This chapter describes our approach to handle security in a complex Distributed Virtual Environment (DVE). The modules of such an environment all need to be concerned about security. An object-oriented model of a DVE allows us to capture security in an aspect-oriented fashion as a crosscutting concern among the multiple modules. As DVEs become more complex in content, distribution, and capabilities, the security requirement emerges as a key issue in their design and implementation. In order to control the software complexity, our strategy is to model and analyze the impact of security concerns on the functional model of DVEs via an aspect-oriented technique. This approach is appropriate to be applied at both the system design and modeling stages and provides guidance during the implementation stage. This chapter illustrates an aspect-oriented approach to the impact analysis of security concerns upon the functionalities of DVEs. A design-level security model for DVEs is provided to show how to weave security concerns into the models of DVE designs seamlessly.
Much research has been conducted on the subject of security and has resulted in copious techniques and approaches to address the issue from different views and to different levels. The key to the development and integration of a secure infrastructure is information assurance (IA), which has five focal pillars: availability, integrity, authentication, confidentiality, and non-repudiation. As a challenging, complicated and sensitive application, a DVE is influenced by all five subjects of IA at varying levels throughout its life cycle.
Key Terms in this Chapter
Distributed Virtual Environment (DVE): Are software systems that connect geographically dispersed users into a shared virtual space and support the interaction between the users and the shared world. DVEs have many applications in medicine, robotics, interactive distance learning, and online communities.
Aspects: An aspect is a pattern that characterizes a family of concern realizations. An aspect model consists of a set of Unified Modeling Language (UML) diagrams, both structural and behavioral, specifying the internal structure and the behavior of the aspect.
Aspect-Oriented Modeling: Aspect oriented modeling (AOM) techniques allow system developers to describe solutions that crosscut a design in separate design views called aspects.
Separation of Concerns: To separate the functionality modules from the target aspects, which consists of these steps, (1) identifying and specifying basic functionality components in the system; (2) specifying requirements of the target aspects; and (3) defining the crosscutting section (join points) of the functionality components and target aspects.f
Role-Based Access Control: With the RBAC model, access privileges are associated with roles, and those roles are assigned to real users based on their responsibilities and qualifications.
Aspect Weaving: Aspect weaving is to generate an integrated system by weaving aspect models with the functionality components. The steps include, (1) locating the join points where the functionality components and the target aspect interact; (2) defining the behavior of the system in order to enforce aspect policies on the basic functionality components; and (3) integrating aspect models with the functionality components.
Access Control: Access control is to make authorization decision for every request to resources and data of a system, and grant or deny the request. Different access control policies including Mandatory Access Control (MAC), Discretionary Access Control (DAC), and Role-based Access Control (RBAC) can be applied to achieve security objectives.