interactivity for reactive access control
play

Interactivity for Reactive Access Control To appear in Secrypt 2008 - PowerPoint PPT Presentation

Sep 17, 2022 •223 likes •395 views

TELECOM Bretagne Interactivity for Reactive Access Control To appear in Secrypt 2008 Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens Boulahia TELECOM Institute ; TELECOM Bretagne D epartement R eseau S ecurit e et Multim

  1. TELECOM Bretagne Interactivity for Reactive Access Control To appear in Secrypt 2008 Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens Boulahia TELECOM Institute ; TELECOM Bretagne D´ epartement R´ eseau S´ ecurit´ e et Multim´ edia - RSM Department 10 Juin 2008 Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 1 / 17

  2. TELECOM Bretagne Outline Outline of Topics Interactivity for Reactive Access Control Introduction & Motivation Overview Basic Concepts Formal Model Policy Enforcement & Interpretation Application Example Conclusion Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 2 / 17

  3. TELECOM Bretagne Introduction & Motivation Introduction Evolution of the Computing & communication capabilities of networks and electronic devices New Intelligent Context-aware Environments Figure: Example SIP PIDF Presence Information Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 3 / 17

  4. TELECOM Bretagne Introduction & Motivation Motivation Current Access Control Systems Passive Systems, e.g. RBAC 0 Role × Permission Dynamic Systems, e.g. OrBAC , GRBAC Role × Permission × Context Characteristics Anticipative models as all rules have to be predefined for every possible access request Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 4 / 17

  5. TELECOM Bretagne Introduction & Motivation Interactivity for Access Control Specification of the Access Policy at the Time of the Request Permit the active participation of a third party in the evaluation of security policies e.g. A patient’s file on some hospital’s database ( Role × Permission × Context × Patient ) Handle Unexpected Situations e.g. Unexpected absences due to illness. ( Role × Permission × Context × DepartementHead ) Awareness of Important Accesses Just In-time Specification of Access Control Policies & Per-Access if Needed e.g. Access to Files of Ongoing Projects, Access to PCs in an Internet Cafe ( Role × Permission × Context × Admin ) Policy Retrieval from another Policy Decision Point ( Role × Permission × Context × Server 1 ) Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 5 / 17

  6. TELECOM Bretagne Overview System Overview Two Rule Specification Schemes In advance At the time of the request Figure: System Operation Overview Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 6 / 17

  7. TELECOM Bretagne Basic Concepts OrBAC Policies & Contexts OrBAC Policies Contextual Model Rules → Organization Context Representation Separation context/security rule Representation: Hold ( S , A , R , Context ) Hold ( S , A , R , childAtSchool ) ← Attribute ( age , S , X ) , X < 10 , Attribute ( location , S , school ) Hold ( S , A , R , morning ) ← after time (08 : 00) , before time (12 : 00) OrBAC Context Language Supports the AND , OR and NOT operators: Permission ( Students , EnterPlayground , childAtSchool & morning ) Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 7 / 17

  8. TELECOM Bretagne Basic Concepts Object Organization Organizational Entities Policies are defined over the organizational entities Role , Activity and Views Easy Object Manipulation is Desirable Reduction of Policy Definition & Deployment Time Linking activities and views Logically interconnect activities and views by associating to every resource/view an activity containing all the operations it supports Every resource in the model is associated to one manager Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 8 / 17

  9. TELECOM Bretagne Basic Concepts Example Organizing Objects Views ⊆ 2 Resources Activities ← Objects/Views Sub-Activities ⊆ Activities Define Permissions on Activities Permission ( Family , classicalCDs ) Permission ( Family , readOnlyRock ) Figure: Object Organization Example Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 9 / 17

  10. TELECOM Bretagne Formal Model Formal Model Basic Elements Subjects ( S ), Resources ( R ), resource-Types ( T ), Actions ( A ), Operations ( O ), Attributes ( Att ) and Contexts ( C ) Dynamic Context ( C d ) is of type boolean Organizational Entities Roles ( R ), Views ( V ), Activities ( A ) Policy Elements P ⊆ R × A × C × C d Ex: P ( family , rockCDs , atHome , true ) System Messages Access-request (AR): AR ⊆ S × A Grant(GR): GR ⊆ S × O System-Request Messages (SR): SR ⊆ S × S × A × ID Manager-response Messages (MR): MR ⊆ S × A × C × ID Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 10 / 17

  11. TELECOM Bretagne Policy Interpretation & Enforcement Policy Interpretation using Active Rule An Active Rule on event if condition then action Enforcing the system’s policy 2 input messages (AR)-(MR) 3 output messages (GR)-(DN)-(SR) on Reception of Message if conditions then Sending of Message Example: The Access-Request/Grant Rule: on AR ( S 1 , A 1 ) if P ( R 2 , A 2 , Context , false ) , DerivedMember ( S 1 , R 2 ) , Compatible ( A 1 , A 2 ) , DerivedMember ( Operation ( R , A ) , A 1 ) , Hold ( S 1 , R , A , Context ) then Grant ( S 1 , Operation ( R , A )) Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 11 / 17

  12. TELECOM Bretagne Policy Interpretation & Enforcement Policy Interpretation using Active Rule Conflict Resolution Contextual/dynamic permission conflict Resolved by prioritizing dynamic permissions Timeout Situations C d ⊆ D × DA Where DA ∈ { accept , deny , other } Ex: on timeOut ( id ) if Interaction ( S 1 , A 1 , C d ( D , DA ) , id ) , DA = deny then Deny ( S 1 , A 1 ) Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 12 / 17

  13. TELECOM Bretagne Application Example Example Policy Consider the following policy P 1 : P ( family , classicalCDs , default , false ) P 2 : P ( family , rockCDs , jackAvailable , dc (60 , other )) The context jackAvailable is defined as: C 1 : Hold ( S , R , A , jackAvailable ) ← Attribute ( status , jack , available ) P 3 : P ( family , onlyReadRockCDs , atHome , false ) The context atHome is defined as: C 2 : Hold ( S , R , A , atHome ) ← Attribute ( location , S , home ) Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 13 / 17

  14. TELECOM Bretagne Application Example Example Scenario Consider the following request AR ( tom , rockCDs ) The resource manager can Limit the authorized operations MR ( tom , readOnlyRockCDs , default , id ) Deny the access MR ( tom , rockCDs , false , id ) Require the verification of some context MR ( tom , rockCDs , janeNotAtHome , id ) Hold ( S , R , A , janeNotAtHome ) ← ¬ Attribute ( location , jane , atHome ) Timeout: only operations defined in readOnlyCds are allowed Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 14 / 17

  15. TELECOM Bretagne Conclusion & Future Work Conclusion We have discussed the Advantages of Interactivity for Access Control Awareness Handling Unexpected Situations Just-in-time Specification of Security Policies We have proposed a formal model that extends context-aware models to handle interaction We have shown how the policy can be enforced using ECA rules We have proposed an intuitive object organization scheme Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 15 / 17

  16. TELECOM Bretagne Conclusion & Future Work Future Work Usage Control Adding ongoing controls to the model Just-in-time delegation of capabilities Contacting several subject Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 16 / 17

  17. TELECOM Bretagne Thank you for your attention... Yehia ElRakaiby, Frederic Cuppens & Nora Cuppens-Boulahia Interactivity for Reactive Access Control 17 / 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
A networked control strategy for reactive power compensation in a smart power distribution

A networked control strategy for reactive power compensation in a smart power distribution

A networked control strategy for reactive power compensation in a smart power distribution network Saverio Bolognani Information and Control in Networks Focus Period at LCCC, Lund University October 26, 2012 REACTIVE POWER COMPENSATION Power

608 views • 36 slides
SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
#BetterTogether Navigating partnership challenges May 16, 2018 ACM InterActivity InterActivity

#BetterTogether Navigating partnership challenges May 16, 2018 ACM InterActivity InterActivity

#BetterTogether Navigating partnership challenges May 16, 2018 ACM InterActivity InterActivity 2018 Presenters Eric Demay Creative Director, GSM Project Patti Reiss Director of Museum Experiences, Mississippi Childrens Museum

732 views • 61 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons

All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons

All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons Gerrit Meier @rotnroll666 @meistermeier 2 Reactive 3 Reactive Reactive in general does not boost the performance ...but gives you the control

671 views • 38 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors

PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors

PointGrow: Autoregressively Learned Point Cloud Generation with Self-Attention Anonymous Authors Key Ideas Generate realistic point cloud from scratch or conditioned on semantic contexts Recurrent sampling operation Augment with

1.23k views • 21 slides
How to best deploy your Fog applications, probably Stefano Forti Ahmad Ibrahim Antonio Brogi 1

How to best deploy your Fog applications, probably Stefano Forti Ahmad Ibrahim Antonio Brogi 1

How to best deploy your Fog applications, probably Stefano Forti Ahmad Ibrahim Antonio Brogi 1 st International Conference on Fog and Edge Computing 2017 14 th May 2017 name.surname@di.unipi.it IoT and Cloud Computing 50 billion of connected

545 views • 30 slides
Agenda IoT Xbox How Windows interacts with you app Suspend and resume Background execution

Agenda IoT Xbox How Windows interacts with you app Suspend and resume Background execution

Agenda IoT Xbox How Windows interacts with you app Suspend and resume Background execution Resource management System triggers and notifications Application Lifetime Apps can be in 1 of 3 states Not Running Running Suspended

536 views • 30 slides
Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge

Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge

Contextual Factors in Mobile Security and Privacy Policy Enforcement Mobile Services and Edge Computing Workshop, Helsinki, 28.7.2016 Markus Miettinen Technische Universitt Darmstadt 28.07.2016 | Fachbereich Informatik | Lehrstuhl

542 views • 30 slides
Semantic Reasoning and Verification for Ambient Assisted Living Thibaut Tiberghien, Mounir

Semantic Reasoning and Verification for Ambient Assisted Living Thibaut Tiberghien, Mounir

Semantic Reasoning and Verification for Ambient Assisted Living Thibaut Tiberghien, Mounir Mokhtari, Liu Yan &amp; Dong Jin Song FSFMA 2014 2nd French Singaporean Workshop on Formal Methods and Applications 13 May 2014, Singapore

727 views • 45 slides
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer

Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science steen@cs.vu.nl Chapter 01: Introduction Version: August 27, 2012 Introduction 1.1 Definition Distributed System: Definition A distributed

718 views • 60 slides
Bryan Gonderinger, AFW Larger screen &amp; keyboard! Complicated programming processes

Bryan Gonderinger, AFW Larger screen &amp; keyboard! Complicated programming processes

Bryan Gonderinger, AFW Larger screen &amp; keyboard! Complicated programming processes Some features not accessible via radio Multiple radios Traveling Radio Simplex Repeater / Std. Repeater / Other Offset Offset Baofeng UV

454 views • 31 slides
Formalizing a sophisticated defjnition Patrick Massot (Orsay) joint work with Kevin Buzzard (IC

Formalizing a sophisticated defjnition Patrick Massot (Orsay) joint work with Kevin Buzzard (IC

. . . . . . . . Formalizing a sophisticated defjnition Patrick Massot (Orsay) joint work with Kevin Buzzard (IC London) and Johan Commelin (Freiburg) Formal Methods in Mathematics Lean Together January 7th 2020 gives a limit

712 views • 31 slides

More recommend