Upload
mary-anderson
View
218
Download
0
Embed Size (px)
Citation preview
Enhancing Security in Enterprise Distributed Real-time and Embedded Systems using Domain-specific Modeling Akshay Dabholkar, Joe Hoffert, Aniruddha Gokale, and Doug Schmidt
March 20, 2007
• Modeling CCM role-based access control (RBAC) rules and rights at design time• Eliminates tedious and error-prone role-based checking at run-time• Allows definition of platform-specific rights families like a PIM
• Allowing multilevel Security QoS provisioning through a configurable security policy framework• Eliminates time consuming and inefficient runtime checks for consistency, conflicts, redundancy.
• Tailored to meet domain & application specific QoS requirements• Providing fine-grained as well as coarse-grained access control and security guarantees
• Facilitates flexibility as well as customization• Defining annotations for configuring security in component middleware
• Allows middleware configurations specific to the needs of different parts of a system
• Enables secure application deployment through middleware configuration
• Provisioning for defining Workflow/Business Process/Critical Path security
Addressing Security via the Security Quality of Service (QoS) Modeling Language (SQML)
Addressing Trust & Resiliency via the DDS Quality of Service (QoS) Modeling Language (DQML)
• Enhances trust by supporting correct-by-construction QoS configurations at design time• Eliminates complex, tedious, and error-prone QoS compatibility and consistency checking at run-time or compile-time
• Provides separation of concerns to facilitate configuration analysis better• Generates application artifacts (e.g., configuration files)• Supports resiliency research by providing a base for higher level DDS resiliency services• Model redundant replicas with desired properties in DQML• Basis for DDS fault-tolerant service
Data flows as intended via correct-by-construction QoS configurations (e.g., Power Grid ULS System)
Durability-Volatile
Durability-Transient
Reliability- Reliable
Reliability- Reliable Deadline-
10ms
Deadline-20ms
Liveliness-Manual By Topic
Liveliness-Automatic
Nuclear Reactor Status
Timebased-5ms
Nuclear Reactor Control Room Power Grid
Control Room
Power Substation Status
Deadline-10ms
Deadline-15ms
Power Substation 1
Nuclear Reactor
Deadline-10ms
Power Substation 2
Power Substation 3
Deadline-15ms
Reliability- Reliable
Ongoing Research
• Creation of higher level DDS services built on DQML work• Discovery and documentation of DDS patterns• Creation of DDS fault-tolerance service (e.g., using ownership/ownership strength, durability policies, multiple readers and writers, hot-swap and failover DDS pattern)
• Creation of DDS real-time data service (e.g., using deadline, transport priority, latency budget policies, continuous data pattern)
• Generation of security mapping and security platform independent model (PIM)• Map SQML’s RBAC onto DDS security service• Develop security PIM with SQML and DQML security services as input
Motivating Example: Ultra-Large Scale (ULS) SystemsULS systems require:
• Security – capability of the system to provide confidentiality, integrity, and availability on the ULS system data and services both locally and globally
• Trust – extent to which users of the ULS system will be able to rely on the data and services of the ULS system
• Resiliency – capability of the ULS system to maintain an acceptable level of service while under stress from adverse environmental conditions such as attacks or cascading failures
National/International Power Grid
Air Traffic ManagementConstellations of Satellites
Homeland Defense
Challenges for EDRE Middleware:• End-to-end Security – security must be incorporated into all aspects and layers of the application
• Correctness – design of the application must be ensured when deployed• Redundancy – backups of critical pieces of the application must be configured properly and take over when needed
Planner1Durability-
Volatile
Durability-Transient
Reliability- Reliable
Reliability- Reliable
Deadline-10ms Deadline-
20ms
Liveliness-Automatic
Nuclear Reactor Status
Nuclear Reactor Control Room
Nuclear Reactor
Timebased-5ms
Deadline-10ms
Liveliness-Manual By Topic
Map SQML security onto DQML
Security PIM
SQML input to security
PIM DQML input to security PIM
Interface Security QoS
Domain-Specific Security Policy
Component Security QoS
Planner1
Conforms to Policy