Mihai Barzu Faculty of Computer Science Information...
Transcript of Mihai Barzu Faculty of Computer Science Information...
![Page 1: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/1.jpg)
Key Management in EventGuard
Mihai BarzuFaculty of Computer Science
Information Security
![Page 2: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/2.jpg)
Entities
● Specifying minimal requirements for network entities
– Publisher
– Subscriber
![Page 3: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/3.jpg)
Provider
● Wrapping existing implementations of cryptographic primitives for simpler use and providing implementations for others
– AES
– SHA1
– HMAC-SHA1
– ElGamal
![Page 4: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/4.jpg)
![Page 5: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/5.jpg)
Guards
● Creating coherent specifications for the modular guards (Publish, Subscribe, Advertise, Unadvertise, Unsubscribe)
● JAXB-compliant beans as wrappers for requests and responses
![Page 6: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/6.jpg)
![Page 7: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/7.jpg)
![Page 8: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/8.jpg)
![Page 9: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/9.jpg)
![Page 10: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/10.jpg)
Management
● Mediation had to be done between guard specifications and cryptographic primitives in order to provide an implementation
● Loose, generic specifications for manager functionalities
● Constructor dependency injection for most classes
● IGuards implementation with routing guard add-on
![Page 11: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/11.jpg)
![Page 12: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/12.jpg)
Web Service
● For accessibility over a large network, with undefined topology, functionality of the key management application had to be exposed through a web service
● Secure, lightweight communication had to be provided for network communication
● Minimal responsibility regarding implementation (the web service uses the implementation from the management module)
![Page 13: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/13.jpg)
Design
![Page 14: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/14.jpg)
Built-in security
![Page 15: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/15.jpg)
The code
![Page 16: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/16.jpg)
Accessing the service
![Page 17: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/17.jpg)
Client-part code generation
![Page 18: Mihai Barzu Faculty of Computer Science Information Securityadiftene/Scoala/2013/TAIP/Resources... · Key Management in EventGuard Mihai Barzu Faculty of Computer Science Information](https://reader034.fdocuments.us/reader034/viewer/2022051720/5a75c1977f8b9a93088c9ebe/html5/thumbnails/18.jpg)
Further reading
● Mudhakar Srivatsa, Ling Liu, and Arun Iyengar. 2011. EventGuard: A System Architecture for Securing Publish-Subscribe Networks. ACM Trans. Comput. Syst. 29, 4, Article 10 (December 2011), 40 pages. DOI=10.1145/2063509.2063510 http://doi.acm.org/10.1145/2063509.2063510