Security and TrustBy Troy Lee

Overview• Security• Design Principles• Architectural Access Control• Access Control Models• Connector-centric Architectural Access Control

• Distributed Security• Protection Against Piracy• Trust Management• Trust• Trust Model• Reputation-Based Systems• Architectural Approach to Decentralized Trust Management

Computer Security• “The protection afforded to an automated information

system in order to attain the applicable objectives of preserving the integrity, availability, and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” – National Institute of Standards and Technology

3 Main Aspects• Confidentiality (aka Secrecy)• Integrity• Availability

Confidentiality• Preventing unauthorized parties from accessing the

information or perhaps even being aware of the existence of the information

Cryptography• Equations• Cipher = Encryption Function(Encryption_Key, ClearText)• ClearText = Decryption Function(Decryption_Key, Cipher)

• 2 Forms• Shared-Key Cryptography• Public-Key Cryptography

• Best Practices• Evaluate Performance, Architecture, and Security Requirements• Choose a Suitable Public Algorithm• Use Frequently Changing Keys as the Primary Secrecy Mechanism

Integrity• Only authorized parties can manipulate the information and

do so only in authorized ways

Availability• Accessible by authorized parties on all appropriate occasions

Design Principles• Least Privilege• Fail-Safe Defaults• Economy of Mechanism• Complete Mediation• Open Design• Separation of Privilege• Least Common Mechanism• Psychological Acceptability• Defense in Depth

Defense in Depth

Architectural Access Control• Access Control Models• Connector-Centric Architectural Access Control

Access Control Models• Classic Discretionary Access Control• Role-Based Access Control• Mandatory Access Control

Connector-Centric Architectural Access Control• Basic Concepts• Central Role of Architectural Connectors• Algorithm to Check Architectural Access Control• Integrating Security in ASTER

Basic Concepts• Subject• Principal• Resource• Permission• Privilege• Safeguard

Central Role of Architectural Connectors• Components• Connectors• Secure Architecture Description Language

Secure xADL

Algorithm to Check Architectural Access Control

Secure Cooperation

Firefox

Integrating Security in ASTER

Distributed Security

Protection Against Piracy• Goals• Raise Cost of Breaking Protection Mechanism• Increase Probability of Being Caught• Discourage Attempts at Piracy

• Technologies• Hardware and Software Tokens• Water Marking• Code Partitioning

Trust Management• Trust• Trust Model• Reputation-Based Systems• Architectural Approach to Decentralized Trust Management

Trust• “A particular level of the subjective probability with which an

agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action” – Diego Gambetta

Trust Model• Describes the trust information that is used to establish trust

relationships, how that trust information is obtained, how that trust information is combined to determine trustworthiness, and how that trust information is modified in response to personal and reported experiences

Reputation-Based Systems• Types• Decentralized• Centralized

• Examples• Ebay• XREP

XREP• Phase 1 – Resource Searching• Phase 2 – Resource Selection and Vote Polling• Phase 3 – Vote Evaluation• Phase 4 – Best Servent Check• Phase 5 – Resource Downloading

Phase 1

Phase 2

Phase 3

Phase 4

Phase 5

Architectural Approach to Decentralized Trust Management• Threats• Measures to Address Threats• Guidelines to Incorporate into an Architectural Style• Resultant Architectural Style• PACE Architectural Style• PACE-Based Trust-Enabled Decentralized File-Sharing App

Threats• Impersonation• Fraudulent Actions• Misrepresentation• Collusion• Denial of Service• Addition of Unknowns• Deciding Whom to Trust• Out-of-Band Knowledge

Measures to Address Threats• Use of Authentication• Separation of Internal Beliefs and Externally Reported

Information• Making Trust Relationships Explicit• Comparable Trust

Guidelines to Incorporate into an Architectural Style• Digital Identities• Separation of Internal and External Data• Making Trust Visible• Expression of Trust

Resultant Architectural Style• Functional Units• Communication• Information• Trust• Application

PACE Architectural Style

PACE-Based Trust-Enabled Decentralized File-Sharing App

Summary• Security• Design Principles• Architectural Access Control• Access Control Models• Connector-centric Architectural Access Control

• Protection Against Piracy• Trust Management• Trust• Trust Model• Reputation-Based Systems• Architectural Approach to Decentralized Trust Management

References• Bidan, C., and V. Issarny. Security Benefits from Software Architecture.

Web. 7 Apr. 2012. <http://www.springerlink.com/content/87378446049q1783/fulltext.pdf>.

• Devanbu, Premkumar T., and Stuart Stubblebine. Software Engineering for Security: A Roadmap. 2000. Web. 7 Apr. 2012. <http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.23.1303>.

• Nagaratnam, Nataraj, Philippe Janson, John Dayka, Anthony Nadalin, Frank Siebenlist, Von Welch, Ian Foster, and Steve Tuecke. The Security Architecture for Open Grid Services. 17 July 2002. Web. 7 Apr. 2012. <ftp://ftp.cigs.unimo.it/pub/OGSA-SecArch-v1-07192002.pdf>.

• Taylor, Richard N., Nenad Medvidovic, and Eric M. Dashofy. Software Architecture: Foundations, Theory, and Practice. Hoboken, NJ: Wiley, 2010. Print.