067 - ethesisethesis.nitrkl.ac.in/.../final_year_project_report_aniruddha_meena.pdf · ANIRUDDHA MEENA 10603067 DEPRTMENT OF MECHANICAL ENGINEERING NATIONAL INSTITUTE

ANIRUDDHA MEENA 10603067 - ethesisethesis.nitrkl.ac.in/.../final_year_project_report_aniruddha_meena.pdf · ANIRUDDHA MEENA 10603067 DEPRTMENT OF MECHANICAL ENGINEERING NATIONAL INSTITUTE

Documents
Dr. Aniruddha Basak ABSTRACT

Dr. Aniruddha Basak ABSTRACT

Documents
1 Assessing Contemporary Modularization Techniques for Middleware Specialization Akshay Dabholkar & Aniruddha Gokhale aky@dre.vanderbilt.edu OOPSLA ACoM

1 Assessing Contemporary Modularization Techniques for Middleware Specialization Akshay Dabholkar & Aniruddha Gokhale [email protected] OOPSLA ACoM

Documents
Krishna Leela Series - Part 57 - The Meeting of Usha and Aniruddha

Krishna Leela Series - Part 57 - The Meeting of Usha and Aniruddha

Education
Aniruddha Medhi

Aniruddha Medhi

Documents
Atish Dabholkar CNRS/University of Paris Tata Institute, Mumbai...Atish Dabholkar Exact Quantum Entropy 26 Spacetime Index • Thus Boltzman relation gives a way compute using this

Atish Dabholkar CNRS/University of Paris Tata Institute, Mumbai...Atish Dabholkar Exact Quantum Entropy 26 Spacetime Index • Thus Boltzman relation gives a way compute using this

Documents
Shawn Hoffert Arbitration

Shawn Hoffert Arbitration

Documents
A Fundable Demonstration Platform Delivering Electricity to Earth Via Solar Powered Lasers in Space Eric Hoffert and Marty Hoffert Versatility Energy Contacts:

A Fundable Demonstration Platform Delivering Electricity to Earth Via Solar Powered Lasers in Space Eric Hoffert and Marty Hoffert Versatility Energy Contacts:

Documents
Soundstreams New Models of Distribution Conference - Paul Hoffert Keynote Presentation

Soundstreams New Models of Distribution Conference - Paul Hoffert Keynote Presentation

Entertainment & Humor
‘Share Blood - Save A Life’ Mission Dr Aniruddha Dharmadhikari

‘Share Blood - Save A Life’ Mission Dr Aniruddha Dharmadhikari

Documents
Integrated Silicon Photonics – An Overview Aniruddha N. Udipi

Integrated Silicon Photonics – An Overview Aniruddha N. Udipi

Documents
Aniruddha Neogi, FCA, CISA, CGEIT,CRISC

Aniruddha Neogi, FCA, CISA, CGEIT,CRISC

Documents