ImageVerifierCode 换一换
格式:PPT , 页数:26 ,大小:110.50KB ,
资源ID:378129      下载积分:2000 积分
快捷下载
登录下载
邮箱/手机:
温馨提示:
如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝扫码支付 微信扫码支付   
注意:如需开发票,请勿充值!
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【http://www.mydoc123.com/d-378129.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录  

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(Agent Approaches to Role-Based Security.ppt)为本站会员(livefirmly316)主动上传,麦多课文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文库(发送邮件至master@mydoc123.com或直接QQ联系客服),我们立即给予删除!

Agent Approaches to Role-Based Security.ppt

1、Agent Approaches to Role-Based Security,S. Demurjian, Y. He, T.C. Ting, and M. Saba Computer Science & Engineering Department The University of Connecticut Storrs, Connecticut 06269-3155,steve, ting, sabaengr.uconn.edu http:/www.engr.uconn.edu/steve (860) 486 - 4818,Work Presented Herein appeared at

2、IFIP WG 11.3 13th Conference on Database Security, Seattle, WA, 1999.,Overview of Presentation,Background and Motivation Distributed and Web Based Applications Software Agent Computing Paradigm Previous and Related Work Agent Approaches to Role-Based Security Experimental Prototype via Java Aglets C

3、oncluding Remarks and Future Work,Distributed and Web-Based Applications,Utilize New and Existing Info. Innovatively Distributed/Web-Based Applications are: Combo of Legacy, COTS, DBs, New C/S Electronic Banking/Commerce Information Dissemination (Push/Pull) Leverage Computing and Network Resources

4、Transcend Available Alternatives MAC, DAC, Role-Based Employ as “Local” Solutions? New Computing Paradigms Emerging Software Agents Various Implementations,Software Agent Computing Paradigm,What is an Agent? Acts on Behalf of Individuals(Users) on Task State and Behavior in Runtime Environment Four

5、Mandatory Properties Sense/React to Environment Changes Autonomously Control Own State/Behavior Proactive to Specific User Goals Constantly Executing in Runtime Environment Stationary Agent: Limited to Single Node Mobile Agent: Migrate Across Network to Accomplish Required Tasks,Software Agent Compu

6、ting Paradigm,Agents Akin to Objects Created and Destroyed Interact by Passing Messages Remote Method Invocation Prohibited Attractiveness of Agents for Security Agents Created by Client to Carry Out Secure Access to Remote Clients Visit Multiple Nodes to Satisfy “Request” Specificity of Role Dictat

7、es Agent Behavior Caveat: Mobile Agents Significant Security Concern Due to Potential Ability to Act as Threat!,Influence of Previous and Related Work,Our Previous Efforts in Software Architectural Alternatives with Limited Distribution Javas Impact and Potential on Distributed Computing/Security Re

8、lated work by Hale 1998 Secure Distributed Object and Language Programming Framework for Internet-Based Apps. Tari 1998 Distributed Object Kernel as Framework to Design and Implement Distributed Security Policies,Agent Approaches to Role-Based Security,Distributed/Web-Based Applications to Access Re

9、mote Objects of Legacy, COTs, DBs, C/S, etc. Orthogonal Goals Security to Control/Limit Interactions Distributed/Web-Based Computing to Enable Interoperation/Facilitate Access Propose and Discuss Three Agent Architectures Baseline Agent Approach Hierarchical Agent Approach Object-Security Manager Ag

10、ent Approach Assume a Role-Based Context, but Other Security Approaches may also Apply,Architecture for Baseline Agent Approach,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Components and Agents,Client Application (CA) GUI/Software Tool for User User Limited to Single

11、 Role at Any Time Role/User Request Passed to UA Users Modify Single Remote Object/Request CA Manages Multiple Requests in Serial User Agent (UA) Stationary Agent Created by CA for User UA Receives Request from CA UA Transforms Request and Creates IRA UA Forwards Request to IRA and Waits UA Receives

12、 Response for IRA and Transforms for Return to CA,Components and Agents,Information Retrieval Agent (IRA) Mobile Agent Created by UA Limited to Interacting with UA and OSA IRA Created and Dispatched by UA IRA Moves from Client to Server to Client Interact with Remote Object and Return Result Object

13、Security Agent (OSA) Stationary Agent (or Collection of Security Objects) or a Mobile Agent Enforce Security Policy for Remote Object Based on Permissible Actions by Role Object Remote Object Provides Services to CA,User Agent (UA),UA Arbitrates Interaction of CA and IRA UA Allocation Strategies Use

14、r-Based Allocation (UBA) UA Dedicated to Each User, Created Upon Login, Lives During Session to Enforce Single Role of CA Multiple CAs Imply Multiple UAs - Resources Role-Based Allocation (RBA) UA Dedicated to Each Role, Shared by Multiple Users Playing Same Role Use-Counts for Allocation/Deallocati

15、on UBA Can Support Multiple Roles/User UBA vs. RBA: Number and Activity of Agents,Information Retrieval Agent (IRA),Mobile Agent Created by UA to Process CA Request IRA Access Single Remote Object Created on Client and Moves to Host (Server) Interacts with OSA: Success or Denied Access Returns to Cl

16、ient and Sends Result to UA IRA Allocation/Lifetime Strategies IRA Active as Long as UA IRA De-allocated when Request Done What are Tradeoffs of Each?,Object Security Agent (OSA),OSA as Firewall to Separate Remote Object from Outside World OSA Embodies Security Policy (Role-Based) OSA Receives Reque

17、st from IRA OSA Deny Request or Forward Result to IRA OSA as Agent: Allocation Strategies “Few” Remote Objects, One OSA/Server “Moderate” Remote Objects, OSA/Instance “Many” Remote Objects, Same Type, OSA/Type What are Tradeoffs of Each Allocation Strategy?,Architecture for Hierarchical Agent Approa

18、ch,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Components and Agents,CA, UA, OSA (Security Policy), Object as in Baseline Hierarchical Approach for Complex Requests Complex Request to Access Multiple-Remote Objects In Baseline, Serially Processed by CA or UA In Hiera

19、rchical, Complex Request Sent to IRA as a Single Serializable Request Processing in IRA by Hierarchy of Root-IRA Internal-IRA Leaf-IRA,IRA Processing,Root-IRA for Complex Request of Multiple Ros Root-IRA Spawned by UA Root-IRA can Spawn Internal and Leaf IRAs Root-IRA Spawns All Leaf-IRAs if Complex

20、 Request Consists of Series of Simple Request to Single Remote Objects Leaf-IRA Mobile Agent ala IRA (Baseline) Leaf-IRAs can Move to Same/Different Nodes Each Leaf-IRA Interacts with OSA, Collects Response, and Returns Result to Root-IRA Root-IRA Processes all Leaf-IRA Results,IRA Processing,Root-I

21、RA Spawns Internal-IRAs and Leaf-IRAs Multi-Level Process to Handle Complex Request with Root-IRA Stationary Internal-IRAs can Spawn Internal-IRAs and Leaf-IRAs as Request is Decomposed Internal-IRAs may be Stationary or Mobile Recursive Spawning of IRA Nodes As Leaf-IRAs and Internal-IRAs Complete,

22、 Results are Collected by Internal-IRAs and Eventually Root-IRA Allocate one Root-IRA per UA,Architecture for Object-Security Manager Agent Approach,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Client,Server,OSA Manager,OSA Manager has Active Role in Allocation OSA Ma

23、nager Oversees OSA Allocation: Recall “Few” Remote Objects, One OSA/Server “Moderate” Remote Objects, OSA/Instance “Many” Remote Objects, Same Type, OSA/Type OSA Manager Dynamically Chooses One or More Allocation Strategies Most Suited to System State OSA Manager Adjust Strategies Dynamically Mobile

24、 IRAs Ask OSA Manager for “Right” OSA Well-Suited to Evolving Security Policy,Aglets - Java Agents,Many Java-Based Agent Computing Systems Aglets http:/aglets.trl.ibm.co.jp Odyssey, Concordia, and Voyager Aglets are Agents + Applets Aglets Start Execute on Node Suspend and Move to Another Node Conti

25、nue Execution where Left Off Aglet Actions Restricted to Sandbox Aglets can Ask Security Manager for Permission to Perform Local Operations,Architecture for Agent Implementation,Key:UA: User AgentIRA: Information Retrieval AgentOSA: Object Security Agent,Version of Baseline Approach,Main Difference:

26、 Presence of Translator Translator Encodes Outgoing Data from CA Translator Decodes Incoming Data from UA Similar Activities at Server Side Implementation Includes User Identity in Message Client Side Translator Does Authentication Server Side Translator Invokes Methods on RO Two Allocation Variants

27、 of Prototype Two ROs (Course/Person DBs)/Single OSA Two ROs (Course/Person DBs) on Different Servers with Dedicated OSAs,Illustration of Aglet Interaction Code,CA CODE TO INITIATE PROCESS BY SENDING MESSAGE TO UA tryreply =(Message)userAgent.sendMessage(new Message(“request“, request);catch(Excepti

28、on e) e.printStackTrace();,UA COUNTERPART: FORWARDS TO IRA AND RECEIVES RESPONSE public boolean handleMessage(Message msg) if (msg.sameKind(“request“) / Request from CA try / Dispatch message to IRAiraProxy = (AgletProxy)iraProxy.sendMessage(Message)msg.getArg();waitMessage(); / Wait for Reply from

29、IRAmsg.sendReply(reply); / Route Reply back to CA catch(Exception e) e.printStackTrace(); else if (msg.sameKind(“reply“) / Upon Receipt of Replyreply = msg; / Record the Reply from IRAnotifyAllMessages(); / Awaken UA .,Illustration of Aglet Interaction Code,IRA CODE FOR STATIONARY AND MOBILE INTERAC

30、TIONS public boolean handleMessage(Message msg) if (msg.sameKind(“askservice“) / IRA Arrives at Servertry / Obtain OSA Proxy to Facilitate IRA-OSA InteractionAgletProxy proxy = (AgletProxy)getAgletContext().getProperty(osaName);/ Send Request to OSA and Receive Replyreply = (Message)proxy.sendMessag

31、e(msg); itinerary.go(home, “back“); / Return Back to Client catch(Exception e) e.printStackTrace(); else if (msg.sameKind(“back“) / IRA Arrives Back at Client/ Obtain UA Proxy to Facilitate IRA-UA InteractionAgletProxy proxy = getAgletContext().getAgletProxy( parentID );/ Send the Request Response t

32、o UAtry proxy.sendMessage( reply ); catch( Exception e ) e.printStackTrace(); ,INTERACTIONS OF IRA WITH OSA public boolean handleMessage( Message msg ) / Utilize Translator to Decode Message from IRA and Create ReplyMessage reply = translator.GetReply( msg );/ Route the Reply Back to IRAmsg.sendRepl

33、y( reply ); return true;,Bitmap from Experimental Prototype,Still Looking Could Not Find a Record of Any Bit Maps!,Concluding Remarks,Explored Architectures for Constructing Secure Distributed and Web-Based Applications: Emerging Agent Computing Paradigm Mobile and Stationary Agents to Realize Role-Based Security of Dynamic Remote Objects Architectures with Varied Capabilities Successful Prototyping Implementation Future Work Continued Exploration of Agent Approaches Applicability to Other Agent Systems Such as Concordia, Voyager, etc. Ph.D. Topic Related to Security, Agents, and IOA,

copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
备案/许可证编号:苏ICP备17064731号-1