Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Services

Yi Deng ; Konstantin Beznosov

16 October 2005

Abstract: Security is an essential feature and foremost concern to enterprise software systems. Today, application-level security functions, e.g. access control based on complex, fine-grain and/or context dependent security policies, are largely embedded in application software. This results in multiple point security control, which makes system integration and security administration tremendously difficult, costly and error-prone. No effective and scalable means exist to systematically classify, precisely predict and measure end-to-end properties (e.g. completeness and assurance of security policies) of enterprise security services. In this talk, we present our ongoing effort to address the above problems by integrating the latest results in distributed object technology, formal methods and software security under an architecture-centered approach for system composition. Our objective is threefold: supporting uniform management and dynamic composition of security policies, supporting dynamic composition of enterprise security services and applications, and in the meantime, assuring system-wide properties and quality attributes during design and evolution of the systems. Our approach has the following integrated elements: 1. Developing an open, adaptive and application-independent distributed architecture for enterprise security services based on emerging middleware standards, e.g. CORBA. Such architecture provides the structural basis for system composition, and for ensuring performance, availability and reliability of the security services. 2. Developing constraint patterns based on the architecture, which systematically classify and define required end-to-end properties of the security service, and its composability against the properties. These constraint patterns provide behavioral basis for the composition. 3. Developing adaptive and scalable modeling and analysis methods to describe the structural and behavioral composition of the security services and to verify its conformance to the architectural constraints during system design and evolution. Our preliminary results on this research are presented, and open issues discussed.

Keyword(s): RBAC ; RelBAC ; RAD ; CORBA Security ; Engineering Security Mechanisms

Published in: Yi Deng, Konstantin Beznosov, "Architecture-Centered Composition of Adaptive and Dependable Enterprise Security Services," presented at IBM T. J. Watson Research Center, NY, USA, 14 February, 2000, pp.32. :

The record appears in these collections:
Engineering Security Mechanisms

 Record created 2009-04-27, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)