Download Security, Authorization, and Authentication for Enterprise Computing

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Next-Generation Secure Computing Base wikipedia , lookup

Computer security wikipedia , lookup

Transcript 
Current Research Foci
Prof. Steven A. Demurjian
Dept. of Computer Science & Engineering
191 Auditorium Road, Box U-155
The University of Connecticut
Storrs, CT 06269-3155
860-486-4818(v), 860-486-4817(f)
[email protected]
http://www.engr.uconn.edu/~steve

Security Issues for Enterprise Computing (Demurjian/Ting)
Security issues for object-oriented design, languages, and applications are an
important concern in today's security conscious enterprise and distributed computing
environments. While we have initially examined various security techniques for
object-oriented programming languages (C++, Java, Ada95), we are now considering
enterprise computing security issues. Many companies today have legacy, COTS,
database, and new client/server applications that all must interact to facilitate
communications among personnel at varying. When all of the diverse components
are linked, then security becomes an important issue, to insure that individuals only
have access to the right information at the appropriate time. Thus, we must
synthesize security, authorization, and authentication requirements and solutions for
enterprise computing. Specifically, we consider security solutions that utilize
software agents and aglets.
Mobile aglet security is progressing with the use of the Java sandbox mechanism and
separate execution environments. Java security mechanisms such as cryptography
and authentication are also be investigated to ensure security of both the aglet and the
messages transported between aglets. Aglets offer the opportunity to rethink our
user-role security approaches, which are class/method based for user roles, and whose
definition process is focused on type-level concerns. In distributed object computing,
it is critical to explore the security of runtime objects, as they are accessed by users
playing roles. Aglets may provide active objects that monitor and/or enforce security,
from the perspective of the user, the user role, the object, or any/all combinations. As
security needs change, security aglets can be dynamically updated to maintain their
oversight and enforcement capability. We currently have an initial version of agletbased user-role security that employs both stationary and mobile agents, and are
exploring other alternatives and possibilities.

Optimal Deployment of Distributed Objects (Demurjian/Shvartsman)
Whether deploying new distributed software, redeploying existing distributed
application components or distributing a standalone legacy application, a key decision
that needs to be made is the location of each software component in the target
distributed environment. This decision depends on the usage and interaction patterns
of the distributable components. For a given pattern of interactions among the
components, choosing the component locations involves a trade-off between the
resulting local and remote communication of the deployed components. Co-locating
some components on a network node has the advantage of faster and cheaper
interaction among the components, which is not affected by the network
characteristics. Distributing components enables the application to take advantage of
available computation and storage resources in the network, but requires remote
communication, which is typically slower and more expensive, and which critically
depends on the underlying network characteristics. To assist in the process of
deploying distributed software, we defined an abstract model of distributed
applications and we have developed a binary integer programming (BIP) model that
takes into account an application's communication patterns and the target network
characteristics. The goal is to minimize the overall remote communication bandwidth
for the application, while achieving a meaningful distribution of components in the
target network setting. The BIP model yields solutions (when they exist) that are
optimal for systems that can be described in terms of our application model. Objectoriented software is especially well-suited for this methodology since it is inherently
structured in terms of distributable components (e.g., classes, objects) and the major
communication patterns are determined by identifying foreign method invocations.

Reusable Component Framework (Demurjian/D. Needham, USNA)
Object-oriented reuse has historically been an afterthought in system design and
implementation. Popular object-oriented methodologies often ignore reuse or only
consider it a minimal level. Moreover, the research concentration is often targeted to
consumer (reuser) rather than producer (creator), i.e., reuse of existing software in
future systems is only considered upon completion of a project. This results in
software that is inherently non-reusable, since it was not designed with reuse in mind.
Reuse must be elevated to an equal partner in the design and development process,
with an emphasis on trying to achieve domain-and-organization-specific reuse for
those products the company is likely to build in the future. Consequently, in this area,
we are exploring both class-based and component-based reusability, by providing an
object-oriented design approach, methodology, and tool that promotes reuse for initial
and all stages of design and development. Class-based reuse focuses on reusing
classes and the other classes that are interrelated. Component-based reuse is intended
to allow designers (who are constructing reusable software) to group classes into
meaningful larger abstraction units. The reuse methodology and tool can be utilized
to analyze the design and construction of new applications, as well as working with
existing legacy code (C++, Java, Ada95) to determine those portions of the code that
are most reusable.
2

Risks and Benefits of Software Engineering with Java (Demurjian/Shin)
Does the hype match the reality? What are the major risks? Where can software
professionals expect to gain the most benefit? There are many existing and emerging
issues related to Java that must be understood, since they all impact on the ability of
software professionals to successfully utilize the language for meaningful and
productive design and development. Relevant issues of Java include:
* Unclear Standardization: Unsettled and Pending - A Political Hot Potato
* Security Flaws and Java: Handling Needs of Security Conscious Users
* Complexity of APIs: Excellent Breadth/Depth - Time/Effort to Learn
* Performance: Will HotShot VM Solve Problem?
* Portability/Look-and-Feel: Reality of Platform (De)Independence
* PL Interactions: Cross Compilation, Byte-Code Generators, Translators
* Client/Server and DOC: CORBA, ORBs, JNI, and Legacy/COTS Interactions
* Database and Persistence: Interactions with Relation and OO Databases
* IDEs and JavaBeans: Development and Rapid Prototyping Environments
* Future of the Language: Short and Long Term Directions
In order to effectively transition individuals and organizations to Java, it is critical
that these risks and benefits are clearly understood.

Applied Component-Based System Architecture (Barr/Demurjian/Shvartsman)
We have begun investigating a formal component-based paradigm for architecting
complex systems that achieves a number of goals. First, we support interoperability
on syntactic and semantic levels that supercedes the capabilities of extant
architectural paradigms (e.g., CORBA), and middleware systems (e.g., object broker
implementations) Second, we adapt and utilize a formal methodology for specifying
services and their abstract implementations, specifically the methodology based on
Input/Output automata (IOA). Third, we strive for a validated evaluation of
correctness of component-based designs as an integral part of automating transition of
abstract designs to specific implementations. Fourth, we support reusable and
multiple-use components that can be deployed as building blocks for extant and
future applications. Fifth, we promote the definition and realization of key system
requirements, including security, performance and fault tolerance. Performance
specifications make explicit statements about the behavior of components and entire
systems in terms of their critical resources (e.g., time and space). Specifications of
fault tolerance make statements about the ability of components to offer service in the
presence of specific failure patterns, and about the (graceful) degradation of the
provided service. Finally, we require the full or partial automation of transition of
abstract designs to implementations via code generation. The focus is on preserving
the semantics of abstract specifications in implementations, i.e., ensuring that the
generating code correctly implements abstract designs.
3
Related documents
Popular Programming Languages
Popular Programming Languages
ppt - Dave Reed`s
ppt - Dave Reed`s
ppt - Dave Reed`s
ppt - Dave Reed`s
ppt - Dave Reed`s
ppt - Dave Reed`s
Chapter Seven - Design by Abstraction
Chapter Seven - Design by Abstraction
Java Mobile Agents with Aglets
Java Mobile Agents with Aglets
Software Engineering with Java - Computer Science & Engineering
Software Engineering with Java - Computer Science & Engineering
Chapter 1 questions
Chapter 1 questions
A practitioner*s guide to linked data for cultural
A practitioner*s guide to linked data for cultural
COMPONENT-LEVEL DESIGN FOR WEBAPPS
COMPONENT-LEVEL DESIGN FOR WEBAPPS
Chapter 22 Product Line Engineering
Chapter 22 Product Line Engineering
Action Verb List - Teaching and Learning
Action Verb List - Teaching and Learning