Distributed Enforcement of Unlinkability Policies: Looking Beyond - - PowerPoint PPT Presentation

distributed enforcement of unlinkability policies looking
SMART_READER_LITE
LIVE PREVIEW

Distributed Enforcement of Unlinkability Policies: Looking Beyond - - PowerPoint PPT Presentation

Sep 27, 2022 213 likes •373 views

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007 Lack

slide-1
SLIDE 1

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall

Apu Kapadia, Prasad Naldurg, Roy H. Campbell

Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007

slide-2
SLIDE 2

Apu Kapadia, Dartmouth College 2

Lack of audit-log privacy

Enterprise-level access to services

Doors, printers, Wi-Fi, vending, … Accesses logged at several severs

Security of audit logs

Access by authorized administrators

Privacy of audit logs

Who is allowed to link records? Wi-Fi logs + Email logs = exposed location

slide-3
SLIDE 3

Apu Kapadia, Dartmouth College 3

Unlinkability: “Two or more accesses cannot be tied to the same user”

Cryptographic approaches

Mathematical unlinkability Not always feasible (legal requirements)

Unlinkability through access control

Prevent users from accessing records that

can be linked

slide-4
SLIDE 4

Apu Kapadia, Dartmouth College 4

Chinese Wall is not scalable

Alice’s Session Need to maintain access history

slide-5
SLIDE 5

Apu Kapadia, Dartmouth College 5

Modified semantics for decentralized enforcement

Unlinkability semantics

Prevent access to two or more audit flows But don’t guarantee access to audit flows

  • f administrator’s choosing
slide-6
SLIDE 6

Apu Kapadia, Dartmouth College 6

Attached constraints are easy to enforce locally

Alice’s Session

slide-7
SLIDE 7

Apu Kapadia, Dartmouth College 7

Users negotiate unlinkability policies with the PNS

slide-8
SLIDE 8

Apu Kapadia, Dartmouth College 8

Computing linkability threats

slide-9
SLIDE 9

Apu Kapadia, Dartmouth College 9

Correctness of policy constraints

Secure

Prevents linking of records

Precise

Users who cannot link records are allowed

access

slide-10
SLIDE 10

Apu Kapadia, Dartmouth College 10

Open-ended sessions are permitted

Secure and Precise

slide-11
SLIDE 11

Apu Kapadia, Dartmouth College 11

Evolving protection state can make deployed policies stale

Alice’s Session

Campus Security

slide-12
SLIDE 12

Apu Kapadia, Dartmouth College 12

Use versioning to cope with evolving permissions

Logical clock User version number Policy version number

slide-13
SLIDE 13

Apu Kapadia, Dartmouth College 13

Security and Precision

Security and precision guaranteed

If user’s version number policy version

number

Loss in precision

For users with larger version numbers But security is maintained

slide-14
SLIDE 14

Apu Kapadia, Dartmouth College 14

Future Directions

More precision

Better policy analysis?

Better versioning scheme

More version numbers?

Experimental evaluation

Degradation of precision Overhead of evaluating constraints

Usability

Interaction with Policy Negotiation Server

slide-15
SLIDE 15

Apu Kapadia, Dartmouth College 15

Conclusions

Unlinkability through access control

Policies attached to audit records

Efficient decentralized enforcement

Modified Chinese Wall semantics

Copes with evolving protection state

Versioning scheme to maintain security

and precision