T. C. Ting

Information sharing and security in dynamic coalitions

Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are coalition partners in one crisis and adversaries in another, raising difficult security issues with respect to information sharing. Our specific interest is in the Dynamic Coalition Problem (DCP), with an emphasis on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines the DCP and explores its intricate, challenging, and complex information and resource sharing, and security issues, utilizing real-world situations, which are drawn from a military domain.

MAC and UML for secure software design

Security must be a first class citizen in the design of large scale, interacting, software applications, at early and all stages of the lifecycle, for accurate and precise policy definition, authorization, authentication, enforcement, and assurance. One of the dominant players in software design is the <i>unified modeling language, UML,</i> a language for specifying, visualizing, constructing and documenting software artifacts. In UML, diagrams provide alternate perspectives for different stakeholders, e.g.: <i>use case diagrams</i> for the interaction of users with system components, class diagrams for the static classes and relationships among them, and <i>sequence diagrams</i> for the dynamic behavior of instances of the class diagram. However, UMLs support for the definition of security requirements for these diagrams and their constituent elements (e.g., actors, systems, use cases, classes, instances, include/extend/generalize relationships, methods, data, etc.) is lacking. In this paper, we address this issue by incorporating <i>mandatory access control (MAC)</i> into use case, class, and sequence diagrams, providing support for the definition of clearances and classifications for relevant UML elements. In addition, we provide a framework for security assurance as users are defining and evolving use case, class, and sequence diagrams, bridging the gap between software engineers and an organizations security personnel in support of <i>secure software design</i>. To demonstrate the feasibility and utility of our work on secure software design, our MAC enhancements for UML have been integrated into Borlands Together Control Center Environment.

User Role-Based Security Model for a Distributed Environment

A distributed resource environment (DRE) allows distributed components (i.e., servers, legacy systems, databases, COTs, printers, scanners, etc.) to be treated akin to OS resources, where each component (resource) can publish services (an API), that are then available for use by clients and resources alike. DREs have lagged in support of security. To address this deficiency, this paper concentrates on proposing a technique for seamlessly integrating a role-based security model, authorization, authentication, and enforcement into a DRE, including our prototyping with the JINI DRE.There are many technologies for distributed processing/interoperation, including CORBA, DCE, DCOM, Enterprise Java Beans, Java IDL, JDBC, etc. Most promising, is the emergence of the distributed resource environment, which allows all of the components that comprise a distributed application (i.e., software components like servers, legacy systems, databases, COTs, etc., and hardware components like printers, scanners, etc.) to be treated akin to operating system resources, where each component (resource) can publish services (an API). Once published, these services are available for use by clients and resources alike. However, distributed resource environments have lagged in support of security, providing minimal functionality to control the availability of a resource’s services to clients. To address this deficiency, this paper concentrates on proposing a technique for seamlessly integrating a role-based security model, authorization, authentication, and enforcement into a distributed resource environment. In addition, we consider the specific challenges and problems in supporting role-based security and authorization in an actual distributed resource environment, namely Sun’s Java-based JINI. JINI promotes the construction and deployment of robust and scalable distributed applications via leasing of services by resources and two-phase commit transactions.

RBAC/MAC Security for UML

In software construction, analysis investigates system requirements and design captures system functionality. To facilitate analysis and design, one popular technique is the unified modeling language, UML. In UML, there are use-case diagrams for the interaction of users with system components, class diagrams for the static classes and relations among them, and sequence diagrams for the dynamic behavior of objects. However, analyzing and designing security requirements in UML is not directly supported. In this chapter, we incorporate role-based access control (RBAC) and mandatory access control (MAC) into UML use-case and class diagrams. In addition, we provide analysis across the UML diagrams, as actors, use cases and classes are defined, to support a degree of security assurance (with mutual exclusion), thereby realizing secure software design in UML. We briefly report on our RBAC/MAC enhancements into Borland’s UML tool Together Control Center.In software construction, analysis investigates the boundary of a system (scope and requirements), its usage and access, and from a security perspective, who needs access to what when. Given sufficient analysis, a logical initial solution can be designed to capture system functionality including security capabilities. To facilitate the iterative process of analysis and design, one popular technique is the unified modeling language, UML, a language for specifying, visualizing, constructing and documenting software artifacts. In UML, diagrams provide alternate perspectives on the design, including: use-case diagrams for the interaction of users with system components, class diagrams for the static classes and relationships among them, and sequence diagrams for the dynamic behavior of objects. However, the ability to analyze and design security requirements in UML is not directly supported. In this paper, we propose an approach that incorporates rolebased access control (RBAC) and mandatory access control (MAC) into UML use-case and class diagrams, providing support for the design of roles (associated with use-case actors), and clearances and classifications for relevant UML elements. In addition, we provide analysis across the UML diagrams, as actors, use cases and classes are defined, to support a degree of security assurance (with mutual exclusion), and to upgrade the usage of UML for secure RBAC/MAC software design. To demonstrate the feasibility and utility of our work, we briefly report on the progress of our RBAC/MAC enhancements into the Borland’s UML tool Together Control Center.

Role slices: a notation for RBAC permission assignment and enforcement

During the past decade, there has been an explosion in the complexity of software applications, with an increasing emphasis on software design via model-driven architectures, patterns, and models such as the unified modeling language (UML). Despite this, the integration of security concerns throughout the product life cycle has lagged, resulting in software infrastructures that are untrustworthy in terms of their ability to authenticate users and to limit them to their authorized application privileges. To address this issue, we present an approach to integrate role-based access control (RBAC) into UML at design-time for permission assignment and enforcement. Specifically, we introduce a new UML artifact, the role slice, supported via a new UML role-slice diagram, to capture RBAC privileges at design time within UML. Once captured, we demonstrate the utilization of aspect-oriented programming (AOP) techniques for the automatic generation of security enforcement code. Overall, we believe that our approach is an important step to upgrading security to be an indispensable part of the software process.

Guest Editors' Introduction to the Special Issue on Secure Database Systems Technology

INCE the U.S. Air Force Summer Study in 1982, several S research and development efforts in secure database management systems have been initiated. These include efforts in Secure Relational DBMS, Secure Object-Oriented DBMS, Secure Distributed IDBMS, and other topics such as inference and aggregation, policies and models, polyinstantiation, concurrency control, auditing, and role-based security. In addition to military applications, security for commercial applications such as medical information systems and banking systems have received increased attention in recent years. Since security is becoming increasingly important to many government as well as commercial organizations, and database technology is a necessity for these organizations, it is important for the various communities to be aware of the developments made in securing database systems. Due to the considerable pressing interest and concern in this area, this special issue of IEEE Transactions on Knowledge and Data Engineering is devoted to this topic. This issue consists of seven papers addressing a variety of topics in secure database systems technology. The first paper by Qian and Lunt describes a MAC policy framework for multilevel relational databases. Much of the work in multilevel secure database management systems has focussed on the relational model. Various prototype systems as well as commercial products have been developed. This paper presents a formal framework to specify mandatory access control policies for relational database systems. More recently quite a few efforts have been reported on multilevel secure object-oriented database management systems. One such effort is reported in the second paper by Thomas and Sandhu. ‘They propose a trusted subject architecture for designing multilevel secure objectoriented databases. Transaction processing in multilevel secure database management systems is a major issue. Concurrency control algorithms such as locking are known to cause covert channels. The goal in secure transaction processing is to ensure consistency as well as security. The third paper by Smith, Blaustein, . Jajodia, and Notargiacomo describes a

Towards an authorization mechanism for user-role based security in an object-oriented design model

User-role based security (URBS) is a technique for characterizing database security that takes the responsibilities of individuals into consideration when determining the security requirements of an application. In previous work, the authors developed a set of techniques for defining and analyzing URBS for an application. They extend this work by considering an actual individuals authorized access rights in an application, and by focusing on specifying, analyzing, and validating these rights. Inconsistencies and conflicts not identified when the roles were defined and analyzed, might become apparent when different roles are combined to represent the privileges for an individual. This study serves as a fundamental step toward supporting an authorization mechanism for URBS, thereby achieving management and control over all authorized accesses to an object-oriented database.<<ETX>>

Security assurance for an RBAC/MAC security model

Corporations and government agencies rely on inter-operating software artifacts (e.g., legacy, COTS, GOTS, databases, servers, etc.) and client applications, brought together by middleware (e.g., CORBA, JINI, .NET, etc.), supporting unrestricted access to application programmer interfaces, APIs. As part of our ongoing research, we have designed and prototyped a unified role-based/mandatory access control (RBAC/MAC) security model with delegation and enforcement to control access by users (via clients) to the methods of artifact APIs, namely: who (user/client) can invoke which methods of artifact APIs at what times. Underlying our RBAC/MAC framework are security assurance rules, SARs, which provide a confidence level on the attainment of an applications security policy. We focus on the formal underpinnings of our security assurance research, its realization during security policy definition with management tools, and at runtime by the enforcement framework.

Software Agents for Role Based Security

In the age of information technology, organizations of all types are seeking to effectively utilize and disseminate information via dependable and secure distributed computing environments. While many existing access control approaches (mandatory, discretionary, and role-based) can be leveraged for the support of security, their assumptions of a centralized computing model may be insufficient in a distributed setting. In recent years, agent computing has emerged as a new computing paradigm, particularly suited to distributed and web-based applications. This paper explores the ability of software agents to support role-based security in a dynamic, object-based setting which is suitable for distributed and web-based applications, with experimental prototypes using Aglets, a Java-based mobile agent model from IBM. The agent approaches differ in their utilization of agents (stationary and mobile) and the granularity level of the involved classes/objects.

Software Architectural Alternatives for User Role-Based Security Policies

Security concerned users and organizations must be provided with the means to protect and control access to object-oriented software, especially with an exploding interest in designing/developing object-oriented software in Java, C++, and Ada95. Our user-role based security (URBS) approach has emphasized: a customizable public interface that appears differently at different times for specific users; security policy specification via a role hierarchy to organize and assign privileges based on responsibilities; and, extensible/reusable URBS enforcement mechanisms. This paper expands our previous work in URBS for an object-oriented framework by exploring software architectural alternatives for realizing enforcement, with the support of assurance and consistency as a key concern for security policies that evolve and change.