Bruce Montrose

Adding OWL-S Support to the Existing UDDI Infrastructure

Although universal description, discovery and integration (UDDI) is the de jure Web service registry standard, it is not suitable for handling semantic markups due to its flat data model and limited search capabilities. In this paper, we introduce an approach to support semantic service descriptions and queries using registries that conform to the UDDI version 3 specification. Specifically, we present a scheme that allows users to store OWL-S service descriptions in the UDDI data model and use that information to perform semantic query processing. Our approach does not require any modification to the existing UDDI registries. The add-on modules only reside on the client-side machines that wish to take advantage of the semantic capabilities. This approach is completely backward compatible and can integrate seamlessly into the existing service-oriented architecture (SOA) infrastructure

Separation virtual machine monitors

Separation kernels are the strongest known form of separation for virtual machines. We agree with NSAs Information Assurance Directorate that while separation kernels are stronger than any other alternative, their construction on modern commodity hardware is no longer justifiable. This is because of orthogonal feature creep in modern platform hardware. We introduce the separation VMM as a response to this situation and explain how we prototyped one.

Re-engineering Xen internals for higher-assurance security

The Xenon project is investigating the construction of a higher-assurance open source separation kernel based on the Xen open source hypervisor. Just as the Xen open source hypervisor was initially developed from the open source Linux operating system, by simplifying Linux and modifying its design, the Xenon separation kernel is being developed from Xen. The primary goal of the Xenon project is to investigate issues in creating an open source software product with higher security assurance than conventional open source software. The Xenon project is also focused on (1) problems relating to separation kernels that support unmodified uninterpreted commercial off the shelf (COTS) guests and (2) distinctions between these kinds of separation kernels and hypervisors. This paper explains the Xenon projects approach to re-engineering Xens internal structure into a higher-assurance form. If conventional open source software cannot be brought into this form with moderate amounts of re-engineering then higher-assurance open source software is probably not practical. Our results indicate that moderate amounts of re-engineering will be sufficient for all but a small part of the code. The remaining code is small enough to be addressed in a reasonable time, even though more effort is required.

An approach for semantic query processing with UDDI

UDDI is not suitable for handling semantic markups for Web services due to its flat data model and limited search capabilities. In this paper, we introduce an approach to allow for support of semantic service descriptions and queries using registries that conforms to UDDI V3 specification. Specifically, we discuss how to store complex semantic markups in the UDDI data model and use that information to perform semantic query processing. Our approach does not require any modification to the existing UDDI registries. The add-on modules reside only on clients who wish to take advantage of semantic capabilities. This approach is completely backward compatible and can integrate seamlessly into existing infrastructure.

A case study of two NRL Pump prototypes

As computer systems become more open and interconnected, the need for reliable and secure communication also increases. The NRL (Naval Research Laboratory) Pump was introduced by Kang and Moskowitz (1993) to balance the requirements of reliability, congestion control, fairness and good performance against those of threats from covert channels and denial-of-service attacks. In this paper, we describe two prototype efforts. One (the event-driven Pump or E-Pump) implements the Pump at the process (top) layer in terms of a 4-layer network reference model, and the other (the DOS-Pump or D-Pump) implements the Pump at the transport layer. We then discuss lessons learned and how these lessons are to be used in deciding upon the final hardware implementation of the Pump.

Tools for information security assurance arguments

To design a system that can be trusted or assess security properties in a system, the related assurance arguments need to be developed and described effectively in an understandable way. To meet this pressing need, we have developed a prototype tool, VNRM (Visual Network Rating Methodology), to help users develop a map to assurance arguments and document it with related descriptions in a common environment. This map depicts the claim trees for the assurance arguments related to the enterprise security objective. VNRM supports ECM (Enterprise Certification Methodology) for deriving and organizing the related assurance arguments effectively and uses CAML (Composite Assurance Mapping Language) for describing the assurance arguments in the map. After the successful development of VNRM, we have started to develop a more robust tool, SANE (Security Assurance Navigation and Environment), providing more features, reusability of assurance arguments, and access control to CAML maps.

The Xenon separation VMM: Secure virtualization infrastructure for military clouds

In conventional military computing, security separation is provided by cryptography, for data in motion and data at rest. Security separation for data under computation is provided by separate hardware. Cloud computing shares hardware for all data under computation, so a new approach to security separation is needed for military clouds. Cryptographic separation of data under computation is not practical with current technology, so the separation must be accomplished by software, i.e. the virtualization infrastructure. The strongest known means of software separation is the separation kernel. Separation kernels are special virtual machine monitors (VMMs) that are small enough and simple enough to be mathematically verified. Unfortunately, strict separation kernels cannot virtualize the complex modern commodity hardware and guest virtual machine (VM) operating systems that are essential to cloud computing. The best alternative to a strict separation kernel is a a separation VMM. A separation VMM relaxes the strict size and simplicity goals of a separation kernel just far enough to be able to support commodity hardware and guest operating systems. Because they address all of the features of commodity hardware, separation VMMs are too large for formal mathematical verification. However, separation VMMs are small enough and simple enough to be completely specified by semiformal means, i.e. they are smaller and simpler than conventional VMMs. A separation VMM has a complete systematic assurance argument that it isolates guest VMs from each other and strongly protects itself from tampering. A separation VMM provides the strongest separation of cloud VMs that is consistent with virtualizing complex commodity operating systems, on shared complex commodity hardware.