Department of Computer Science Seminars
A Comprehensive Scalable Security Mechanism For Large-Scale
Component-Based Systems by Mark Grechanik
Abstract:
Security, scalability, and performance are critical for large-scale
component-based applications. Weaving security solutions into the
fabric of component-based architectures often worsens the
scalability and performance of the resulting system. We analyze the
sources of nonscalability and conduct an empirical study that shows
that 80% of interactions between components and their clients in
different commercial systems occur within protected security
boundaries.
In addition, we uncover a technique that creates a breach of
security by allowing rogue components to interfere with
component-based applications by impersonating various generic
components. This interference leads to stealing business value of
competitive products and causes problems without violating legal
agreements.
Based on these findings we propose a novel scalable security
mechanism for large-scale component-based systems called Component
Adaptive Scalable Secure Infrastructure Architecture (CASSIA).
CASSIA utilizes the topology of the security boundaries and patterns
of interactions among components to achieve noticeable improvements
in scalability and performance for large-scale component-based
applications.
We conduct a case study that confirms the scalability of CASSIA,
propose a Secure COmponent Protocol (SCOP) that incorporates our
mechanism into a component infrastructure, and prove its soundness
using the authentication logic of Burrows, Abadi, and Needham (BAN
authentication logic).