PLoP2004_ndelessygassant0_0.doc

Applications in the network thus facilitating

Info icon This preview shows pages 2–5. Sign up to view the full content.

View Full Document Right Arrow Icon
applications in the network, thus facilitating administration of the policies through the organization. As a complement, the XML Firewall performs XML content checking and security checks such as encryption/decryption or digital signature verification. We describe patterns for these two architectures in the next sections. 2 Stateful Firewall Address Filter Firewall (static packet filter) Proxy-Based Firewall (application level) Content-Based Firewall Address Filtering Address Filtering Address Filtering
Image of page 2

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Application Firewall Intent To filter calls and responses to/from enterprise applications, based on an institution access control policies. Aka Content Firewall Example Consider a medical record application in a Hospital. One of the services it provides is to allow patients to lookup their personal medical records from home. To ensure that only patients can access this service, the patient must first be authenticated and then she must be identified as a patient. Finally, the application must ensure that only the medical records belonging to the patient are returned (i.e., match the name in the medical record with that of the user). One way to provide this security is to let application maintain list of all valid patients with their authentication credentials, and implement the code for blocking unauthorized access from within the application level code of the application. This approach has several problems. In the future, if the hospital decides to allow patients to be able to schedule appointments, it will have to repeat the implementation of the access control code for the scheduling application as well. Furthermore, if there are changes in hospital business policies, e.g. they want to allow external primary care physicians access the medical records of their own patients, these applications will have to be rewritten. In this changing scenario, a new access control list for authorized primary care physicians will have to be added to medical record application, and a list of patients will have to be associated with each physician to indicate the patients belonging to a doctor. Such application modifications are time consuming, difficult to manage, expensive and error prone. Context Enterprise applications executing in distributed systems accessed from a local network, the Internet, or other external networks. These distributed systems typically include packet filter and/or proxy-based firewalls. 3
Image of page 3
Problem Enterprise applications in an organization’s internal network are accessed by a broad spectrum of users that may attempt to abuse its resources (leakage, modification or destruction of data). These applications can be numerous, thus implementing access control independently in ad hoc ways and may make the system more complex and thus less secure.
Image of page 4

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern