000000029 001__ 29
000000029 005__ 20130522141956.0
000000029 037__ $$aLERSSE-PRESENTATION-2005-012
000000029 041__ $$aeng
000000029 100__ $$aYi Deng
000000029 100__ $$aKonstantin Beznosov
000000029 245__ $$aArchitecture-Centered Composition of Adaptive and Dependable Enterprise Security Services
000000029 260__ $$c2005-10-16
000000029 520__ $$aSecurity is an essential feature and foremost concern to enterprise software systems. Today, application-level security functions, e.g. access control based on complex, fine-grain and/or context dependent security policies, are largely embedded in application software. This results in multiple point security control, which makes system integration and security administration tremendously difficult, costly and error-prone. No effective and scalable means exist to systematically classify, precisely predict and measure end-to-end properties (e.g. completeness and assurance of security policies) of enterprise security services. In this talk, we present our ongoing effort to address the above problems by integrating the latest results in distributed object technology, formal methods and software security under an architecture-centered approach for system composition. Our objective is threefold: supporting uniform management and dynamic composition of security policies, supporting dynamic composition of enterprise security services and applications, and in the meantime, assuring system-wide properties and quality attributes during design and evolution of the systems. Our approach has the following integrated elements: 1. Developing an open, adaptive and application-independent distributed architecture for enterprise security services based on emerging middleware standards, e.g. CORBA. Such architecture provides the structural basis for system composition, and for ensuring performance, availability and reliability of the security services. 2. Developing constraint patterns based on the architecture, which systematically classify and define required end-to-end properties of the security service, and its composability against the properties. These constraint patterns provide behavioral basis for the composition. 3. Developing adaptive and scalable modeling and analysis methods to describe the structural and behavioral composition of the security services and to verify its conformance to the architectural constraints during system design and evolution. Our preliminary results on this research are presented, and open issues discussed.
000000029 6531_ $$aRBAC
000000029 6531_ $$aRelBAC
000000029 6531_ $$aRAD
000000029 6531_ $$aCORBA Security
000000029 6531_ $$aEngineering Security Mechanisms
000000029 8560_ $$fqiangw@ece.ubc.ca
000000029 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/29/files/29.pdf$$yTransfer from CDS 0.99.7
000000029 909C4 $$pYi Deng, Konstantin Beznosov, "Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Services," presented at IBM T. J. Watson Research Center, NY, USA, 14 February, 2000, pp.32.
000000029 980__ $$aPRESENTATION