SlideShare ist ein Scribd-Unternehmen logo

Bluedog white paper - Our WebObjects Web Security Model

tom termini
tom termini

At Bluedog, our seminal product, Workbench “Always on the Job!” social collaboration SAAS platform is secured the way we have architected all our three-tier Java-based web applications. We secure the application with input validation, a core authentication authorization framework based on LDAP and JINDI, configuration management that ensures testing for vulnerabilities, and strong use of cryptography. In addition, we utilize session management, exception control, auditing and logging to ensure security of the app and web services. We also secure our routers and other aspects of the network as well as securing the host servers (patching, account management, directory access, and port monitoring). Most importantly, we design our WebObject web applications securely from the get-go.

SoftwareTechnologie
1 von 12
Downloaden Sie, um offline zu lesen
www.bluedog.net Web Security 1 of 12 Understanding Our Web Security Model The importance of the Internet as an information management and delivery technology is well known, and the obvious advantages of the three-tier web application model opens new avenues to exploit the benefits of this technology to generate competitive advantage, reduce costs, and improve programmer and end user productivity. There is a concurrent rise of internal web portals (i.e., intranets) that exist behind organizations’ firewalls -- one of the most important areas for the development of new, component-or web-services-based applications. But security issues abound. Looking beyond traditional client-server architecture, we will endeavor to foster communities that link different initiatives of the project in order to ease (through automation, work flow streamlining, and process improvement) the exchange of information. XML and a number of related technologies are the focus as a potential standard for cross-enterprise integration, as well as within the boundaries of a public- sided intranet. However, the benefits of ubiquitous web-based computing pose as many challenges -- it magnifies challenges such as scalability, high reliability, and availability for web-based applications. Then there are the inherent limitations of the medium itself, including the synchronous nature of http and stateless paradigm of the web, and a vulnerable security model. This section will address our security model, how our approach to application design addresses concerns for maintaining customer confidential data during development and once application development has been completed.
www.bluedog.net Web Security 2 of 12 Basic Security Model In the three-tier web application architecture, security is built-in at several levels. Exhibit 1 illustrates the nominal architecture of our security model vis-a-vis three-tiered applications. Exhibit 1. Nominal Architecture Authorization differs from authentication in that authentication ensures that only valid users obtain access to an application. Authorization is more about controlling the data the authenticated user is allowed to obtain after entering the application.
www.bluedog.net Web Security 3 of 12 Confidentiality is the mechanism for making the information available to only the intended recipient. A systems administrator usually protects resources by creating lists of users and groups that have the permissions required to access this resource -- the access control list. Auditing is invaluable when an action performed on a user’s account must be verified. Non-repudiation is the act of proving a particular user performed some action. For example, a user submits a data change. By using proper record keeping and audit trails, a systems administrator can prove that the action was performed by the particular user’s account. Designing an application for raise a flag or notify certain partied when fraud is detected limits vulnerabilities and reduces loss by being proactive. The fourth component for three-tier application-level security is encryption or data integrity. This ensures that data has not been tampered with between the sender and the receiver. Encryption ensures that no outside parties could modify the information, which is possible when sent over the public network. Biometric, card key, or other secondary level security could also be considered when data integrity and network security is being architected. Web Tier Our applications will be architected to provide secure web server communication and support for Secure Sockets Layer/Transport Layer Security Protocols (SSL), HTTPS, and HTTP challenge-response authentication. Further, the web tier of the application will support user authentication against the single-sign-on authority, may support cookies (if desired) and database access controls for the secure handling of transaction operations.
www.bluedog.net Web Security 4 of 12 A the web tier, user access is fundamental. To achieve security here, we will start with authentication, and maintain secure transmission of data between the client (web browser) and web server via SSL. Authentication is the process of entities proving to one another that they are acting on behalf of specific identities. For example, when a user provides a user name and password for a logon, the authentication process verifies that this is a valid application user and that the password matches the real user’s provided password. Two types of authentication are weak or simple authentication and strong authentication. Weak or simple authentication involves the user providing a username and password to be authenticated. The user provides no further authentication information. A major problem arises when someone else gets the other person’s username and password and a security breach occurs. Strong authentication, on the other hand, is more secure because the user provides a digital certification or other private means of being authenticated. A primary goal will be protecting communication privacy and data integrity. We will rely on Public Key Infrastructure to accomplish a substantial chunk of this goal. Creating a Certificate Authority, putting in place a policy for using this C.A. (for SSL implementation, and documenting the procedures and mechanisms our developers can use to ensure web traffic communication, end user/customer privacy, and message data integrity will be part of the infrastructure build out defined in our project management plan. Developers will be provided the guidelines for the proper use of the C.A. for SSL traffic. The guidelines will be presented to avoid the common implementation mistakes that can compromise security and performance. Cryptography will be employed (via SSL for web or graphic user interface traffic, and at the application level to encrypt and sign data before it is sent to the database).By working with digital certificates and a descending hierarchy based on our C.A.,
www.bluedog.net Web Security 5 of 12 management and control of security will be centralized and simplified. This approach ensures bad user data is purged quickly and easily, intrusions are more quickly isolated, and the client has overarching control of the secure environment independent of the developers. Once user access privileges are known (via C.A. and LDAP authentication), we will use cryptographic functionality (encrypting and hashing data, application of one-way signatures to ensure authenticity of sources) in the application tier to keep data away from unauthorized view. Application Tier By linking to a single-sign on authority we will code applications to provide data security by using access control lists and password policies. We will store information about users and groups in a Lightweight Directory Access Protocol LDAPv3 database. LDAP is an open directory access protocol that uses TCP/IP and scales to millions of entries, and lookups are fast A unified management of user and password data assures all applications run off of a certified environment that is centrally managed and governed my explicit security policies that conform to customer and regulatory requirements. “consumer” LDAPs can be made available to other applications or modules, mirroring some or all of the centralized data. Application-level security will provide a means to authenticate users, define authorization and roles based on access control lists mapped to the central user database for those users, a mechanism to audit and have non-repudiation of information to be processed, encryption for data security, and support for secure transmission and data storage. Critical data (defined as customer confidential, business confidential or legally mandated as confidential) will be transmitted in encrypted form (using SSL), then
www.bluedog.net Web Security 6 of 12 encrypted in the application before transmission to the database. Connection from the application to the database may also use SSL encryption (Oracle and other major database vendors support this protocol for the application-to-database connection). This will ensure sensitive or confidential data (such as social security numbers, credit card numbers, or passwords) will be hashed in the persistent data store, making casual perusal of the data by DBAs or internal users impossible. We will architect application and database components to be in compliance with the J2EE v1.2 EJB v1.1 Java Servlet v2.2 security models as defined by Sun and the Java community. Java 2 security architecture with the security model, itself composed of three layers: Java language, compiler and runtime system, and the Security Manager. At the language layer, Java achieves security in various ways. First, Java defines that all primitive data types are of a specific size and independent of the machine architecture. Second, pointer arithmetic and forging access to objects cannot be done. Third, Java provides array-bound checking. Objective of MVC Approach -- Segregating Presentation, Business Logic and Persistent Data The model-view-controller design of the three-tier architecture serves multiple purposes. Two important ones are presentation can occur in various formats, independent of the application; and business logic is coded in the Java classes, so database independence is maintained and scalability is enhanced. A further benefit is that the component architecture allows organizations to build scalable, secure, multi-platform applications as re-usable server-side components. This architecture has three main security goals.
www.bluedog.net Web Security 7 of 12 • It reduces the burden placed on the developers who working on independent application components containing the business logic of any enterprise application. Modules pertaining to sensitive or confidential information can be segregated via a “Chinese wall” approach. • This approach also allows applications to be portable across different vendors’ servers and permits different vendors to use different security mechanisms. For example, the reliability of Unix systems can be deployed facing the public, while internal systems can have the advantage of a Windows environment without the fear of compromise. • This approach provides support for security policies to be set by the application developers, experts in a specific operational environment or an application assembler who provides the solution, rather than by the code developer. Database Tier Access to the persistent data store from the various applications will be controlled by assigning specific user identifiers based on the needed application role. The application, on the protected side of the firewall, may communicate to the database(s) via secure port, with encryption of traffic. Data may also be encrypted in the application level (see above) before it is transmitted via the database connector (JDBC, in many cases). Specific database controls will be implemented as well. For example, SQL Server provides for secure connections, and can implement role-based security that limits developer (and application module) access to certain table spaces. In the case of Microsoft’s product, we would pay special attention to preventing so-called SQL Injection Attacks.
www.bluedog.net Web Security 8 of 12 Network Tier The emphasis on network security will not just on installing firewalls and Virtual Private Networks (VPNs) to prevent outside hackers from gaining access to valuable and confidential data. We will design and enforce a traditional DMZ-style network architecture that segregates the web (presentation) layer on Apache or IIS web servers, and the only traffic through the firewall will be via the application adapter (leaving only ports 80 and 443/SSL open to the outside world). The DMZ model is proven for exposing public-accessed assets in the most secure way. Our approach, relying on true three-tier architecture, ensures no uncompiled code is available for tampering. Further, only HTTP/HTTPS traffic can pass to the outside world, while web server-to-application traffic is limited to the secure side of the network. Finally, the application-to-database traffic is further restricted. Operating System Tier Internet Protocol Security (IPSec) provides application-transparent encryption services for IP network traffic as well as other network access protections in the Windows operating system environment. Furthermore, for a Windows environment, The most important thing we can do to help maintain system security is to stay current with security updates. We will craft guidelines to secure Windows operating system servers based on known security flaws and guidelines from the vendor. In the Unix environment (and to the extent possible in other ones), we will maintain system security by confirming latest OS versions and patches are installed , regularly check logs and file system integrity for suspicious activity, and make regular backups. A key way to ensure security is to limit access. Password that are strong (longer than 8 characters, mixed case and non-standard character requirements, expiration dates) help, as do things such as: session time outs (for web applications), cookie expirations,
www.bluedog.net Web Security 9 of 12 password protected screen savers, restricting access to shared drives, the ability disable remote logons, setting permission properly, and displaying legal and user responsibility notices before logon Just simply regularly reviewing user list and remove unnecessary accounts ca n boost the reliability of security models. Restricting Developer Access to Sensitive Data For development, we will use a Content Versioning System (CVS) to control code revision, as well as limit access to modules based on role. Our security officer will ensure the developers who have access to sensitive data will be vetted, and procedures will be established to grant and rescind access during the life of the project. During development, surrogate data will be used rather than life customer- or business- confidential data. Once we enter the Systems Integration Testing phase, the live data will be used to populate the deployment database. Oversight on the running of SQL scripts by appropriate personnel will be provided by our security officer. Other Security Issues Because we have a global view of the three-tier model, we will endeavor to apply high- level techniques to ensuring proper access, communicating securely to authorized persons, and controlling where data lives. One example is the proper architecting of an auditing methodology. Auditing and event logging enables detection of, and protection against, unauthorized access. Furthermore, data recovery, access permissions, and other failure recovery, responsibility and authority questions can be addressed with the robust Audit and Event Logging methodology we will incorporate into our application and database design. The level of granularity at which access to data can be controlled will be set during design, but typically this includes: at the GUI by user/password access, secure
www.bluedog.net Web Security 10 of 12 transmission of data via SSL, and C.A. or IP screening. At the application level, classes can re-check user levels of access before presenting data. Transmission of sensitive or confidential data can be encrypted, and the data itself can be encrypted using strong algorithms before transmission or recording in the database. The database schema can be set to control access to tables based on roles, and specific records or fields can have access limited. By keeping security and other business logic in the application layer, database independence can be maintained. For example, we won’t architect security functionality in stored procedures, relying instead on routines defined in Java code. Use of the ACL and a centralized repository for single-authority (the master user LDAP) defines how different user categories are configured and defined for security. Role- based and group-based security definitions are referenced in the application logic and database schema – even if decompiled code could be modified to let an unauthorized user to attempt to view restricted data, two additional levels of control would prevent the physical display of data. Roles will define who has read-only, edit, or delete privileges in the applications. A centralized user data repository means the configuring of new users is simplified – the systems administrator would import new user lists, configure them to groups, assign privileges to groups in a user-friendly GUI, and maintain user data in one application. Failover and hot site recovery impact security as well as systems performance and scalability. Our application architecture will take into account defined service level requirements to ensure the capability to handle user loads, maintain application responsiveness, audit and verify data changes, At Project Inception Upon kickoff of the project, we will define in a project management plan (subject to client review and approval) a systematic approach that applies our knowledge of
www.bluedog.net Web Security 11 of 12 security best practices to secure web applications during development and for deployment. Action items when the project commences: • Define the basic policies to ensure web application security, referencing the motivations for each. For example, statute dictates HIPAA/HL7 compliance, so define database schema to reflect needed “Chinese walls” to protect appropriate customer data. • Define the performance parameters of a threat analysis of web-accessible assets. • Set the SOPs to protect operating systems/file system data by using the features in the development, test, and deployment environments. For example, harden Unix servers by setting up security rules, policies and procedures; implement techniques to foil common assaults used by hackers such as IP spoofing, denial- of-service attack, and buffer overflow. • Use one of the Java classes that implement cryptography namespace to transform block or string data from cleartext into cyphertext. Use general security coding best practices to ensure a secure Web application. • Protect the portion of the web applications that requires private communications by using SSL and guarding intranet assets with network filtering, defining which firewall techniques will be used (such as Network Address Translation and port control). • Define test plans that use a structured approach to testing for web application security in conjunction with systems integration testing and user acceptance testing.
www.bluedog.net Web Security 12 of 12 • Apply our knowledge of authentication using Secure User Identifiers (SUIDs) and Access Control Lists to combat impersonation, and apply the concept of running with least group/user privileges to ensure access to only those system resources that are necessary to accomplish normal request processing.

Empfohlen

Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodInternational Journal of Engineering Inventions www.ijeijournal.com
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Editor IJARCET
 
Unit 5
Unit 5Unit 5
Unit 5DhanalakshmiVelusamy1
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Review of access control models for cloud computing
Review of access control models for cloud computingReview of access control models for cloud computing
Review of access control models for cloud computingcsandit
 
Secure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganographyiosrjce
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217IJERA Editor
 

Empfohlen

Data base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodData base Access Control a look at Fine grain Access method
Data base Access Control a look at Fine grain Access methodInternational Journal of Engineering Inventions www.ijeijournal.com
 
iaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocoliaetsd Shared authority based privacy preserving protocol
iaetsd Shared authority based privacy preserving protocolIaetsd Iaetsd
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Editor IJARCET
 
Unit 5
Unit 5Unit 5
Unit 5DhanalakshmiVelusamy1
 
Data Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationData Stream Controller for Enterprise Cloud Application
Data Stream Controller for Enterprise Cloud ApplicationIJSRD
 
Review of access control models for cloud computing
Review of access control models for cloud computingReview of access control models for cloud computing
Review of access control models for cloud computingcsandit
 
Secure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and SteganographySecure Data Storage in Cloud Using Encryption and Steganography
Secure Data Storage in Cloud Using Encryption and Steganographyiosrjce
 
Gw3312111217
Gw3312111217Gw3312111217
Gw3312111217IJERA Editor
 
A provenance policy based access
A provenance policy based accessA provenance policy based access
A provenance policy based accessijsptm
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based dataIeeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based datahemanthbbc
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET Journal
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudSathya Moorthy
 
Oruta phase1 report
Oruta phase1 reportOruta phase1 report
Oruta phase1 reportsuthi
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid
 
Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]Raj Kumar
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudChanakya Chandu
 
Accountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the CloudAccountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the CloudEditor IJCATR
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Adz91 Digital Ads Pvt Ltd
 
L04302088092
L04302088092L04302088092
L04302088092ijceronline
 
A study on security issues in cloud based e learning
A study on security issues in cloud based e learningA study on security issues in cloud based e learning
A study on security issues in cloud based e learningManimaran A
 
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015Rajeev Kumar
 
Business Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to SharepointBusiness Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to Sharepointtom termini
 
Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006tom termini
 
C. Fantini - PEC e Firma digitale
C. Fantini - PEC e Firma digitaleC. Fantini - PEC e Firma digitale
C. Fantini - PEC e Firma digitaleCamera di Commercio di Pisa
 
t2
t2t2
t2Lydd95db
 

Weitere ähnliche Inhalte

Was ist angesagt?

A provenance policy based access
A provenance policy based accessA provenance policy based access
A provenance policy based accessijsptm
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudGowthami Konakanchi
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based dataIeeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based datahemanthbbc
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET Journal
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingIJMER
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudSathya Moorthy
 
Oruta phase1 report
Oruta phase1 reportOruta phase1 report
Oruta phase1 reportsuthi
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid
 
Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]Raj Kumar
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challengesbornresearcher
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudChanakya Chandu
 
Accountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the CloudAccountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the CloudEditor IJCATR
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...iosrjce
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Adz91 Digital Ads Pvt Ltd
 
A study on security issues in cloud based e learning
A study on security issues in cloud based e learningA study on security issues in cloud based e learning
A study on security issues in cloud based e learningManimaran A
 

Was ist angesagt? (17)

A provenance policy based access
A provenance policy based accessA provenance policy based access
A provenance policy based access
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloud
 
Ieeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based dataIeeepro techno solutions 2011 ieee java project -secure role based data
Ieeepro techno solutions 2011 ieee java project -secure role based data
 
IRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate SystemIRJET- Survey on Blockchain based Digital Certificate System
IRJET- Survey on Blockchain based Digital Certificate System
 
A Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud ComputingA Novel Computing Paradigm for Data Protection in Cloud Computing
A Novel Computing Paradigm for Data Protection in Cloud Computing
 
Ensuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloudEnsuring distributed accountability for data sharing in the cloud
Ensuring distributed accountability for data sharing in the cloud
 
Oruta phase1 report
Oruta phase1 reportOruta phase1 report
Oruta phase1 report
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Umer Khalid Thesis Abstract
Umer Khalid Thesis AbstractUmer Khalid Thesis Abstract
Umer Khalid Thesis Abstract
 
Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]Shared aythority ppt design [autosaved]
Shared aythority ppt design [autosaved]
 
Cloud implementation security challenges
Cloud implementation security challengesCloud implementation security challenges
Cloud implementation security challenges
 
Distributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloudDistributed accountability for data sharing in cloud
Distributed accountability for data sharing in cloud
 
Accountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the CloudAccountability in Distributed Environment For Data Sharing in the Cloud
Accountability in Distributed Environment For Data Sharing in the Cloud
 
Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...Internal & External Attacks in cloud computing Environment from confidentiali...
Internal & External Attacks in cloud computing Environment from confidentiali...
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...
 
L04302088092
L04302088092L04302088092
L04302088092
 
A study on security issues in cloud based e learning
A study on security issues in cloud based e learningA study on security issues in cloud based e learning
A study on security issues in cloud based e learning
 

Andere mochten auch

Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015Rajeev Kumar
 
Business Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to SharepointBusiness Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to Sharepointtom termini
 
Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006tom termini
 
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005tom termini
 

Andere mochten auch (6)

Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
Rajeev Kumar Indian Institute of Management Lucknow Noida Campus on Nov 20 2015
 
Business Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to SharepointBusiness Process and Enterprise Content alternatives to Sharepoint
Business Process and Enterprise Content alternatives to Sharepoint
 
Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006Bluedog Rescues the FTC - eWeek Magazine 103006
Bluedog Rescues the FTC - eWeek Magazine 103006
 
C. Fantini - PEC e Firma digitale
C. Fantini - PEC e Firma digitaleC. Fantini - PEC e Firma digitale
C. Fantini - PEC e Firma digitale
 
t2
t2t2
t2
 
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005
Presentation by Tom Termini to Montgomery County MD Green home nov 15 2005
 

Ähnlich wie Bluedog white paper - Our WebObjects Web Security Model

DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
E-Business And Technology Essay
E-Business And Technology EssayE-Business And Technology Essay
E-Business And Technology EssayPamela Wright
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) ijceronline
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...eSAT Journals
 
Security Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party AuditorSecurity Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party Auditorijsrd.com
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYijccsa
 
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...csijjournal
 
Blockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform SecurityBlockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform Securityijccsa
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYijccsa
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computingPuneet Arora
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...Editor IJCATR
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...IJNSA Journal
 
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based dataIeeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based dataASAITHAMBIRAJAA
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Editor IJMTER
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDSweta Kumari Barnwal
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and servicesJas Preet
 

Ähnlich wie Bluedog white paper - Our WebObjects Web Security Model (20)

DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
E-Business And Technology Essay
E-Business And Technology EssayE-Business And Technology Essay
E-Business And Technology Essay
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing report
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER) International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...Enhanced security framework to ensure data security in cloud using security b...
Enhanced security framework to ensure data security in cloud using security b...
 
Security Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party AuditorSecurity Check in Cloud Computing through Third Party Auditor
Security Check in Cloud Computing through Third Party Auditor
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
 
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
CRITICISMS OF THE FUTURE AVAILABILITY IN SUSTAINABLE GENDER GOAL, ACCESS TO L...
 
Blockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform SecurityBlockchain based Data Security as a Service in Cloud Platform Security
Blockchain based Data Security as a Service in Cloud Platform Security
 
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITYBLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
BLOCKCHAIN BASED DATA SECURITY AS A SERVICE IN CLOUD PLATFORM SECURITY
 
Security threats in cloud computing
Security threats in cloud computingSecurity threats in cloud computing
Security threats in cloud computing
 
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
A Secure, Scalable, Flexible and Fine-Grained Access Control Using Hierarchic...
 
Saas security
Saas securitySaas security
Saas security
 
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
CLOUD BASED ACCESS CONTROL MODEL FOR SELECTIVE ENCRYPTION OF DOCUMENTS WITH T...
 
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based dataIeeepro techno solutions 2011 ieee dotnet project -secure role based data
Ieeepro techno solutions 2011 ieee dotnet project -secure role based data
 
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
Public Key Encryption algorithms Enabling Efficiency Using SaaS in Cloud Comp...
 
Module 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUDModule 5-cloud computing-SECURITY IN THE CLOUD
Module 5-cloud computing-SECURITY IN THE CLOUD
 
Cloud security and services
Cloud security and servicesCloud security and services
Cloud security and services
 

Mehr von tom termini

Bluedog White Paper - Service-as-a-Software.pdf
Bluedog White Paper - Service-as-a-Software.pdfBluedog White Paper - Service-as-a-Software.pdf
Bluedog White Paper - Service-as-a-Software.pdftom termini
 
Bluedog White Paper - Fix Broken Projects.pdf
Bluedog White Paper - Fix Broken Projects.pdfBluedog White Paper - Fix Broken Projects.pdf
Bluedog White Paper - Fix Broken Projects.pdftom termini
 
Bluedog White Paper - Workflow Optimization.pdf
Bluedog White Paper - Workflow Optimization.pdfBluedog White Paper - Workflow Optimization.pdf
Bluedog White Paper - Workflow Optimization.pdftom termini
 
Bluedog White Paper - ERP-light solution for SMEs.pdf
Bluedog White Paper - ERP-light solution for SMEs.pdfBluedog White Paper - ERP-light solution for SMEs.pdf
Bluedog White Paper - ERP-light solution for SMEs.pdftom termini
 
Bluedog White Paper - overview of RMF implementation.pdf
Bluedog White Paper - overview of RMF implementation.pdfBluedog White Paper - overview of RMF implementation.pdf
Bluedog White Paper - overview of RMF implementation.pdftom termini
 
Two digital marketing tools to leverage
Two digital marketing tools to leverageTwo digital marketing tools to leverage
Two digital marketing tools to leveragetom termini
 
1245176206446 ecm alternatives_to_sharepoint_120609
1245176206446 ecm alternatives_to_sharepoint_1206091245176206446 ecm alternatives_to_sharepoint_120609
1245176206446 ecm alternatives_to_sharepoint_120609tom termini
 
MITRE A-TAK Design Philosophy
MITRE A-TAK Design PhilosophyMITRE A-TAK Design Philosophy
MITRE A-TAK Design Philosophytom termini
 
Transformation of the Enterprise to SOA
Transformation of the Enterprise to SOATransformation of the Enterprise to SOA
Transformation of the Enterprise to SOAtom termini
 
This Guide to the (Evolving) Enterprise Architecture Body of Knowledge
This Guide to the (Evolving) Enterprise Architecture Body of KnowledgeThis Guide to the (Evolving) Enterprise Architecture Body of Knowledge
This Guide to the (Evolving) Enterprise Architecture Body of Knowledgetom termini
 
Bluedog white paper - scaling for high availability, high utilization
Bluedog white paper - scaling for high availability, high utilizationBluedog white paper - scaling for high availability, high utilization
Bluedog white paper - scaling for high availability, high utilizationtom termini
 
Workbench "Always on the Job!"© software-as-a-service for social collaboration
Workbench "Always on the Job!"© software-as-a-service for social collaborationWorkbench "Always on the Job!"© software-as-a-service for social collaboration
Workbench "Always on the Job!"© software-as-a-service for social collaborationtom termini
 

Mehr von tom termini (12)

Bluedog White Paper - Service-as-a-Software.pdf
Bluedog White Paper - Service-as-a-Software.pdfBluedog White Paper - Service-as-a-Software.pdf
Bluedog White Paper - Service-as-a-Software.pdf
 
Bluedog White Paper - Fix Broken Projects.pdf
Bluedog White Paper - Fix Broken Projects.pdfBluedog White Paper - Fix Broken Projects.pdf
Bluedog White Paper - Fix Broken Projects.pdf
 
Bluedog White Paper - Workflow Optimization.pdf
Bluedog White Paper - Workflow Optimization.pdfBluedog White Paper - Workflow Optimization.pdf
Bluedog White Paper - Workflow Optimization.pdf
 
Bluedog White Paper - ERP-light solution for SMEs.pdf
Bluedog White Paper - ERP-light solution for SMEs.pdfBluedog White Paper - ERP-light solution for SMEs.pdf
Bluedog White Paper - ERP-light solution for SMEs.pdf
 
Bluedog White Paper - overview of RMF implementation.pdf
Bluedog White Paper - overview of RMF implementation.pdfBluedog White Paper - overview of RMF implementation.pdf
Bluedog White Paper - overview of RMF implementation.pdf
 
Two digital marketing tools to leverage
Two digital marketing tools to leverageTwo digital marketing tools to leverage
Two digital marketing tools to leverage
 
1245176206446 ecm alternatives_to_sharepoint_120609
1245176206446 ecm alternatives_to_sharepoint_1206091245176206446 ecm alternatives_to_sharepoint_120609
1245176206446 ecm alternatives_to_sharepoint_120609
 
MITRE A-TAK Design Philosophy
MITRE A-TAK Design PhilosophyMITRE A-TAK Design Philosophy
MITRE A-TAK Design Philosophy
 
Transformation of the Enterprise to SOA
Transformation of the Enterprise to SOATransformation of the Enterprise to SOA
Transformation of the Enterprise to SOA
 
This Guide to the (Evolving) Enterprise Architecture Body of Knowledge
This Guide to the (Evolving) Enterprise Architecture Body of KnowledgeThis Guide to the (Evolving) Enterprise Architecture Body of Knowledge
This Guide to the (Evolving) Enterprise Architecture Body of Knowledge
 
Bluedog white paper - scaling for high availability, high utilization
Bluedog white paper - scaling for high availability, high utilizationBluedog white paper - scaling for high availability, high utilization
Bluedog white paper - scaling for high availability, high utilization
 
Workbench "Always on the Job!"© software-as-a-service for social collaboration
Workbench "Always on the Job!"© software-as-a-service for social collaborationWorkbench "Always on the Job!"© software-as-a-service for social collaboration
Workbench "Always on the Job!"© software-as-a-service for social collaboration
 

Kürzlich hochgeladen

Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slidesvaideheekore1
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfDrew Moseley
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...OnePlan Solutions
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencessuser9e7c64
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsSafe Software
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogueitservices996
 

Kürzlich hochgeladen (20)

Introduction to Firebase Workshop Slides
Introduction to Firebase Workshop SlidesIntroduction to Firebase Workshop Slides
Introduction to Firebase Workshop Slides
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 
Comparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdfComparing Linux OS Image Update Models - EOSS 2024.pdf
Comparing Linux OS Image Update Models - EOSS 2024.pdf
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
Tech Tuesday Slides - Introduction to Project Management with OnePlan's Work ...
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Patterns for automating API delivery. API conference
Patterns for automating API delivery. API conferencePatterns for automating API delivery. API conference
Patterns for automating API delivery. API conference
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Powering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data StreamsPowering Real-Time Decisions with Continuous Data Streams
Powering Real-Time Decisions with Continuous Data Streams
 
Ronisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited CatalogueRonisha Informatics Private Limited Catalogue
Ronisha Informatics Private Limited Catalogue
 

Bluedog white paper - Our WebObjects Web Security Model

  • 1. www.bluedog.net Web Security 1 of 12 Understanding Our Web Security Model The importance of the Internet as an information management and delivery technology is well known, and the obvious advantages of the three-tier web application model opens new avenues to exploit the benefits of this technology to generate competitive advantage, reduce costs, and improve programmer and end user productivity. There is a concurrent rise of internal web portals (i.e., intranets) that exist behind organizations’ firewalls -- one of the most important areas for the development of new, component-or web-services-based applications. But security issues abound. Looking beyond traditional client-server architecture, we will endeavor to foster communities that link different initiatives of the project in order to ease (through automation, work flow streamlining, and process improvement) the exchange of information. XML and a number of related technologies are the focus as a potential standard for cross-enterprise integration, as well as within the boundaries of a public- sided intranet. However, the benefits of ubiquitous web-based computing pose as many challenges -- it magnifies challenges such as scalability, high reliability, and availability for web-based applications. Then there are the inherent limitations of the medium itself, including the synchronous nature of http and stateless paradigm of the web, and a vulnerable security model. This section will address our security model, how our approach to application design addresses concerns for maintaining customer confidential data during development and once application development has been completed.
  • 2. www.bluedog.net Web Security 2 of 12 Basic Security Model In the three-tier web application architecture, security is built-in at several levels. Exhibit 1 illustrates the nominal architecture of our security model vis-a-vis three-tiered applications. Exhibit 1. Nominal Architecture Authorization differs from authentication in that authentication ensures that only valid users obtain access to an application. Authorization is more about controlling the data the authenticated user is allowed to obtain after entering the application.
  • 3. www.bluedog.net Web Security 3 of 12 Confidentiality is the mechanism for making the information available to only the intended recipient. A systems administrator usually protects resources by creating lists of users and groups that have the permissions required to access this resource -- the access control list. Auditing is invaluable when an action performed on a user’s account must be verified. Non-repudiation is the act of proving a particular user performed some action. For example, a user submits a data change. By using proper record keeping and audit trails, a systems administrator can prove that the action was performed by the particular user’s account. Designing an application for raise a flag or notify certain partied when fraud is detected limits vulnerabilities and reduces loss by being proactive. The fourth component for three-tier application-level security is encryption or data integrity. This ensures that data has not been tampered with between the sender and the receiver. Encryption ensures that no outside parties could modify the information, which is possible when sent over the public network. Biometric, card key, or other secondary level security could also be considered when data integrity and network security is being architected. Web Tier Our applications will be architected to provide secure web server communication and support for Secure Sockets Layer/Transport Layer Security Protocols (SSL), HTTPS, and HTTP challenge-response authentication. Further, the web tier of the application will support user authentication against the single-sign-on authority, may support cookies (if desired) and database access controls for the secure handling of transaction operations.
  • 4. www.bluedog.net Web Security 4 of 12 A the web tier, user access is fundamental. To achieve security here, we will start with authentication, and maintain secure transmission of data between the client (web browser) and web server via SSL. Authentication is the process of entities proving to one another that they are acting on behalf of specific identities. For example, when a user provides a user name and password for a logon, the authentication process verifies that this is a valid application user and that the password matches the real user’s provided password. Two types of authentication are weak or simple authentication and strong authentication. Weak or simple authentication involves the user providing a username and password to be authenticated. The user provides no further authentication information. A major problem arises when someone else gets the other person’s username and password and a security breach occurs. Strong authentication, on the other hand, is more secure because the user provides a digital certification or other private means of being authenticated. A primary goal will be protecting communication privacy and data integrity. We will rely on Public Key Infrastructure to accomplish a substantial chunk of this goal. Creating a Certificate Authority, putting in place a policy for using this C.A. (for SSL implementation, and documenting the procedures and mechanisms our developers can use to ensure web traffic communication, end user/customer privacy, and message data integrity will be part of the infrastructure build out defined in our project management plan. Developers will be provided the guidelines for the proper use of the C.A. for SSL traffic. The guidelines will be presented to avoid the common implementation mistakes that can compromise security and performance. Cryptography will be employed (via SSL for web or graphic user interface traffic, and at the application level to encrypt and sign data before it is sent to the database).By working with digital certificates and a descending hierarchy based on our C.A.,
  • 5. www.bluedog.net Web Security 5 of 12 management and control of security will be centralized and simplified. This approach ensures bad user data is purged quickly and easily, intrusions are more quickly isolated, and the client has overarching control of the secure environment independent of the developers. Once user access privileges are known (via C.A. and LDAP authentication), we will use cryptographic functionality (encrypting and hashing data, application of one-way signatures to ensure authenticity of sources) in the application tier to keep data away from unauthorized view. Application Tier By linking to a single-sign on authority we will code applications to provide data security by using access control lists and password policies. We will store information about users and groups in a Lightweight Directory Access Protocol LDAPv3 database. LDAP is an open directory access protocol that uses TCP/IP and scales to millions of entries, and lookups are fast A unified management of user and password data assures all applications run off of a certified environment that is centrally managed and governed my explicit security policies that conform to customer and regulatory requirements. “consumer” LDAPs can be made available to other applications or modules, mirroring some or all of the centralized data. Application-level security will provide a means to authenticate users, define authorization and roles based on access control lists mapped to the central user database for those users, a mechanism to audit and have non-repudiation of information to be processed, encryption for data security, and support for secure transmission and data storage. Critical data (defined as customer confidential, business confidential or legally mandated as confidential) will be transmitted in encrypted form (using SSL), then
  • 6. www.bluedog.net Web Security 6 of 12 encrypted in the application before transmission to the database. Connection from the application to the database may also use SSL encryption (Oracle and other major database vendors support this protocol for the application-to-database connection). This will ensure sensitive or confidential data (such as social security numbers, credit card numbers, or passwords) will be hashed in the persistent data store, making casual perusal of the data by DBAs or internal users impossible. We will architect application and database components to be in compliance with the J2EE v1.2 EJB v1.1 Java Servlet v2.2 security models as defined by Sun and the Java community. Java 2 security architecture with the security model, itself composed of three layers: Java language, compiler and runtime system, and the Security Manager. At the language layer, Java achieves security in various ways. First, Java defines that all primitive data types are of a specific size and independent of the machine architecture. Second, pointer arithmetic and forging access to objects cannot be done. Third, Java provides array-bound checking. Objective of MVC Approach -- Segregating Presentation, Business Logic and Persistent Data The model-view-controller design of the three-tier architecture serves multiple purposes. Two important ones are presentation can occur in various formats, independent of the application; and business logic is coded in the Java classes, so database independence is maintained and scalability is enhanced. A further benefit is that the component architecture allows organizations to build scalable, secure, multi-platform applications as re-usable server-side components. This architecture has three main security goals.
  • 7. www.bluedog.net Web Security 7 of 12 • It reduces the burden placed on the developers who working on independent application components containing the business logic of any enterprise application. Modules pertaining to sensitive or confidential information can be segregated via a “Chinese wall” approach. • This approach also allows applications to be portable across different vendors’ servers and permits different vendors to use different security mechanisms. For example, the reliability of Unix systems can be deployed facing the public, while internal systems can have the advantage of a Windows environment without the fear of compromise. • This approach provides support for security policies to be set by the application developers, experts in a specific operational environment or an application assembler who provides the solution, rather than by the code developer. Database Tier Access to the persistent data store from the various applications will be controlled by assigning specific user identifiers based on the needed application role. The application, on the protected side of the firewall, may communicate to the database(s) via secure port, with encryption of traffic. Data may also be encrypted in the application level (see above) before it is transmitted via the database connector (JDBC, in many cases). Specific database controls will be implemented as well. For example, SQL Server provides for secure connections, and can implement role-based security that limits developer (and application module) access to certain table spaces. In the case of Microsoft’s product, we would pay special attention to preventing so-called SQL Injection Attacks.
  • 8. www.bluedog.net Web Security 8 of 12 Network Tier The emphasis on network security will not just on installing firewalls and Virtual Private Networks (VPNs) to prevent outside hackers from gaining access to valuable and confidential data. We will design and enforce a traditional DMZ-style network architecture that segregates the web (presentation) layer on Apache or IIS web servers, and the only traffic through the firewall will be via the application adapter (leaving only ports 80 and 443/SSL open to the outside world). The DMZ model is proven for exposing public-accessed assets in the most secure way. Our approach, relying on true three-tier architecture, ensures no uncompiled code is available for tampering. Further, only HTTP/HTTPS traffic can pass to the outside world, while web server-to-application traffic is limited to the secure side of the network. Finally, the application-to-database traffic is further restricted. Operating System Tier Internet Protocol Security (IPSec) provides application-transparent encryption services for IP network traffic as well as other network access protections in the Windows operating system environment. Furthermore, for a Windows environment, The most important thing we can do to help maintain system security is to stay current with security updates. We will craft guidelines to secure Windows operating system servers based on known security flaws and guidelines from the vendor. In the Unix environment (and to the extent possible in other ones), we will maintain system security by confirming latest OS versions and patches are installed , regularly check logs and file system integrity for suspicious activity, and make regular backups. A key way to ensure security is to limit access. Password that are strong (longer than 8 characters, mixed case and non-standard character requirements, expiration dates) help, as do things such as: session time outs (for web applications), cookie expirations,
  • 9. www.bluedog.net Web Security 9 of 12 password protected screen savers, restricting access to shared drives, the ability disable remote logons, setting permission properly, and displaying legal and user responsibility notices before logon Just simply regularly reviewing user list and remove unnecessary accounts ca n boost the reliability of security models. Restricting Developer Access to Sensitive Data For development, we will use a Content Versioning System (CVS) to control code revision, as well as limit access to modules based on role. Our security officer will ensure the developers who have access to sensitive data will be vetted, and procedures will be established to grant and rescind access during the life of the project. During development, surrogate data will be used rather than life customer- or business- confidential data. Once we enter the Systems Integration Testing phase, the live data will be used to populate the deployment database. Oversight on the running of SQL scripts by appropriate personnel will be provided by our security officer. Other Security Issues Because we have a global view of the three-tier model, we will endeavor to apply high- level techniques to ensuring proper access, communicating securely to authorized persons, and controlling where data lives. One example is the proper architecting of an auditing methodology. Auditing and event logging enables detection of, and protection against, unauthorized access. Furthermore, data recovery, access permissions, and other failure recovery, responsibility and authority questions can be addressed with the robust Audit and Event Logging methodology we will incorporate into our application and database design. The level of granularity at which access to data can be controlled will be set during design, but typically this includes: at the GUI by user/password access, secure
  • 10. www.bluedog.net Web Security 10 of 12 transmission of data via SSL, and C.A. or IP screening. At the application level, classes can re-check user levels of access before presenting data. Transmission of sensitive or confidential data can be encrypted, and the data itself can be encrypted using strong algorithms before transmission or recording in the database. The database schema can be set to control access to tables based on roles, and specific records or fields can have access limited. By keeping security and other business logic in the application layer, database independence can be maintained. For example, we won’t architect security functionality in stored procedures, relying instead on routines defined in Java code. Use of the ACL and a centralized repository for single-authority (the master user LDAP) defines how different user categories are configured and defined for security. Role- based and group-based security definitions are referenced in the application logic and database schema – even if decompiled code could be modified to let an unauthorized user to attempt to view restricted data, two additional levels of control would prevent the physical display of data. Roles will define who has read-only, edit, or delete privileges in the applications. A centralized user data repository means the configuring of new users is simplified – the systems administrator would import new user lists, configure them to groups, assign privileges to groups in a user-friendly GUI, and maintain user data in one application. Failover and hot site recovery impact security as well as systems performance and scalability. Our application architecture will take into account defined service level requirements to ensure the capability to handle user loads, maintain application responsiveness, audit and verify data changes, At Project Inception Upon kickoff of the project, we will define in a project management plan (subject to client review and approval) a systematic approach that applies our knowledge of
  • 11. www.bluedog.net Web Security 11 of 12 security best practices to secure web applications during development and for deployment. Action items when the project commences: • Define the basic policies to ensure web application security, referencing the motivations for each. For example, statute dictates HIPAA/HL7 compliance, so define database schema to reflect needed “Chinese walls” to protect appropriate customer data. • Define the performance parameters of a threat analysis of web-accessible assets. • Set the SOPs to protect operating systems/file system data by using the features in the development, test, and deployment environments. For example, harden Unix servers by setting up security rules, policies and procedures; implement techniques to foil common assaults used by hackers such as IP spoofing, denial- of-service attack, and buffer overflow. • Use one of the Java classes that implement cryptography namespace to transform block or string data from cleartext into cyphertext. Use general security coding best practices to ensure a secure Web application. • Protect the portion of the web applications that requires private communications by using SSL and guarding intranet assets with network filtering, defining which firewall techniques will be used (such as Network Address Translation and port control). • Define test plans that use a structured approach to testing for web application security in conjunction with systems integration testing and user acceptance testing.
  • 12. www.bluedog.net Web Security 12 of 12 • Apply our knowledge of authentication using Secure User Identifiers (SUIDs) and Access Control Lists to combat impersonation, and apply the concept of running with least group/user privileges to ensure access to only those system resources that are necessary to accomplish normal request processing.