230 likes | 360 Views
Homeland Security Modeling and Assurance. Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut Storrs, CT 06269-3155. steve @ engr.uconn.edu http://www.engr.uconn.edu/~steve
E N D
Homeland Security Modeling and Assurance Prof. Steven A. Demurjian, Sr. Director, CSE Graduate Program Computer Science & Engineering Department The University of Connecticut Storrs, CT 06269-3155 steve@engr.uconn.edu http://www.engr.uconn.edu/~steve http://www.engr.uconn.edu/~steve/DSEC/dsec.html (860) 486 - 4818 Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science United States Military Academy West Point, NY Charles.Phillips@usma.edu (845) 938 - 5564 (Instructor at USMA/Ph.D. Student at UConn)
Homeland Security Modeling and Assurance Homeland Security Modeling and Assurance
Homeland Security Modeling and Assurance Prof. Steven A. Demurjian, Sr. Computer Science & Engineering Department The University of Connecticut, Storrs, CT steve@engr.uconn.edu http://www.engr.uconn.edu/~steve http://www.engr.uconn.edu/~steve/DSEC/dsec.html (860)486-3719
Homeland Security Modeling and Assurance Lt. Col. Charles E. Phillips, Jr. Dept. of Electrical Engineering and Computer Science United States Military Academy, West Point, NY Charles.Phillips@usma.edu (845) 938 - 5564 (Instructor at USMA/Ph.D. Student at UConn)
Our Research Emphasis • Dynamic Coalitions (DC) from Military to Humanitarian • Collect and Integrate Assets in Secure Fashion • Provide the Infrastructure for Security in DC • Medical Informatics and Public Policy Issues • Modeling: RBAC/MAC at Design Level • Extending UML with Security Capabilities • Formal Policy Definition/Analysis/Generation • Modeling/Assurance: Unifying RBAC/MAC • Focus on Legacy, COTS, DBs, GOTS, Servers, Clients, etc., Inter-Operating via Middleware • Formal Model for RBAC, MAC, Delegation, Time-Based Access, Value-Based Access, etc. • Web-Based: Transitioning RBAC/MAC Solutions to XML
Background • Discretionary Access Control (DAC) • Restricts Access Based on Identity of Group/Subject • Discretion Supports the “Pass-on” of Permissions • Role-Based Access Control (RBAC) • Permissions Based on Responsibilities or Roles • Users may Play Multiple Roles Each • RBAC Flexible in both Management and Usage • Mandatory Access Control (MAC) • Restrict Access Based on Sensitivity Level (Top Secret, Secret, Confidential, Unclassified) • If Clearance of User Dominates Classification of Object, Access is Allowed • Homeland Security Likely Requires All Three at Times!
Background • Assurance • Are the Security Privileges for Each User of DC Adequate (and Limited) to Support their Needs? • What Guarantees are Given by the Security Infra-structure of DC in Order to Attain: • Safety: Nothing Bad Happens During Execution • Liveness: All Good Things can Happen During Execution • Consistency • Are the Defined Security Privileges for Each User Internally Consistent? Least-Privilege Principle • Are the Defined Security Privileges for Related Users Globally Consistent? Mutual-Exclusion
Background • Crisis • Any Situation Requiring National or International Attention • Coalition • Alliance of Organizations • Military, Civilian, International or any Combination • DynamicCoalition • Formed in a Crisis and Changes as Crisis Develops • Key Concern Being the Most Effective way to Solve the Crisis • Dynamic Coalition Problem (DCP) • Security, Resource, and Information Sharing Risks that Occur as a Result of Coalition Being Formed Quickly
DC for Military Deployment/Engagement U.S. Global C2 Systems Air Force Navy Joint Command System Battle Management System NGO/ PVO GCCS U.N. Army Battle Command System Combat Operations System NATO U.S.A Army Marine Corps AFATDS FADD SICF France LFCS Canada ASAS GCCS-A ABCS CSSCS MCS HEROS Germany SIACCON Italy Other
Joint Information Flow Joint Marines, Navy Air Force, Army ARMY GCCS-A GCCS CORPS Joint Task Force ABCS MCS XX Marines Navy DIV Coalition Partners Air Force GCCS-M GCCS-N FAADC2I MCS GCCS-AF CSSCS NATO Systems AFATDS TCO JMCIS TBMCS ASAS Coalition Systems X BDE BSA TOC MCS | | | | BN BN | | MCS MCS CO FBCB2
GCCS - Joint/Coalition - Maneuver Air Defense/Air Operations Fire Support Intelligence Network and Resource Management Combined Information Flow Logistics Combined Database
DC for Medical Emergency Transportation Military Medics Red Cross Govt. Pharma. Companies Local Health Care CDC Govt. MDs w/o Borders EMTs GOALS: Securely Leverage Information in a Fluid Environment Protect Information While Simultaneously Promoting the Coalition RNs MDs State Health Other
Medical Informatics • Privacy vs. Availability for Medical Records • All Aspects of Security for Medical Information • Treatment and Long-Term Care • Insurance Claims and Future Insurability • Nationalization of Medical Information • Critical Aspect of DCP • Bring Together Divergent Requirements to Support Life-Threatening Situation • Rapid Availability of Patient Data in Emergency Situations
Public Policy on Security • How do we Protect a Person’s DNA? • Who Owns a Person’s DNA? • Who Can Profit from Person’s DNA? • Can Person’s DNA be Used to Deny Insurance? Employment? Etc. • How do you Define Security Limitations/Access? • Can DNA Repositories be Anonymously Available for Medical Research? • Do Societal Needs Trump Individual Rights? • Can DNA be Made Available Anonymously for Medical Research? • International Repository for Medical Researchers with Large Enough Data Set for Rare Conditions
RBAC/MAC at Design Level • Incorporation of Security into the Unified Modeling Language at Design Time • Security as First Class Citizen in the Design Process • Capture Security Policy at Earliest Stages • Maintain and Modify that Policy over Time • Focus on Various UML Diagrams • Record Classifications of Use-Case and Clearances of Actors (Roles) • Track Classifications of Classes and Their Methods • Assurance by • Dynamically Maintaining Design in Correct State with Respect to Security • Security Model Generation and Analysis
Use Cases are Marked withClassifications: TS, S, C, or U Actors (Roles) are Marked with Clearances Dynamic Assurance Checks to Insure that Connections (Arrows/Lines)Do Not ViolateMAC Rules Use-Cased Diagram with Sensitivity Levels
Address Security in Use-Case Diagrams, Class Diagrams, Collaboration Diagrams, etc. Extending UML for the Design and Definition of Security Requirements Bi-Directional Translation - Prove that all UML Security Definitions in UML in Logic- Based Policy Language and vice-versa Must Prove Generation Captures all Security Requirements Security Model Generation OracleSecurity RBAC99 RBAC/MAC UConn UML-Based RBAC/MAC Iterate, Revise Formal Security Policy Definition using Existing Approach (Logic Based Policy Language) Other Possibilities: Reverse Engineer Existing Policy to Logic Based Definition UML Model with Security Capture all Security Requirements!
Interacting Software Artifacts New/Existing Clients use APIs Control Access to APIs by … Role (who) Classification (MAC) Time (when) Data (what) Delegation Security Policy Client (SPC) COTS Client COTS Database Security Authorization Client (SAC) Security Delegation Client (SDC) Legacy Legacy Client Database Client GOTS Java Client Unifying RBAC/MAC NETWORK Working Prototype Available using CORBA, JINI, Java, Oracle Unified Security Resource (USR) Security Policy Services Security Authorization Services Security Registration Services Security Analysis and Tracking (SAT)
Unifying RBAC/MAC • Method-Level Security Model RBAC/MAC • Constraints using: Role, MAC, Time, and Data • Customized Access to APIs of Artifacts • Contrast with Object Level Approach • Security Policy and Enforcement Assurance • Design Time (During Security Policy Definition) Security Assurance • Run Time (Executing Application) Security Enforcement • RBAC/MAC for a Distributed Setting (Middleware) • Flexible, Portable, Platform Independent • Security with Minimal/Controlled Impact • Administrative and Management Security Tools
Integrating Security into XML Documents Security DTDs n Role DTD n User DTD n Constraint DTD • Emergence of XML for Document/Information Exchange • Extend RBAC/MAC to XML • Collection of Security DTDs • DTDs for Roles, Users, and Constraints • Capture RBAC and MAC • Apply Security DTDs to XML Documents • Result: Each XML Document Appears Differently Based on Role, MAC, Time, Value • Security DTD Filters Document Security Officer Generates Security XML files for the Application Application DTDs and XML Application Application DTDs Appl_Role.xml Appl _User.xml Appl_Constraint.xml Application XML Files User’s Role Determines the Scope of Access to Each XML Document
Concluding Remarks • Dynamic Coalitions will play a Critical Role in Homeland Security during Crisis Situations • Critical to Understand the Security Issues for Users and System of Dynamic Coalitions • At UConn, Multi-Faceted Approach to Security • Attaining Consistency and Assurance at Policy Definition and Enforcement • Capturing Security Requirements at Early Stages via UML Enhancements/Extensions • Providing a Security Infrastructure that Unifies RBAC and MAC for Distributed Setting • http://www.engr.uconn.edu/~steve/DSEC/dsec.html
Our Recent Security Publications • Phillips, C., Demurjian, S., and Ting, T.C., “Assurance Guarantees for an RBAC/MAC Security Model,” Proc. of 17th IFIP WG 11.3 Working Conf. on Database Security, Colorado, August 2003. • Phillips, C., Demurjian, S., and Ting, T.C., “Security Assurance for an RBAC/MAC Security Model,” Proc. of 2003 IEEE Info. Assurance Workshop, West Point, NY, June 2003. • Liebrand, M., et al., “Role Delegation for a Resource-Based Security Model,” in Data and Applications Security: Developments and Directions II, E. Gudes and S. Shenoi (eds.), Kluwer, 2003. • Phillips, C., Demurjian, S., and Ting, T.C., “Towards Information Assurance in Dynamic Coalitions,” Proc. of 2002 IEEE Info. Assurance Workshop, West Point, NY, June 2002. • Phillips, C., Ting, T.C., and Demurjian, S., “Information Sharing and Security in Dynamic Coalitions,” Proc. of 7th ACM SACMAT, 2002, Monterey, CA, June 2002. • Demurjian, S., et al., “A User Role-Based Security Model for a Distributed Environment,” in Data and Applications Security: Developments and Directions, B. Thuraisingham, R. van de Riet, K. Dittrich and Z. Tari (eds.), Kluwer, 2001.