Security Issues for New Clients?
Download
Report
Transcript Security Issues for New Clients?
Research Efforts in Computer Science &
Engineering at UConn
Prof. Steven Demurjian, Prof. Reda Ammar,
Prof. Robert McCartney, Prof. Thomas Peters,
Prof. Eugene Santos, Prof. Dong-Guk Shin,
Prof. Alex Shvartsman, Prof. Alex Thomasian,
and Prof. T.C. Ting
Computer Science & Engineering Department
The University of Connecticut
191 Auditorium Road, Box U-155
Storrs, CT 06269-3155
[email protected]
http://www.engr.uconn.edu/~steve
http://www.engr.uconn.edu/cse
(860) 486 - 4818
CSE.RO-1.1
Overview of Presentation
Software Architectures and Distributed Computing
Enterprise Computing and Interoperability
(Demurjian)
Security Issues for Enterprise Computing
(Demurjian)
Optimal Deployment of Distributed Objects
(Demurjian/Shvartsman)
Reusable Component Framework (Demurjian)
Risks and Benefits of Java (Demurjian/Shin)
Frameworks for Scalable Distributed
Applications (Shvartsman)
Semantically Consistent Software Architecture
(Peters)
CSE.RO-1.2
Overview of Presentation
Databases, Data Mining, and User Interfaces
Interoperability of Heterogeneous Databases
(Shin)
Performance of Database and Software
Applications (Thomasian)
Data Mining and Intelligent User
Interfaces/Tutoring Systems (Santos)
Joint: Intelligent Distributed Component Appls.
Frameworks (Shvartsman, Demurjian, Santos)
Networking and Performance
Scalable Communications for Multiple Agents
(McCartney)
Multi-Layered Network Performance Analyses
(Ammar)
CSE.RO-1.3
Enterprise Computing
and Interoperability (Demurjian)
COTS
Database
How do Systems and
Applications Interact?
Legacy
Legacy
COTS
What are Performance
Constraints?
What Platforms Must Interact?
NETWORK
Java
Client
Java
Client
How are New Clients Added?
New Servers Added?
Legacy
Database
What is the Role of
JDBC, ODBC, CORBA?
COTS
CSE.RO-1.4
Enterprise Computing
and Interoperability (Demurjian)
What are Keys Issues that Influence and Guide the
Integration Process for Enterprise Computing?
Software Reuse in a Distributed Computing
Environment
Reuse Existing Legacy/COTS in Innovative Ways
Not Cost Effective to Redesign/Reimplement
EC Users will Demand Modern Interfaces on Upto-Date Platforms
Wrappers for Cohesive/Seamless Interactions
Apply to Languages (C, C++, Ada, etc.) and
Paradigms (OODBS, CORBA, RPC)
Address Communication, Translation, Security,
Concurrency, Performance, Bandwidth, etc.
CSE.RO-1.5
Enterprise Computing
and Interoperability (Demurjian)
What are Keys Issues that Influence and Guide the
Integration Process for Enterprise Computing?
Communications Alternatives Dictated by
Application Domain
Tradeoffs of Low-Level (Sockets) vs. Mid-Level
(RCP, RMI) vs. High-Level (CORBA, DCOM, …)
Will Enterprise Computing Utilize Combination?
Consistency of Information in Distributed
Computing Environment
When is Data Sent from Client to Legacy Server?
Automatic (Regular) vs. User-Initiated?
When Network Traffic is Low?
Enterprise Computing Spans Broad Spectrum
CSE.RO-1.6
Enterprise Computing
and Interoperability (Demurjian)
Java Wrapper
OBJECT REQUEST BROKER
COMMUNICATION
Java Communication
Classes/Instances
Java Design Classes/Instances
Java Communication
Classes/Instances
COMMUNICATION
GUI
Classes
and
Instances
Java Design Classes/Instances
Java Client
Translation
Java to C++
C++
Legacy
Code
CSE.RO-1.7
Security Issues for Enterprise Computing
(Demurjian/Ting)
Public Interface is Union of All Privileges for All
Potential Users No Explicit way to Prohibit Access
Customizable Public Interface of Class
Access to Public Interface is Variable and Based
on User Needs and Responsibilities
Only Give Exactly What’s Needed and No More
public class PatientRecord
{ private: Data/Methods as Needed;
public:
write_medical_history();
write_prescription();
For MDs
get_medical_history();
and Nurses
get_diagnosis();
set_payment_mode();
etc…
}
For MDs Only
For Admitting
CSE.RO-1.8
Security Issues for Enterprise Computing
(Demurjian/Ting)
How is Security Handled
for Individual Systems?
COTS
Database
Legacy
What if Security Never Available
for Legacy/COTS/Database?
Legacy
Security Issues for New Clients?
New Servers? Across Network?
Can Software Agents be Utilized
for Distributed Security?
COTS
NETWORK
Java
Client
Java
Client
Legacy
Authentication
Database
Is the Client who S/he Says they are?
COTS
Authorization
Does the Client have Permission to do what S/he Wants?
Privacy
Is Anyone Intercepting Client/Server Communications?
CSE.RO-1.9
Optimal Deployment of Distributed
Objects (Demurjian/Shvartsman)
Problem: Deployment of Distributed Software
New Distributed Application
Redeploying Existing Distributed Application
Distributing Standalone Legacy Application
How are Locations of Software Components
Determined for Target Distributed Environment?
What Determines Which Component is Placed on
Which Node?
Component Interactions?
Component Size?
Local/Remote Communication?
CSE.RO-1.10
Optimal Deployment of Distributed
Objects (Demurjian/Shvartsman)
Current Status
Distribution of Object-Oriented Software
Focus on Object Interactions via Method
Invocations
Binary Integer Programming Model
Optimal Deployment Based on Communication
Tested on “Toy” OO Applications
Seeking a “Realistic” OO Application
Ongoing Ph. D. work by C. Bastarrica
CSE.RO-1.11
Risks and Benefits of Software
Engineering with Java (Demurjian/Shin)
Potential Risks
Standardization and Microsoft
Security Flaws and Java - A Constant Concern
Performance - Will V1.2 Solve Problems?
Portability - Platform In(De)pendence
Significant Benefits
Programming Language Interactions Cross Compilation, Byte-Code Generators,
Translators
Client/Server and DOC - CORBA, ORBs, JNI,
Legacy/COTS
Database/Persistence - Interactions with
Relational/OO DBS, JDBC
CSE.RO-1.12
Risks and Benefits of Software
Engineering with Java (Demurjian/Shin)
Java Continues to Evolve
Acceptance and Retraining
What Capabilities of Java Provide the
Strongest Case for the Technology?
What Must Software Professionals Understand
to Successfully Utilize Java?
How Quickly Can Software Professionals
Learn Java?
Leveraging for Future
What are the Long-Term Benefits of Java?
Can Java Interact with PLs, Legacy, COTS?
Work Conducted for Mitre Corporation
CSE.RO-1.13
Reusable Component Framework
(Demurjian)
Popular OO Methodologies Omit /Ignore Reuse
Current Research Concentrates on Consumer
(Reuser) and Not Producer (Creator)
Two-Fold Goal
Elevate Reuse to Equal Partner
Domain-and-Organization Specific Reuse
Capabilities of Evaluation Techniques
Identify the Reusable Portions of Design
Estimate/Measure Reusability Automatically
Provide Guidelines for Reuse Improvement
For Newly Created Designs and Legacy Code
Design Reuse Evaluation Tool: C++, Ada95, Java
CSE.RO-1.14
Frameworks for Scalable Distributed
Applications (Shvartsman)
Application (API) and User (GUI) Interfaces
Application
Services
Composable Applications
and
Repository
Legacy Interface
Legacy Objects &
Applications
Standards-based Interface
Standard Servers & Objects,
Encapsulated Resources
CSE.RO-1.15
Composable Modules and Properties
(Shvartsman)
Encapsulate Data, Behavior and Knowledge
Support Multiple Concurrent Activities
Autonomously Operated and Maintained
Potential Components of Many Programs
Program
Repository
Invoke
Respond
Module
Specification (MSL)
Data & Info
DB, HDB, OODB
Concurrency
Distribution
Autonomy
Composability
Copyright © 1994 Alex Allister Shvartsman
CSE.RO-1.16
Semantically Consistent Software
Architecture (Peters)
Definitions: Consider Large Software Application
Views: Different User Perspectives
Slices: Different Developer Perspectives
Example: Appl. from Investment Community
Sample Views
Analyst: Means to Assess Market Trends
Individual Investor: Check Portfolio Performance
Venture Capitalist: Timing Initial Public Offering
Sample Slices: Capability Oriented
User Interface, Database, etc.
Separate, Interacting Components/Subsystems
CSE.RO-1.17
Semantically Consistent Software
Architecture (Peters)
Today’s and Tomorrow’s “Large” Applications are
Collections of Existing/New Applications that
Operate in Distributed/Heterogeneous Fashion
Key Issue: Semantic Consistency of Data Types
Example: Exchanging Floating Point Data
Algorithmic Approximations
Accumulated Numerical Error
What Happens when Decisions (e.g., Buy or Sell
Stock) are Made in Uncertain Environment?
How are Decisions Made when Numerical
Answers are Near Limiting Values?
Exchange and Interoperation of Information in a
Semantically Consistent Fashion
CSE.RO-1.18
Interoperability of Heterogeneous DBs:
Query Clearing House Model (Shin)
Purpose : An Agent Model that Enables Users to
Access Desired Information from Multiple
Heterogeneous Database Systems.
Characteristics:
Functions as a Mediator between the End Users
and Databases.
Supports the Query Construction without
knowing the Details of Database Schemas and
their Locations.
Supports the Query Expression with more
General Terms rather than the Specific Terms
used in Local Databases.
Active Utilization in Human Genome Project
CSE.RO-1.19
Query Clearing House
Configuration (Shin)
Clearing House
Graphical
User
Interface
.
.
.
.
Query
Object
Query
Object
Graphical
User
Interface
Agent
Query
Interpreter
Query Instance
Generator
Query
Distributor
Meta-Data
Mapping Library
Mapping Library
Database
.
.
.
.
Mapping Library
Agent
Database
CSE.RO-1.20
Performance of Database and Software
Applications (Thomasian)
Current Areas of Research Interest and Activity
Performance Analysis and Evaluation
Distributed Systems
Databases
Performance
Analysis of Disk Arrays
Evaluation
Computer and Communication Systems
Software Applications
Database and Transaction Processing Systems
CSE.RO-1.21
Performance of Database and Software
Applications (Thomasian)
Distributed Systems
Capacity Planning for Client/Server and
Mainframe Systems
Concurrency Control, Data Allocation, Load
Balancing, and Transaction Routing
Databases
High-Dimensional Indexing and Data
Compression for Image Databases
Analysis and Synthesis of Concurrency Control
Methods
CSE.RO-1.22
Data Mining and Intelligent User
Interfaces/Tutoring Systems (Santos)
Knowledge and Data/Database Mining
Extract Knowledge
Electronic, Non-Human Source of Data
Identify/Provide Relevant Knowledge
Can Intelligence be Automagically Injected?
Crosses AI/DBs; AFOSR
Intelligent User Interfaces
Determining the Right Information
Present at Right Time in the Right Format
Customized to Individual - Considers User Needs
Enable Tool Most Suited to Needs
Crosses AI/SWE; AFOSR, DARPA, NSF
CSE.RO-1.23
Data Mining and Intelligent User
Interfaces/Tutoring Systems (Santos)
Intelligent Tutoring Systems
Problem
Significant Amounts of Knowledge on Different
Subjects are now Available
Requires Processing (Reading/Learning) by
Humans
Need
Direction/Assistance to Learn Material Faster
Computer to Teach the Material
Guidance Based on Individual Needs/Preferences
AI; Phillips Laboratory
CSE.RO-1.24
Intelligent Distributed Component Appls.
Frameworks (Shvartsman, Demurjian, Santos)
Challenges to Design/Develop Dependable,
Interoperable, Portable Distributed Applications:
Competing Technologies (Java, CORBA,
DCOM, RPC)
Distributed Middleware with Different Models
of Objects and Services
Middleware Lacking Capabilities, e.g., Group
Services, Intelligent Broadcast, etc.
Dependable Distributed Components Systems
Interoperable, Composable, Portable, Secure
Multi-Target, Correct, Scalable, Efficient
Propose: Framework for Specifying Intelligent
Distributed Component Applications
CSE.RO-1.25
Intelligent Distributed Component Appls.
Frameworks (Shvartsman, Demurjian, Santos)
Intelligent
Agent
Applications
General
Object
Services
Distributed
Application
Framework
Distributed
Building
Blocks
Distributed Computing Platform
All Three “Boxes” are
Major Research Topics
Currently Investigating
Each Topic in Isolation
Cooperative Work
Underway
AFOSR 3 Yr Funding
Santos Perspective
UConn, WSU,
AFIT
Multi-Disciplinary
SBIR Proposal
Shvartsman/Demur
jian
InfoPike, Inc.
CSE.RO-1.26
Scalable Communications for Multiple
Agents (McCartney)
Cooperating Groups of Mobile Robots
Mobile Nodes in a Network
Networks with Intermittent Connectivity
Heterogeneous Mix of Mobile and Stationary
Nodes
Variable Communications Rates and Methods
Dynamic Network Topology
Highly Variable Network Traffic
CSE.RO-1.27
Goals for a Communications System
(McCartney)
Responsive
Secure
Reliable
Reconfigurable
Changing Roles
Changing Hierarchical Structure
Changing Group Memberships
Adaptable
Nodes Enter and Leave Network
Topology Changes
Transparent
Uniform Interfaces Across Roles
CSE.RO-1.28
Multi-Layered Network Performance
Analyses (Ammar)
COLUMBO: Real-Time Network Security
System
Continuous Lookout for Unauthorized and
Menacing Breakin Operations
Model User Behavior
User Profiles Based on Past Data
User Differences - Current Input vs. Stored Models
Dynamic Authentication to Detect Intruders
Recoverable to Earlier State in Failure
Utilize Probabilistic Finite State Automata
Augmented with Probability Density Functions
and Time Measures
CSE.RO-1.29
Multi-Layered Network Performance
Analyses (Ammar)
Performance Oriented Software Engineering
Targeted for Software Applications that
Require
Advanced Sequential and Parallel Architectures
High-Speed Networks
Utilizes Methods of Performance Prediction
Designer Given Estimates Based on Algorithm,
Implementation, Architecture
Integrated Environment and Methodology
Computer Aided Performance Engineering Tools
Support Modeling and Evaluation Techniques
DARPA
CSE.RO-1.30
Concluding Remarks and Discussion
CSE Faculty Interested in Industrial Interactions
Engineering MS Program
Undergraduate Semester Projects
Storrs Senior Design Projects
Graduate Student Research Assistantships
Cooperative Research Funding
Faculty Presentations and Seminars
Industry Presentations (CSE Courses)
Faculty Consulting (Summers/Sabbaticals)
UConn CSE Web Page:
www.engr.uconn.edu/cse
CSE.RO-1.31