skip to main content
10.1145/1463342.1463344acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmiddlewareConference Proceedingsconference-collections
research-article

Protection of complex distributed systems

Published: 02 December 2008 Publication History

Abstract

Today, the challenge in security of complex distributed systems does not anymore lie in encryption or access control of a single middleware platform, but in the protection of the system as a whole. This includes the definition of correct security policies at various abstraction layers, and also the unified and correct management and enforcement of the correct security policy at all relevant places in the system. As the authors have learned in the development of even comparatively simple distributed systems, e.g. an Air Traffic Control simulation system, this is not possible anymore by a manual definition of encryption properties and access control rules. Human security administrators are not able to define all the fine grained rules with sufficient assurance, to distribute them to all Policy Enforcement Points and to check many log files or admin consoles. This is especially impossible in highly distributed and agile service oriented or data driven systems.
In this paper, the authors describe an integrated approach to protect such complex and heterogeneous systems. It is based on Model Driven Security to generate high assurance security policies, rules and configurations from the system's functional model and a high level security policy, and the OpenPMF Policy Management Framework to manage and to correctly enforce the security policy in the system.
As a proof of concept, the protection of a prototypical implementation of System Wide Information Management (SWIM) in Air Traffic Management is briefly described.

References

[1]
House of Representatives, Sarbanes-Oxley Act of 2002, 24 Jul 2002
[2]
Public Law 104--191: Health Insurance Portability and Accountability Act of 1996, 21. Aug 1996
[3]
Lang, U. and Schreiner, R. Developing secure distributed systems with CORBA, February 2002, (Artech House)
[4]
FAA SWIM web site, www.faa.gov/about/office_org/headquarters_officies_ato_service_units_techops/swim, 2008
[5]
EU FP6 SWIM-SUIT Consortium project homepage, www.swim-suit.aero, 2008
[6]
EU FP6 SWIM-SUIT Consortium, Project Deliverable 1.4.1, 2008
[7]
NSA, Global Information Grid website, www.nsa.gov/ia/industry/gig.cfm, 2008
[8]
Schreiner, R, Lang, U, Ritter, T, Reznik, J, Building Secure and Interoperable ATC Systems, Eurocontrol INO Workshop 2006
[9]
Lang, Ulrich and Schreiner, Rudolf: Integrated IT Security: Air-Traffic Management Case Study. ISSE 2005 Conference Budapest, Springer, 2005
[10]
Model Driven Security web site, www.modeldrivensecurity.org, 2008
[11]
ObjectSecurity: OpenPMF 2.0 Model Driven Security Management, www.openpmf.com, 2008
[12]
OASIS Consortium: XACML 2.0 Core: eXtensible Access Control Markup Language (XACML) Version 2.0, 1 Feb 2005
[13]
AD4 consortium, AD4 EU FP6 project homepage: www.ad4-project.com
[14]
ObjectSecurity. SimulateWorld information webpage. www.simulateworld.com

Cited By

View all
  • (2016)Embedding Model-Based Security Policies in Software Development2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS)10.1109/BigDataSecurity-HPSC-IDS.2016.46(116-122)Online publication date: Apr-2016
  • (2012)Toward a model-driven access-control enforcement mechanism for pervasive systemsProceedings of the Workshop on Model-Driven Security10.1145/2422498.2422504(1-6)Online publication date: 1-Oct-2012
  • (2009)Use of SOA 3.0 in Strategic Information System PlanningProceedings of the 2009 Third UKSim European Symposium on Computer Modeling and Simulation10.1109/EMS.2009.113(287-292)Online publication date: 25-Nov-2009
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
MidSec '08: Proceedings of the 2008 workshop on Middleware security
December 2008
48 pages
ISBN:9781605583631
DOI:10.1145/1463342
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 December 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. distributed systems security
  2. model driven security
  3. service oriented architecture

Qualifiers

  • Research-article

Conference

Middleware '08

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 12 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2016)Embedding Model-Based Security Policies in Software Development2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS)10.1109/BigDataSecurity-HPSC-IDS.2016.46(116-122)Online publication date: Apr-2016
  • (2012)Toward a model-driven access-control enforcement mechanism for pervasive systemsProceedings of the Workshop on Model-Driven Security10.1145/2422498.2422504(1-6)Online publication date: 1-Oct-2012
  • (2009)Use of SOA 3.0 in Strategic Information System PlanningProceedings of the 2009 Third UKSim European Symposium on Computer Modeling and Simulation10.1109/EMS.2009.113(287-292)Online publication date: 25-Nov-2009
  • (2009)Object-Process MethodologyProceedings of the 2009 Third Asia International Conference on Modelling & Simulation10.1109/AMS.2009.36(170-175)Online publication date: 25-May-2009
  • (2009)An Achievable Service-Oriented Architecture—ASOAProceedings of the 2009 Third Asia International Conference on Modelling & Simulation10.1109/AMS.2009.35(164-169)Online publication date: 25-May-2009
  • (2009)An MDA-Based Environment for Generating Access Control PoliciesProceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business10.1007/978-3-642-03748-1_12(115-126)Online publication date: 23-Aug-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media