Department of Computer Science Seminars

A Comprehensive Scalable Security Mechanism For Large-Scale Component-Based Systems by Mark Grechanik


Security, scalability, and performance are critical for large-scale component-based applications. Weaving security solutions into the fabric of component-based architectures often worsens the scalability and performance of the resulting system. We analyze the sources of nonscalability and conduct an empirical study that shows that 80% of interactions between components and their clients in different commercial systems occur within protected security boundaries. In addition, we uncover a technique that creates a breach of security by allowing rogue components to interfere with component-based applications by impersonating various generic components. This interference leads to stealing business value of competitive products and causes problems without violating legal agreements. Based on these findings we propose a novel scalable security mechanism for large-scale component-based systems called Component Adaptive Scalable Secure Infrastructure Architecture (CASSIA). CASSIA utilizes the topology of the security boundaries and patterns of interactions among components to achieve noticeable improvements in scalability and performance for large-scale component-based applications. We conduct a case study that confirms the scalability of CASSIA, propose a Secure COmponent Protocol (SCOP) that incorporates our mechanism into a component infrastructure, and prove its soundness using the authentication logic of Burrows, Abadi, and Needham (BAN authentication logic).