Steven A. Demurjian

Information sharing and security in dynamic coalitions

Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are coalition partners in one crisis and adversaries in another, raising difficult security issues with respect to information sharing. Our specific interest is in the Dynamic Coalition Problem (DCP), with an emphasis on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines the DCP and explores its intricate, challenging, and complex information and resource sharing, and security issues, utilizing real-world situations, which are drawn from a military domain.

MAC and UML for secure software design

Security must be a first class citizen in the design of large scale, interacting, software applications, at early and all stages of the lifecycle, for accurate and precise policy definition, authorization, authentication, enforcement, and assurance. One of the dominant players in software design is the <i>unified modeling language, UML,</i> a language for specifying, visualizing, constructing and documenting software artifacts. In UML, diagrams provide alternate perspectives for different stakeholders, e.g.: <i>use case diagrams</i> for the interaction of users with system components, class diagrams for the static classes and relationships among them, and <i>sequence diagrams</i> for the dynamic behavior of instances of the class diagram. However, UMLs support for the definition of security requirements for these diagrams and their constituent elements (e.g., actors, systems, use cases, classes, instances, include/extend/generalize relationships, methods, data, etc.) is lacking. In this paper, we address this issue by incorporating <i>mandatory access control (MAC)</i> into use case, class, and sequence diagrams, providing support for the definition of clearances and classifications for relevant UML elements. In addition, we provide a framework for security assurance as users are defining and evolving use case, class, and sequence diagrams, bridging the gap between software engineers and an organizations security personnel in support of <i>secure software design</i>. To demonstrate the feasibility and utility of our work on secure software design, our MAC enhancements for UML have been integrated into Borlands Together Control Center Environment.

Towards a better understanding of data models through the multilingual database system

An approach to the design of a database system, the multilingual database system (MLDS), has been proposed and implemented. MLDS is a single database system that can execute may transactions written respectively in different data languages and support many databases structured correspondingly in various data models, i.e. DL/I transactions on hierarchical databases, CODASYL-DML transactions on network databases, SQL transactions on relational databases, and Daplex transactions on functional databases. The authors describe MLDS, focusing on its motivation and structure. It is shown how MLDS, by providing an integrated environment for experimenting with data models and data languages, also serves as a testbed that provides insight to data models and data-model semantics, using qualitative and quantitative techniques. Related work on data-language comparison and analysis is indicated. >

A security framework for XML schemas and documents for healthcare

The extensible Markup Language (XML) has wide usage in healthcare to facilitate health information exchange via the Continuity of Care Record (CCR) for storing/managing patient data, diagnoses, medical notes, tests, scans, etc. Health IT products like electronic health record (EHR, e.g., GE Centricity) and personal health record (PHR, e.g., MS Health Vault) use CCR for data representation. To manage patient data in CCR, security as governed by HTPAA must be attained when using XML and its technologies (XACML, XSLT, etc.). Our objective is to have an XML document (CCR instance) appear differently to authorized users at different times based on a users role, constraints, separation of duty, delegation of authority, etc. In this paper, we propose a security framework that targets XML schémas and documents, in general, and CCR schémas and documents, in particular with control capabilities that achieve customizable access to an XML documents elements by applying secure software engineering methodologies and defining new UML XML-focused diagrams for schémas and permissions. This allows us to generate XACML policies, and enforce security at the runtime level on XML instances to insure that correct and required patient data is securely delivered. In a market of rapidly emerging mobile healthcare applications to allow patients to manage their own data (PHRs) and for self-management of chronic diseases, the need for secure access to information and its authorization and transmission to providers (and EHRs) will be critical.

A framework of composable access control features: Preserving separation of access control concerns from models to code

Modeling of security policies, along with their realization in code, must be an integral part of the software development process, to achieve an acceptable level of security for a software application. Among all of the security concerns (e.g. authentication, auditing, access control, confidentiality, etc.), this paper addresses the incorporation of access control into software. The approach is to separate access control concerns from the rest of the design. To assist designers to visualize access control policies separated from non-security concerns, this paper proposes a set of access control diagrams, i.e., extensions to the UML to represent three main access control models: role-based access control (RBAC), mandatory access control (MAC), and discretionary access control (DAC). To better adapt to changing requirements, and assist designers to customize access control policies, this paper proposes a set of access control features, i.e., small components that realize specific capabilities of access control models. Designers can select the features they require, and compose them to yield different access control policies. When transitioning into code, the main focus is to preserve separation of access control concerns. This paper describes an approach to realize access control diagrams and features in code through structure-preserving mappings, describes three different approaches to enforce access control in code, and evaluates the way each of them separate access control from other concerns.

Performance Evaluation of a Database System in Multiple Backend Configurations

The aim of this performance evaluation is twofold: (1) to devise benchmarking strategies for and apply benchmarking methodologies to the measurement of a prototyped database system in multiple backend configurations, and (2) to verify the performance claims as projected or predicted by the designer and implementor of the mufti-backend database system known as MBDS.

A multi-backend database system for performance gains, capacity growth and hardware upgrade

Traditional database systems have long been plagued by performance problems when there is either an increase in the mainframe usage or in the database applications. Solutions to these problems have been sought, first, by offloading the database system from the mainframe computer to a single, dedicated backend computer. The backend computer has its own disk storage, is used to perform all of the database operations, and interacts with the mainframe. However. database systems with this software single-backend approach still encounter the performance problems when either the backend usage or database applications increase. The software multiple-backend approach to database management and hardware upgrade is therefore proposed to overcome the performance-gains and capacity-growth problems of either traditional mainframe-based database systems or conventional software single-backend database systems. In this paper we specify the design requirements and issues of the software multi-backend database systems. We show how these requirements and issues affect the design and implementation of a multi-backend database system known as MBDS. Since MBDS is designed specifically for performance gains, capacity growth, and hardware upgrade, we benchmark MBDS in order to verify whether its design and implementation can indeed relate the gains and growth directly to the multiplicity of backends in terms of the response-time reduction and invariance.

User Role-Based Security Model for a Distributed Environment

A distributed resource environment (DRE) allows distributed components (i.e., servers, legacy systems, databases, COTs, printers, scanners, etc.) to be treated akin to OS resources, where each component (resource) can publish services (an API), that are then available for use by clients and resources alike. DREs have lagged in support of security. To address this deficiency, this paper concentrates on proposing a technique for seamlessly integrating a role-based security model, authorization, authentication, and enforcement into a DRE, including our prototyping with the JINI DRE.There are many technologies for distributed processing/interoperation, including CORBA, DCE, DCOM, Enterprise Java Beans, Java IDL, JDBC, etc. Most promising, is the emergence of the distributed resource environment, which allows all of the components that comprise a distributed application (i.e., software components like servers, legacy systems, databases, COTs, etc., and hardware components like printers, scanners, etc.) to be treated akin to operating system resources, where each component (resource) can publish services (an API). Once published, these services are available for use by clients and resources alike. However, distributed resource environments have lagged in support of security, providing minimal functionality to control the availability of a resource’s services to clients. To address this deficiency, this paper concentrates on proposing a technique for seamlessly integrating a role-based security model, authorization, authentication, and enforcement into a distributed resource environment. In addition, we consider the specific challenges and problems in supporting role-based security and authorization in an actual distributed resource environment, namely Sun’s Java-based JINI. JINI promotes the construction and deployment of robust and scalable distributed applications via leasing of services by resources and two-phase commit transactions.

Extending the behavioral capabilities of the object-oriented paradigm with an active model of propagation

Object-oriented design techniques have begun to play a critical role in increasing productivity, assuring correctness, and modeling both the structure and behavior of applications. However, while most object-oriented models support intra-class behavior definition through encapsulation, inter-class relationships and behavior are supported in only a limited sense, i.e., within ISA or inheritance hierarchies. This is a serious draw-back when attempting to model advanced applications such as software-development environments (SDEs) and CAD/CAM. In order to model these critical inter-class relationships and behavior, our goal is to incorporate propagation actions into an object-oriented data model at the design-phase level. This results in increased accuracy in the modeling of information, more complete specification of system behavior, elimination of some side effects, and decreased application coding errors. To meet this goal, this paper presents the active model of propagation (AMP) which supports the specification of inter-class relationships during the design phase to permit system enforced propagation.

A formal enforcement framework for role-based access control using aspect-oriented programming

Many of todays software applications require a high-level of security, defined by a detailed policy and attained via mechanisms such as role-based access control (RBAC), mandatory access control, digital signatures, etc. The integration of the design/implementation processes of access-control policies with runtime enforcement mechanisms is crucial to achieve an acceptable level of security for a software application. Our prior research focused on formalizing the concept of a role slice, which is a unified modeling language (UML) artifact that captures RBAC security requirements by defining permissions in the form of allowable or prohibited methods, and by specifying roles as specialized class diagrams that contain those methods. This paper augments this effort by introducing a formal framework for the security of software applications that supports the automatic translation of a role-slice access-control policy (RBAC requirements) into aspect-oriented programming (AOP) enforcement code that is seamlessly integrated with the application. The formal framework provides the necessary underpinnings to automate the integration of security policies into software. A prototyping effort based on Borlands UML tool Together Control Center for defining role-slice diagrams and the associated AOP code generator is under development.