Welcome!
Modern applications are increasingly built around middleware platforms
supporting distributed programming paradigms. In this context, security is a
major concern as new threats continuously emerge. The workshop is going to be
an exciting venue where the security and middleware communities can have a
common, interactive forum for discussing and exchanging their views on these
challenging topics. Don't miss the opportunity to share your ideas with other
top researchers and practitioners in the field.
We look forward to seeing you in Leuven!
Riccardo Scandariato and Giovanni Russello
Program Chairs
Keynote
Emil Lupu, Department of Computing, Imperial College London
The Helix of Policy Evolution and Research Challenges for Policy-Based Middleware
Policy-based techniques have often been proposed to enable systems to adapt to
changing contexts. By separating the policy from the system implementation the
adaptation strategy can be dynamically changed whilst minimising disruption to
the running system. Although significant research efforts have been devoted to
policy-based systems, a number of research issues such as the use of
obligations, policy analysis, conflict resolution, and policy deployment
strategies periodically reemerge. Yet at the same time, new research issues and
new application areas are appearing as policy-based techniques are increasingly
adopted in autonomous pervasive systems. This talk attempts to discuss some of
the recurrent issues in policy-based systems, solutions that have been proposed
and challenges that will need to be addressed for these techniques to be viable
in future environments.
Full papers (click on the titles to download the slides)
Richard Brinkman, Lukasz Chmielewski, Jaap-Henk Hoepman and Bert
Bos
Using JASON to secure SOA
Nowadays business applications closely collaborate with other business
applications by sharing one or more services. Unfortunately, opening your
business application to the outside world also sacri?ces security. There is
quite a number of standards that aims at protecting these services. However,
most of these standards require special knowledge about security and are
cumbersome to use. Our JASON1 framework aims at simplifying the task of
securing services. A programmer simply annotates his code with appropriate
keywords and our tools will generate the security related code. The programmer
can simply concentrate on the business application, while the JASON framework
does the necessary cryptography.
Thomas Quillinan, Martijn Warnier, Michel A. Oey, Reinier Timmer and
Frances Brazier
Enforcing Security in the AgentScape
Middleware
Multi Agent Systems (MAS) provide a useful paradigm for accessing distributed
resources in an autonomic and self-directed manner. Resources, such as web
services, are increasingly becoming available in large distributed
environments. Currently, numerous multi agent systems are available. However,
for the multi agent paradigm to become a genuine mainstream success certain key
features need to be addressed: the foremost being security. While security has
been a focus of the MAS community, configuring and managing such multi agent
systems typically remains non-trivial. Well defined and easily configurable
security policies address this issue. A security architecture that is both
flexible and featureful is prerequisite for a MAS.
A novel security policy management system for multi agent middleware systems is
introduced. The system facilitates a set of good default con?gurations but also
allows extensive scope for users to develop customised policies to suit their
individual needs. An agent middleware, AgentScape, is used to illustrate the
system.
Jatinder Singh, David Eyers and Jean Bacon
Controlling Historical Information Dissemination in
Publish/Subscribe
Application environments dealing with sensitive information require mechanisms
to define the circumstances for data disclosure. In event-based environments,
access control typically concerns messages (events) as they occur. However,
scenarios exist in which the retrieval of historical information is required.
The publish/subscribe paradigm decouples producers from consumers, where
information from numerous sources can satisfy an information request
(subscription). These sources may be unknown to subscribers.
This paper describes a unified approach for managing the disclosure of both
historical and future events. We show, with the aid of healthcare scenarios,
how context and access mechanisms can be used for fine-grained control over the
circumstances for information disclosure.
Rudolf Schreiner and Ulrich Lang
Protection of Complex Distributed Systems
Today, the challenge in security of complex distributed systems does not
anymore lie in encryption or access control of a single middleware platform,
but in the protection of the system as a whole. This includes the definition of
correct security policies at various abstraction layers, and also in the
unified and correct management and enforcement of the correct security policy
at all relevant places in the system. As the authors have learned in the
development even of comparatively simple distributed systems, e.g. an Air
Traffic Control simulation system, this is not possible anymore by a manual
definition of encryption properties and access control rules. Human security
administrators are not able to define all these fine grained rules with
sufficient assurance, to distribute them to all Policy Enforcement Points and
to check many log files or admin consoles. This is especially impossible in
highly distributed and agile service oriented or data driven systems. In this
paper, the authors describe an integrated approach to protect such complex and
heterogeneous systems. It is based on Model Driven Security, to generate high
assurance security policies, rules and configurations from the systems
functional model and a high level security policy, and the OpenPMF Policy
Management Framework to manage and correctly enforce the security policy in the
system.
As a proof of concept, the protection of a prototypical implementation of
System Wide Information Management (SWIM) in Air Traffic Management is briefly
described.
Tom Goovaerts, Bart De Win and Wouter Joosen
A Comparison of Two Approaches for Achieving Flexible and
Adaptive Security Middleware
Open and dynamic business environments require flexible middleware that can be
customized, reconfigured and adapted dynamically to face the changing
environment and requirements. In this respect, the mechanism for composing
middleware services with application code has an important impact on the kinds
of adaptations that can be supported. This paper studies this problem in the
context of security middleware. A bus-based architecture for integrating
security middleware services is proposed and a qualitative comparison of the
flexibility of the approach with an alternative AO-middleware-based approach is
presented.
David Chadwick
Enforcing Sticky Security Policies Throughout a Distributed
Application
Existing policy enforcement points (PEPs) typically call a local policy
decision point (PDP) running at the local site, either embedded in the
application, or running as a local stand alone service. In distributed
applications, the PDPs at each site do not usually coordinate decision making
amongst themselves, and do not pass policies between themselves. Thus it
becomes very difficult to enforce sticky policies such as privacy policies and
obligations at all the sites in a distributed application. This paper looks at
different ways in which the PEPs and PDPs of a distributed application may
share policies between themselves so as to enforce sticky policies throughout a
distributed application. Three alternative models are described, the
Application Protocol Enhancement Model, the Encapsulating Security Layer Model
and the Back Channel Model. The strengths and weaknesses of the three models
are evaluated, and we compare them to prior research in the field.
Short papers (click on the titles to download the slides)
Brian Shand and Jem Rashbass
Security for Middleware Extensions: Event Meta-Data for
Enforcing Security Policy
As messaging middleware technology matures, users demand increasingly many
features, leading to modular middleware architectures. However, extra
complexity increases the risk of a security breach, arising from a
vulnerability in one module or a misconfiguration of the module linkages. In
this position paper, we present a framework for enforcing security policies
between middleware modules, which simultaneously facilitates co-design of
application and middleware security. For example, a healthcare application
might require (1) all clinical data to be encrypted in transit, (2) a log of
all messages sent and delivered (revealing no disclosive patient information),
and (3) parameterised role based access control on message delivery. In our
framework, we can satisfy all of these requirements, even when each feature is
implemented as a separate extension module: extensions tag events with
meta-data, and this meta-data guides the enforcement of the security policy.
Exposing this meta-data to applications can help to unite application and
middleware security policy.
Jinfu WANG and John Bigham
Anomaly Detection in the Case of Message Oriented
Middleware (not presented)
Message Oriented Middleware (MOM), provides reliable messaging service and
transparent interoperation mechanism for different kinds of distributed web
based applications. Different MOMs have also been providing basic security
services such as authentication, access control, and communication encryption.
These basic security services do not necessarily prevent compromised or
malicious clients from delivering attack across MOM platforms. This paper
presents our preliminary research on anomaly detection system to detect attacks
that leverage on the messaging service provided by MOM, and other kinds of
fault in a domain within MOM. This system detects anomalies in messages to a
client's message queue using a number of different anomaly detection
techniques. Through anomalies the system can detect potential attacks or other
faults passing through a MOM domain. The system analyzes messages passing to
each message queue and derives a client specific profile of normal messages
with a range of different features. Utilizing client specific characteristics,
the system efficiently provides protection for each client in a MOM domain. The
learning approach anomaly detection techniques employed also ensure that the
system can be easily adopted by different implementations of MOM systems.
|