homeland security modeling and assurance
DESCRIPTION
Homeland Security Modeling and Assurance. Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut Storrs, CT 06269-3155. steve @ engr.uconn.edu http://www.engr.uconn.edu/~steve - PowerPoint PPT PresentationTRANSCRIPT
Homeland Security Modeling and AssuranceHomeland Security Modeling and AssuranceProf. Steven A. Demurjian, Sr.
Director, CSE Graduate ProgramComputer Science & Engineering Department
The University of ConnecticutStorrs, CT 06269-3155
[email protected]://www.engr.uconn.edu/~steve
http://www.engr.uconn.edu/~steve/DSEC/dsec.html(860) 486 - 4818
Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science
United States Military AcademyWest Point, NY
[email protected](845) 938 - 5564
(Instructor at USMA/Ph.D. Student at UConn)
Homeland Security Modeling and AssuranceHomeland Security Modeling and Assurance
Homeland Security Modeling and Assurance
Homeland Security Modeling and AssuranceHomeland Security Modeling and Assurance
Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department
The University of Connecticut, Storrs, [email protected]
http://www.engr.uconn.edu/~stevehttp://www.engr.uconn.edu/~steve/DSEC/dsec.html
(860)486-3719
Homeland Security Modeling and AssuranceHomeland Security Modeling and Assurance
Lt. Col. Charles E. Phillips, Jr.Dept. of Electrical Engineering and Computer Science
United States Military Academy, West Point, NY
[email protected](845) 938 - 5564
(Instructor at USMA/Ph.D. Student at UConn)
Our Research EmphasisOur Research Emphasis Dynamic Coalitions (DC) from Military to HumanitarianDynamic Coalitions (DC) from Military to Humanitarian
Collect and Integrate Assets in Secure Fashion Provide the Infrastructure for Security in DC
Medical Informatics and Public Policy IssuesMedical Informatics and Public Policy Issues Modeling: RBAC/MAC at Design LevelModeling: RBAC/MAC at Design Level
Extending UML with Security Capabilities Formal Policy Definition/Analysis/Generation
Modeling/Assurance: Unifying RBAC/MACModeling/Assurance: Unifying RBAC/MAC Focus on Legacy, COTS, DBs, GOTS, Servers,
Clients, etc., Inter-Operating via Middleware Formal Model for RBAC, MAC, Delegation, Time-
Based Access, Value-Based Access, etc. Web-Based: Transitioning RBAC/MAC Solutions to XMLWeb-Based: Transitioning RBAC/MAC Solutions to XML
BackgroundBackground Discretionary Access Control (DAC)Discretionary Access Control (DAC)
Restricts Access Based on Identity of Group/Subject Discretion Supports the “Pass-on” of Permissions
Role-Based Access Control (RBAC) Role-Based Access Control (RBAC) Permissions Based on Responsibilities or Roles Users may Play Multiple Roles Each RBAC Flexible in both Management and Usage
Mandatory Access Control (MAC)Mandatory Access Control (MAC) Restrict Access Based on Sensitivity Level (Top
Secret, Secret, Confidential, Unclassified) If Clearance of User Dominates Classification of
Object, Access is Allowed Homeland Security Likely Requires All Three at Times!Homeland Security Likely Requires All Three at Times!
BackgroundBackground AssuranceAssurance
Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs?
What Guarantees are Given by the Security Infra-structure of DC in Order to Attain: Safety: Nothing Bad Happens During Execution Liveness: All Good Things can Happen During Execution
ConsistencyConsistency Are the Defined Security Privileges for Each User
Internally Consistent? Least-Privilege Principle Are the Defined Security Privileges for Related Users
Globally Consistent? Mutual-Exclusion
BackgroundBackground CrisisCrisis
Any Situation Requiring National or International Attention
CoalitionCoalition Alliance of Organizations Military, Civilian, International or any Combination
DynamicDynamic CoalitionCoalition Formed in a Crisis and Changes as Crisis Develops Key Concern Being the Most Effective way to Solve
the Crisis Dynamic Coalition Problem (DCP)Dynamic Coalition Problem (DCP)
Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed Quickly
FADDAFATDS
GCCS-A
MCS
ASAS
CSSCS
Other
ABCS
U.N.
U.S.A
NGO/PVO
NATOMarine Corps
NavyAir Force
Army
GCCS
Battle Management
System
JointCommand
System
Army Battle Command
System
CombatOperations
System
U.S. Global C2 Systems
DC for Military Deployment/EngagementDC for Military Deployment/Engagement
LFCSCanada
SICF France
HEROS Germany
SIACCON Italy
Joint Information FlowJoint Information Flow
GCCS-N
JMCIS
GCCS-AF
TBMCS
GCCSGCCS-A
MCS
BN
COFBCB2
BDE
MCSBSA TOC
CORPS
MCSABCS
MCS
ASAS
CSSCS
FAADC2I
AFATDS
DIV
MCS
BN
XX
X
| | | |
| |
Joint Task Force
TCO
GCCS-M
NATOSystemsCoalitionSystems
ARMY
Marines Navy
Air ForceCoalitionPartners
Joint Marines, Navy Air Force, Army
Combined Information FlowCombined Information FlowLogistics
Air Defense/Air OperationsFire Support
Network and Resource Management
Intelligence
GCCS - Joint/Coalition -Maneuver
Combined Database
DC for Medical EmergencyDC for Medical Emergency
Govt.
TransportationMilitaryMedics
LocalHealthCare
CDC
GOALS: Securely Leverage Information in a
Fluid EnvironmentProtect Information While Simultaneously
Promoting the Coalition
Pharma.Companies
Govt.MDs w/oBorders
RedCross
RNsEMTs
MDsState
HealthOther
Medical InformaticsMedical Informatics Privacy vs. Availability for Medical RecordsPrivacy vs. Availability for Medical Records All Aspects of Security for Medical InformationAll Aspects of Security for Medical Information
Treatment and Long-Term Care Insurance Claims and Future Insurability Nationalization of Medical Information
Critical Aspect of DCPCritical Aspect of DCP Bring Together Divergent Requirements to Support
Life-Threatening Situation Rapid Availability of Patient Data in Emergency
Situations
Public Policy on SecurityPublic Policy on Security How do we Protect a Person’s DNA?How do we Protect a Person’s DNA?
Who Owns a Person’s DNA? Who Can Profit from Person’s DNA? Can Person’s DNA be Used to Deny Insurance?
Employment? Etc. How do you Define Security Limitations/Access?
Can DNA Repositories be Anonymously Available for Can DNA Repositories be Anonymously Available for Medical Research?Medical Research? Do Societal Needs Trump Individual Rights? Can DNA be Made Available Anonymously for
Medical Research? International Repository for Medical Researchers with
Large Enough Data Set for Rare Conditions
RBAC/MAC at Design LevelRBAC/MAC at Design Level Incorporation of Security into the Unified Modeling Incorporation of Security into the Unified Modeling
Language at Design TimeLanguage at Design Time Security as First Class Citizen in the Design Process Capture Security Policy at Earliest Stages Maintain and Modify that Policy over Time
Focus on Various UML DiagramsFocus on Various UML Diagrams Record Classifications of Use-Case and Clearances of
Actors (Roles) Track Classifications of Classes and Their Methods
Assurance byAssurance by Dynamically Maintaining Design in Correct State with
Respect to Security Security Model Generation and Analysis
Use-Cased Diagram with Sensitivity LevelsUse-Cased Diagram with Sensitivity LevelsPoll Topic Archived System
JuniorOperator- C
Senior Staff - S
Poll Topic Admin - TS
Enter PollTopic - S
Activate PollTopic - TS Deactivate Poll
Topic - TS
Enter Question - C Verify Topic - S
EnterOrdinaryQuestion - C
EnterSpecialQuestion - S
CategorizeQuestion - C
Enter Category - S
Supervisor - TS
<<extend>>
<<extend>><<extend>>
<<include>>
<<extend>>
<<include>>
<<include>>
<<include>>
Use Cases are Use Cases are Marked withMarked withClassifications: Classifications: TS, S, C, or UTS, S, C, or U
Actors (Roles) Actors (Roles) are Marked with are Marked with ClearancesClearances
Dynamic Dynamic Assurance Assurance Checks to Insure Checks to Insure that Connections that Connections (Arrows/Lines)(Arrows/Lines)Do Not Do Not ViolateViolateMAC RulesMAC Rules
Other Possibilities: Reverse Engineer Existing Policy to
Logic Based DefinitionUML Model with Security
Capture all Security Requirements!
Extending UML for the Designand Definition of Security Requirements
Address Security in Use-Case Diagrams, Class Diagrams, Collaboration Diagrams, etc.
Formal Security Policy Definition usingExisting Approach (Logic Based Policy Language)
Iterate, Revise
Bi-Directional Translation - Prove thatall UML Security Definitions in UML in Logic-Based Policy Language and vice-versa
Security Model Generation
RBAC99 RBAC/MAC UConn
OracleSecurity
Must Prove Generation Captures all Security Requirements
UML-Based RBAC/MACUML-Based RBAC/MAC
Legacy
COTS
GOTS
Database
JavaClient
LegacyClient
DatabaseClient
COTSClient
Unifying RBAC/MACUnifying RBAC/MAC Interacting Software ArtifactsInteracting Software Artifacts New/Existing Clients use APIsNew/Existing Clients use APIs Control Access to APIs by … Control Access to APIs by …
Role (who) Classification (MAC) Time (when) Data (what) Delegation
Security AuthorizationClient (SAC)
Security Policy Client (SPC)
SecurityRegistration
Services
Unified Security Resource (USR)Security Policy
Services
Security DelegationClient (SDC)
SecurityAnalysis and
Tracking (SAT)
SecurityAuthorization
Services
Working Prototype Available
usingCORBA,
JINI, Java, Oracle
NETWORK
Unifying RBAC/MACUnifying RBAC/MAC Method-Level Security Model RBAC/MACMethod-Level Security Model RBAC/MAC
Constraints using: Role, MAC, Time, and Data Customized Access to APIs of Artifacts Contrast with Object Level Approach
Security Policy and Enforcement AssuranceSecurity Policy and Enforcement Assurance Design Time (During Security Policy Definition)
Security Assurance Run Time (Executing Application) Security
Enforcement RBAC/MAC for a Distributed Setting (Middleware)RBAC/MAC for a Distributed Setting (Middleware)
Flexible, Portable, Platform Independent Security with Minimal/Controlled Impact
Administrative and Management Security ToolsAdministrative and Management Security Tools
Unifying RBAC/MAC: Security ToolsUnifying RBAC/MAC: Security Tools
Security DTDsRole DTDUser DTDConstraint DTD
Application
Application DTDs
Application XML Files
Appl_Role.xmlAppl _User.xmlAppl_Constraint.xml
Security Officer Generates Security XML files for the Application
ApplicationDTDs and XML
User’s Role Determines the Scope of Access
to Each XML Document
Integrating Security into XML DocumentsIntegrating Security into XML Documents Emergence of XML for Emergence of XML for
Document/Information ExchangeDocument/Information Exchange Extend RBAC/MAC to XMLExtend RBAC/MAC to XML
Collection of Security DTDs DTDs for Roles, Users, and
Constraints Capture RBAC and MAC
Apply Security DTDs to XML Documents Result: Each XML Document
Appears Differently Based on Role, MAC, Time, Value
Security DTD Filters Document
Concluding RemarksConcluding Remarks Dynamic Coalitions will play a Critical Role in Homeland Dynamic Coalitions will play a Critical Role in Homeland
Security during Crisis SituationsSecurity during Crisis Situations Critical to Understand the Security Issues for Users and Critical to Understand the Security Issues for Users and
System of Dynamic CoalitionsSystem of Dynamic Coalitions At UConn, Multi-Faceted Approach to SecurityAt UConn, Multi-Faceted Approach to Security
Attaining Consistency and Assurance at Policy Definition and Enforcement
Capturing Security Requirements at Early Stages via UML Enhancements/Extensions
Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting
http://www.engr.uconn.edu/~steve/DSEC/dsec.html
Our Recent Security PublicationsOur Recent Security Publications Phillips, C., Demurjian, S., and Ting, T.C., “Assurance Guarantees for an
RBAC/MAC Security Model,” Proc. of 17th IFIP WG 11.3 Working Conf. on Database Security, Colorado, August 2003.
Phillips, C., Demurjian, S., and Ting, T.C., “Security Assurance for an RBAC/MAC Security Model,” Proc. of 2003 IEEE Info. Assurance Workshop, West Point, NY, June 2003.
Liebrand, M., et al., “Role Delegation for a Resource-Based Security Model,” in Data and Applications Security: Developments and Directions II, E. Gudes and S. Shenoi (eds.), Kluwer, 2003.
Phillips, C., Demurjian, S., and Ting, T.C., “Towards Information Assurance in Dynamic Coalitions,” Proc. of 2002 IEEE Info. Assurance Workshop, West Point, NY, June 2002.
Phillips, C., Ting, T.C., and Demurjian, S., “Information Sharing and Security in Dynamic Coalitions,” Proc. of 7th ACM SACMAT, 2002, Monterey, CA, June 2002.
Demurjian, S., et al., “A User Role-Based Security Model for a Distributed Environment,” in Data and Applications Security: Developments and Directions, B. Thuraisingham, R. van de Riet, K. Dittrich and Z. Tari (eds.), Kluwer, 2001.