Download An Adaptable Multi Level Security Manager for a Distributed Database System PowerPoint Presentation


Login   OR  Register

Iframe embed code :

Presentation url :


Description :

Download An Adaptable Multi Level Security Manager for a Distributed Database System PowerPoint Presentation Slides

Tags :

An Adaptable Multi Level Security Manager for a Distributed Database System

Home / General & Others / General & Others Presentations / An Adaptable Multi Level Security Manager for a Distributed Database System PowerPoint Presentation

An Adaptable Multi Level Security Manager for a Distributed Database System PowerPoint Presentation

Ppt Presentation Embed Code   Zoom Ppt Presentation

PowerPoint is the world's most popular presentation software which can let you create professional An Adaptable Multi Level Security Manager for a Distributed Database System powerpoint presentation easily and in no time. This helps you give your presentation on An Adaptable Multi Level Security Manager for a Distributed Database System in a conference, a school lecture, a business proposal, in a webinar and business and professional representations.

The uploader spent his/her valuable time to create this An Adaptable Multi Level Security Manager for a Distributed Database System powerpoint presentation slides, to share his/her useful content with the world. This ppt presentation uploaded by worldwideweb in General & Others ppt presentation category is available for free download,and can be used according to your industries like finance, marketing, education, health and many more.

About This Presentation

Slide 1 - An Adaptable Security Manager for Real-Time Transactions Sang H. Son and Robert Zimmerman Dept of Computer Science University of Virginia Jorgen Hansson Dept of Computer and Information Science Linkoping University Sweden
Slide 2 - Overview Motivation & Introduction Research Issues for Info Assurance Flexible Security Manager Design Evaluation Conclusions & Future Work
Slide 3 - Trends Increasing number of systems operate in unpredictable (even hostile) environments task set, resource requirements (e.g., wcet) ... High assurance required for performance-critical applications System properties for high assurance real-time (timeliness, temporal consistency ..) security (confidentiality, authentication ..) fault-tolerance (availability, reliability ..) Each property has been studied in isolation
Slide 4 - Motivation BeeHive: distributed OODB supporting RT, FT, security, and QoS Need for resource tradeoffs in database services Adaptable security paradigm fits well with the concept of multiple service levels of BeeHive Short term relaxation of security could be preferable to missed critical deadlines aircraft attack warning during burst of battlefield updates loss of production time for missed agile manufacturing command
Slide 5 - Real-Time Database System Characteristics transactions with timing constraints data with validity interval Requirements timeliness (min deadline miss ratio) temporal consistency (proximity with real world) predictability Issues scheduling (best-effort vs guarantee) correctness (ACID properties and appl semantics) embedded and mobile data support
Slide 6 - Database Security Security services to safeguard sensitive information encryption, authentication, intruder detection ... Multilevel security (MLS) objects are assigned with security classification subjects access objects with security clearance no flow of information from higher level to lower one Applications almost everywhere (becoming a buzzword) more flexibility necessary (from static, known environment to dynamic unknown environment)
Slide 7 - Security and Real-Time For timeliness, no priority inversion in real-time applications - tasks with earlier deadline or higher criticality has higher priority for better service In traditional secure systems, no security violation is allowed (binary notion of security) Incompatible under the binary notion of absolute security priority inversion vs security violation Higher security level needs more resources
Slide 8 - Example of Problem Both require lock on the resource How to resolve this conflict? if lock is given to T1, security violation if lock is given to T2, priority inversion T1 - high priority - high security T2 - low priority - low security Access Access
Slide 9 - Research Issues Supporting multiple facets of information assurance: how to provide acceptable security services while remains available and provides timely performance for essential tasks
Slide 10 - Research Issues Flexible security vs absolute security paradigm for flexible assurance services identifying correct metrics for assurance level Adaptive system assurance policies Mechanisms to enforce required level of assurance access control, authentication, encryption, .. time-cognizant protocols, data deadlines, ... replication, primary-backup, ... Specification to express desired system behavior verification of consistency/completeness of specification
Slide 11 - Flexible Security Services Flexible vs absolute (binary) security traditional notion of security is binary: secure or not problem of binary notion of security: difficult to provide acceptable level of security to satisfy other conflicting requirements research issue: quantitative flexible security levels One naive approach may use % of potential/actual security violations problem: not precise --- percentage alone reveals nothing about implications on system security e.g., 1%violation may leak most sensitive data out
Slide 12 - System Features Four available security levels on users/objects or communications computation costs increase with level of security Client negotiated range of security levels for transaction communications Dynamic level changes as a function of real-time load
Slide 13 - Security Manager Services Multi-level authentication and confidentiality encryption Client authorization and session control Session key generation and management Transaction management Dynamic security level control for transaction communications and synchronization
Slide 14 - Algorithm Selection Method Rationale Authentication level 3 MD5 + RSA digital signature level 2 MD5 + RC5 fast word oriented level 1 QuickAuth simple single round Confidentiality level 3 IDEA strong mathematical basis level 2 RC5 fast word oriented level 1 QuickCipher simple single round
Slide 15 - Security Manager Environment session & transaction requests Security Manager Client Table Session Table Beehive TransData transaction results thread n thread n-1 Scheduler Mapper/ Admission Control transaction object & session data client security level & key session keys & status transaction handoff object read & write
Slide 16 - clientID authorizedGroup(s) SecurityLevel publicKey|modulus cid8333 grp0321 3 1dcd6503 | 0bb8fc24fd29 cid5489 grp1229,grp1230 2 53e67fb2 . . . Client Table clientID/ Session links level/authorized groups Session Request Process clientID nonce1 nonce2 sessionKeys signature confirmation clientID reqType reqTime lowLevel nonce1 MAC session request Session keys, endTime encrypted with stored client key encrypted with Security Manager public key
Slide 17 - Client Authentication session request digest hash function encryption MAC encryption (message privacy) secure message w/ authentication Client creates message: Security Manager re-calculates MAC and compares with client’s MAC
Slide 18 - Security Manager Authentication response to session request digest hash function encryption MAC encryption (message privacy) secure message w/ authentication MD5 MD5 RXOR RSA (client) RC5 Key RXOR RSA (client) RC5 QuickCipher Level 3: Level 2: Level 1: algorithm Security Manager creates message: Client re-calculates MAC and compares with Security Manager’s MAC
Slide 19 - Session Keys Derived from pseudo-random number at session initialization One for each allowable client level Held in KeySet object by Session object Destroyed when session endtime is reached
Slide 20 - Transaction Request Process Evaluates transaction requests encrypted at active session level Verifies presence of active client session Ensures resource availability through BeeHive Admission Controller (to be implemented) Dynamically switches session security levels as required by simulated scheduler (BeeHive scheduler to be implemented)
Slide 21 - Security Level Synchronization Sec Mgr events Client X events Client X level Sn Sec Mgr level 3 2 1 0 Sn Sn+1 Rn prepare for 2 step switch Sn+2 Rn+1 prepare to switch last message accounted for Rn+2 Sn+2 switch received acknowledgment time t1 t2 t3 t4 t5 3 2 1 0
Slide 22 - Authentication Timing Measurements Security Manager processes: Decrypt message Authenticate client (m2) Initiate session Pack Response Create Security Manager MAC (m3) Encrypt response Transmit response end-to-end (m1)
Slide 23 - Transaction Timing Measurements
Slide 24 - Algorithm Timing (msec) level 3 level 2 level 1 level 0 Authentication (m1) end-to-end 2,014.00 698.00 509.00 30.00 (m2) decryption 180.77 1.56 0.75 0.42 (m3) encryption 179.79 0.97 0.58 0.42 Confidentiality (w/ 128 bye message) (m4) end-to-end 48.00 41.08 39.92 39.86 (m5) decryption 3.47 1.37 0.64 0.25 (m6) encryption 3.35 1.19 0.49 0.32 Confidentiality (w/ 8K bye message) (m4) end-to-end 182.56 103.20 62.19 45.64 (m5) decryption 67.86 29.30 9.32 0.25 (m6) encryption 67.53 29.18 8.60 0.31
Slide 25 - Security Manager Test Setup bhSecInServer bhSecOutServer bhSecurity securityClient generate client(s) transaction requests Decrypt & check for level switch decrypt & create transaction decrypt data, get object, do transaction, pack/encrypt/ send message ts start transaction client message stream in poll for message BeeHive DB store/ retrieve objects poll for message responses out tq
Slide 26 - Impact of Difference in Message Size
Slide 27 - Adaptive vs. Non-Adaptive
Slide 28 - Level Switching (100% adaptive client) 3 2 1 0 L E V E L % MADE LEVEL
Slide 29 - Expanded View a - time from resource drop to detection = approx 10 transactions b - time from detection to full recovery = approx 50 transactions
Slide 30 - Improved Switch Thresholds
Slide 31 - Conclusions Good performance gains achievable in soft real-time system during overload conditions Reasonable performance with small message sizes with I/O overhead Experiments with a real system necessary to confirm results
Slide 32 - Future Work Incorporate adaptive authentication Integrate objects into BeeHive Further quantify security manager performance Identify other areas for tradeoffs Develop rules for security tradeoffs Investigate other security services that fit the adaptive paradigm (security QoS)