Agent Approaches to Role-Based Security.ppt

1、Agent Approaches to Role-Based Security,S. Demurjian, Y. He, T.C. Ting, and M. Saba Computer Science & Engineering Department The University of Connecticut Storrs, Connecticut 06269-3155,steve, ting, sabaengr.uconn.edu http:/www.engr.uconn.edu/steve (860) 486 - 4818,Work Presented Herein appeared at

2、IFIP WG 11.3 13th Conference on Database Security, Seattle, WA, 1999.,Overview of Presentation,Background and Motivation Distributed and Web Based Applications Software Agent Computing Paradigm Previous and Related Work Agent Approaches to Role-Based Security Experimental Prototype via Java Aglets C

3、oncluding Remarks and Future Work,Distributed and Web-Based Applications,Utilize New and Existing Info. Innovatively Distributed/Web-Based Applications are: Combo of Legacy, COTS, DBs, New C/S Electronic Banking/Commerce Information Dissemination (Push/Pull) Leverage Computing and Network Resources

4、Transcend Available Alternatives MAC, DAC, Role-Based Employ as “Local” Solutions? New Computing Paradigms Emerging Software Agents Various Implementations,Software Agent Computing Paradigm,What is an Agent? Acts on Behalf of Individuals(Users) on Task State and Behavior in Runtime Environment Four

5、Mandatory Properties Sense/React to Environment Changes Autonomously Control Own State/Behavior Proactive to Specific User Goals Constantly Executing in Runtime Environment Stationary Agent: Limited to Single Node Mobile Agent: Migrate Across Network to Accomplish Required Tasks,Software Agent Compu

6、ting Paradigm,Agents Akin to Objects Created and Destroyed Interact by Passing Messages Remote Method Invocation Prohibited Attractiveness of Agents for Security Agents Created by Client to Carry Out Secure Access to Remote Clients Visit Multiple Nodes to Satisfy “Request” Specificity of Role Dictat

7、es Agent Behavior Caveat: Mobile Agents Significant Security Concern Due to Potential Ability to Act as Threat!,Influence of Previous and Related Work,Our Previous Efforts in Software Architectural Alternatives with Limited Distribution Javas Impact and Potential on Distributed Computing/Security Re

8、lated work by Hale 1998 Secure Distributed Object and Language Programming Framework for Internet-Based Apps. Tari 1998 Distributed Object Kernel as Framework to Design and Implement Distributed Security Policies,Agent Approaches to Role-Based Security,Distributed/Web-Based Applications to Access Re

9、mote Objects of Legacy, COTs, DBs, C/S, etc. Orthogonal Goals Security to Control/Limit Interactions Distributed/Web-Based Computing to Enable Interoperation/Facilitate Access Propose and Discuss Three Agent Architectures Baseline Agent Approach Hierarchical Agent Approach Object-Security Manager Ag

10、ent Approach Assume a Role-Based Context, but Other Security Approaches may also Apply,Architecture for Baseline Agent Approach,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Components and Agents,Client Application (CA) GUI/Software Tool for User User Limited to Single

11、 Role at Any Time Role/User Request Passed to UA Users Modify Single Remote Object/Request CA Manages Multiple Requests in Serial User Agent (UA) Stationary Agent Created by CA for User UA Receives Request from CA UA Transforms Request and Creates IRA UA Forwards Request to IRA and Waits UA Receives

12、 Response for IRA and Transforms for Return to CA,Components and Agents,Information Retrieval Agent (IRA) Mobile Agent Created by UA Limited to Interacting with UA and OSA IRA Created and Dispatched by UA IRA Moves from Client to Server to Client Interact with Remote Object and Return Result Object

13、Security Agent (OSA) Stationary Agent (or Collection of Security Objects) or a Mobile Agent Enforce Security Policy for Remote Object Based on Permissible Actions by Role Object Remote Object Provides Services to CA,User Agent (UA),UA Arbitrates Interaction of CA and IRA UA Allocation Strategies Use

14、r-Based Allocation (UBA) UA Dedicated to Each User, Created Upon Login, Lives During Session to Enforce Single Role of CA Multiple CAs Imply Multiple UAs - Resources Role-Based Allocation (RBA) UA Dedicated to Each Role, Shared by Multiple Users Playing Same Role Use-Counts for Allocation/Deallocati

15、on UBA Can Support Multiple Roles/User UBA vs. RBA: Number and Activity of Agents,Information Retrieval Agent (IRA),Mobile Agent Created by UA to Process CA Request IRA Access Single Remote Object Created on Client and Moves to Host (Server) Interacts with OSA: Success or Denied Access Returns to Cl

16、ient and Sends Result to UA IRA Allocation/Lifetime Strategies IRA Active as Long as UA IRA De-allocated when Request Done What are Tradeoffs of Each?,Object Security Agent (OSA),OSA as Firewall to Separate Remote Object from Outside World OSA Embodies Security Policy (Role-Based) OSA Receives Reque

17、st from IRA OSA Deny Request or Forward Result to IRA OSA as Agent: Allocation Strategies “Few” Remote Objects, One OSA/Server “Moderate” Remote Objects, OSA/Instance “Many” Remote Objects, Same Type, OSA/Type What are Tradeoffs of Each Allocation Strategy?,Architecture for Hierarchical Agent Approa

18、ch,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Components and Agents,CA, UA, OSA (Security Policy), Object as in Baseline Hierarchical Approach for Complex Requests Complex Request to Access Multiple-Remote Objects In Baseline, Serially Processed by CA or UA In Hiera

19、rchical, Complex Request Sent to IRA as a Single Serializable Request Processing in IRA by Hierarchy of Root-IRA Internal-IRA Leaf-IRA,IRA Processing,Root-IRA for Complex Request of Multiple Ros Root-IRA Spawned by UA Root-IRA can Spawn Internal and Leaf IRAs Root-IRA Spawns All Leaf-IRAs if Complex

20、 Request Consists of Series of Simple Request to Single Remote Objects Leaf-IRA Mobile Agent ala IRA (Baseline) Leaf-IRAs can Move to Same/Different Nodes Each Leaf-IRA Interacts with OSA, Collects Response, and Returns Result to Root-IRA Root-IRA Processes all Leaf-IRA Results,IRA Processing,Root-I

21、RA Spawns Internal-IRAs and Leaf-IRAs Multi-Level Process to Handle Complex Request with Root-IRA Stationary Internal-IRAs can Spawn Internal-IRAs and Leaf-IRAs as Request is Decomposed Internal-IRAs may be Stationary or Mobile Recursive Spawning of IRA Nodes As Leaf-IRAs and Internal-IRAs Complete,

22、 Results are Collected by Internal-IRAs and Eventually Root-IRA Allocate one Root-IRA per UA,Architecture for Object-Security Manager Agent Approach,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Client,Server,OSA Manager,OSA Manager has Active Role in Allocation OSA Ma

23、nager Oversees OSA Allocation: Recall “Few” Remote Objects, One OSA/Server “Moderate” Remote Objects, OSA/Instance “Many” Remote Objects, Same Type, OSA/Type OSA Manager Dynamically Chooses One or More Allocation Strategies Most Suited to System State OSA Manager Adjust Strategies Dynamically Mobile

24、 IRAs Ask OSA Manager for “Right” OSA Well-Suited to Evolving Security Policy,Aglets - Java Agents,Many Java-Based Agent Computing Systems Aglets http:/aglets.trl.ibm.co.jp Odyssey, Concordia, and Voyager Aglets are Agents + Applets Aglets Start Execute on Node Suspend and Move to Another Node Conti

25、nue Execution where Left Off Aglet Actions Restricted to Sandbox Aglets can Ask Security Manager for Permission to Perform Local Operations,Architecture for Agent Implementation,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Version of Baseline Approach,Main Difference:

26、 Presence of Translator Translator Encodes Outgoing Data from CA Translator Decodes Incoming Data from UA Similar Activities at Server Side Implementation Includes User Identity in Message Client Side Translator Does Authentication Server Side Translator Invokes Methods on RO Two Allocation Variants

27、 of Prototype Two ROs (Course/Person DBs)/Single OSA Two ROs (Course/Person DBs) on Different Servers with Dedicated OSAs,Illustration of Aglet Interaction Code,CA CODE TO INITIATE PROCESS BY SENDING MESSAGE TO UA tryreply =(Message)userAgent.sendMessage(new Message(“request“, request);catch(Excepti

28、on e) e.printStackTrace();,UA COUNTERPART: FORWARDS TO IRA AND RECEIVES RESPONSE public boolean handleMessage(Message msg) if (msg.sameKind(“request“) / Request from CA try / Dispatch message to IRAiraProxy = (AgletProxy)iraProxy.sendMessage(Message)msg.getArg();waitMessage(); / Wait for Reply from

29、IRAmsg.sendReply(reply); / Route Reply back to CA catch(Exception e) e.printStackTrace(); else if (msg.sameKind(“reply“) / Upon Receipt of Replyreply = msg; / Record the Reply from IRAnotifyAllMessages(); / Awaken UA .,Illustration of Aglet Interaction Code,IRA CODE FOR STATIONARY AND MOBILE INTERAC

30、TIONS public boolean handleMessage(Message msg) if (msg.sameKind(“askservice“) / IRA Arrives at Servertry / Obtain OSA Proxy to Facilitate IRA-OSA InteractionAgletProxy proxy = (AgletProxy)getAgletContext().getProperty(osaName);/ Send Request to OSA and Receive Replyreply = (Message)proxy.sendMessag

31、e(msg); itinerary.go(home, “back“); / Return Back to Client catch(Exception e) e.printStackTrace(); else if (msg.sameKind(“back“) / IRA Arrives Back at Client/ Obtain UA Proxy to Facilitate IRA-UA InteractionAgletProxy proxy = getAgletContext().getAgletProxy( parentID );/ Send the Request Response t

32、o UAtry proxy.sendMessage( reply ); catch( Exception e ) e.printStackTrace(); ,INTERACTIONS OF IRA WITH OSA public boolean handleMessage( Message msg ) / Utilize Translator to Decode Message from IRA and Create ReplyMessage reply = translator.GetReply( msg );/ Route the Reply Back to IRAmsg.sendRepl

33、y( reply ); return true;,Bitmap from Experimental Prototype,Still Looking Could Not Find a Record of Any Bit Maps!,Concluding Remarks,Explored Architectures for Constructing Secure Distributed and Web-Based Applications: Emerging Agent Computing Paradigm Mobile and Stationary Agents to Realize Role-Based Security of Dynamic Remote Objects Architectures with Varied Capabilities Successful Prototyping Implementation Future Work Continued Exploration of Agent Approaches Applicability to Other Agent Systems Such as Concordia, Voyager, etc. Ph.D. Topic Related to Security, Agents, and IOA,