Developing Secure Distributed Systems with CORBA
Developing Secure Distributed Systems with CORBA
Toward a model-driven access-control enforcement mechanism for pervasive systems
Proceedings of the Workshop on Model-Driven Security
| Hi-index | 0.00 |
Today, the challenge in security of complex distributed systems does not anymore lie in encryption or access control of a single middleware platform, but in the protection of the system as a whole. This includes the definition of correct security policies at various abstraction layers, and also the unified and correct management and enforcement of the correct security policy at all relevant places in the system. As the authors have learned in the development of even comparatively simple distributed systems, e.g. an Air Traffic Control simulation system, this is not possible anymore by a manual definition of encryption properties and access control rules. Human security administrators are not able to define all the fine grained rules with sufficient assurance, to distribute them to all Policy Enforcement Points and to check many log files or admin consoles. This is especially impossible in highly distributed and agile service oriented or data driven systems. In this paper, the authors describe an integrated approach to protect such complex and heterogeneous systems. It is based on Model Driven Security to generate high assurance security policies, rules and configurations from the system's functional model and a high level security policy, and the OpenPMF Policy Management Framework to manage and to correctly enforce the security policy in the system. As a proof of concept, the protection of a prototypical implementation of System Wide Information Management (SWIM) in Air Traffic Management is briefly described.