Secure Compositions of Networked Systems Based on User Tasks and Organizational Policy

Sponsored by Air Force Office of Scientific Research
07/01/2009 - 11/30/2012


Sushil Jajodia
Angelos Stavrou
Duminda Wijesekera


We propose a revolutionary new approach for interaction of networked systems, which automatically composes computational solutions to fulfill user tasks, while simultaneously meeting organizational security and quality of service (QoS) requirements. In this approach, software will be deployed as sophisticated service-oriented components, with metadata describing syntax and semantics of interactions among services. Clients can discover service providers and, when needed, multiple services will be combined to form task solutions. Service metadata will constrain solutions so that they meet organizational policy and security requirements. This will greatly simplify administrative burdens, and help guide users select secure and appropriate software solutions for given tasks.

We will provide systematic support for sharing software configuration and interaction requirements. To address the security and performance of composed modules, all modules will be defined using their requires and provides interfaces, and the modules be designed and constructed using security and QoS policies, so that their modular connectivity be governed by policies that deliver qualified security and quantified performance. That makes the constructed software secure and perform as expected.

We propose to express the behavioral aspects of module connectors so that their security strength can be investigated with respect to possible attacks (such as being addressed in protocol verification methods). This security strength can then be directly linked to the formally specified security policies so that there will be a one-to-one correspondence between the chosen policies and the attacks that can be withstood by the module connectors.