managing security policy in distributed systems
play

Managing security policy in distributed systems Tim Moses 13 April - PDF document

Mar 15, 2024 •46 likes •226 views

Managing security policy in distributed systems Tim Moses 13 April 2004 v2 1 1 PDF created with FinePrint pdfFactory trial version www.pdffactory.com Agenda Definitions Motivation Policy models Policy languages Future w ork

  1. Managing security policy in distributed systems Tim Moses 13 April 2004 v2 1 1 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  2. Agenda Ł Definitions Ł Motivation Ł Policy models Ł Policy languages Ł Future w ork Ł Bibliography 2 2 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  3. Definitions Control – a technical safeguard or security procedure Policy – actions taken by a control The word “policy” is often used to mean a plain-language directive or high-level guidance. But, the term is used consistently throughout this presentation to describe machine instructions used by a technical safeguard. 3 3 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  4. Secure information system router Intrusion App server https server detection Anti-virus firewall firewall Database server Email gateway Admin Authentication server SOAP gateway End user 4 Wi-fi gateway Web access management How many controls can you spot in this picture? All the controls are configurable by policy definition, using separate consoles. Difficult to get an overall view of security, either by design or actually in effect in the system. 4 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  5. Motivation Ł Complete and consistent view of security architecture for – Design • Ensure information assets are appropriately protected – Modeling • Minimize potential impact on operations – Management • Respond to changes in threat environment, regulatory environment and business environment – Audit • Is the policy in effect what you think it is? 5 Design – cost of controls commensurate with the risk (expected rate of loss) Regulations and generally-accepted information-security practices. Modeling – what-if analysis. 5 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  6. Policy management architecture Console Console Console display edit Policy manager provision audit Control Control Control 6 Distributed authorship. Workflow approval. Central repository. Heterogeneous controls. Real-time update. Closed-loop. Be careful – avoid single-point of failure. 6 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  7. Policy management model Layer Functions Focus Presentation Display Policy model Edit Management Combine Policy Analyze language Allocate Operational Store Control Provision Execute 7 7 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  8. Policy model taxonomy Policy models Management policy Authorization policy Rights RBAC Chinese-wall Privacy policy policy policy policy Separation of duties 8 The authorization policy taxonomy is incomplete. Cryptographic security policy and trust policy are two other types of policy. 8 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  9. Form of policy statement Ł Policy – If … then … Ł Management policy – If ‘pre-condition’ then create ‘post-condition’ Ł Authorization policy – If ‘pre-condition’ then allow ‘post-condition’ 9 Management policy pre-condition and authorization policy pre-condition and post- condition are predicates, i.e. statements whose truth can be evaluated. Management policy post-condition is a set of instructions. Authorization policy pre-condition may be null, then the specified post-condition is allowed to occur unconditionally. 9 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  10. Authorization models post-condition := (subject.attribute == literal_value) & & (resource.attribute == literal_value) & & (action.attribute == literal_value) q RBAC pre-condition := (permission.role ∩ subject.role) != 0 q Chinese w all pre-condition := resource ∉ ∪ (conflict_set | subject ∈ conflict_set) q Privacy pre-condition := action.purpose ⊆ resource.purpose 10 XACML adds “environment” to the set of components for the post-condition. The combination of a resource and an action is called a permission. In the RBAC model, permissions are associated with roles. Separation of duties adds the stipulation that the subject must not have previously acted on the transaction in a certain way. The rights model is difficult to express in this form because it stipulates a variety of condition related to permitted actions and payment. The post-condition, being a conjunctive sequence of predicates, is suitable for indexing policies for the purpose of storage and retrieval. 10 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  11. Derived management policy transaction originator control control recipient Management policy Authorization policy - pre-condition - pre-condition - post-condition - post-condition 11 Where successful invocation of a service or successful submission of a transaction requires the satisfaction of an authorization policy, the service client or transaction originator require the corresponding management policy in order to create an acceptable service request or transaction. Management policy pre-condition is identical to the corresponding authorization policy’s post-condition. Management policy’s post-condition is derived from the corresponding authorization policy’s pre-condition by eliminating alternatives and converting predicates to assignments. Hence we need a policy language that is amenable to derivation of a management policy from the corresponding authorization policy. The originator may have policies that apply to the request. So, it has to merge its own management policy with that derived from the recipient’s authorization policy. Similar thing happens with any response to the transaction. 11 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  12. Instructions from predicates Ł Literal equality predicates become value assignments – CipherAlg == ‘AES’ → CipherAlg := ‘AES’ Ł Literal inequality predicates become value assignments – KeySize ≥ 128 → KeySize := 128 Ł Variable predicates become multiple value assignments – A == B; B == 10 → A := 10; B := 10 Ł Eliminate choices – List in order of preference – Eliminate all but first 12 Best practice is to use >=, rather than >. E.g. >= 128, not > 127. Instructions could be converted to an executable language, such as WSBPEL. 12 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  13. Policy languages Policy model Expression language Management CIM OPSEC Ponder XACML-WSPL Authorization - Rights ODRL OMA-REL Ponder XrML Authorization - RBAC XACML Authorization - Privacy EPAL P3P 13 Ponder can express both management and authorization policies. So can XACML. In addition XACML describes a procedure for converting an authorization policy to the corresponding management policy. The other languages are tuned to their particular area of application. There is no language designed specifically to address either the Chinese-wall or the separation-of-duties policy models. 13 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  14. Translation Ł All languages are optimized for their area of specialization Ł Some existing languages are firmly entrenched Ł All languages are extensible Ł Policy models are the key Ł Is there a need for translation? Ł Solutions w ill be multi-lingual 14 Translation is possible if and only if statements conform with one of the standard models and both languages have been profiled for that model. 14 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  15. Future work - provisioning notification decision request PAP PDP PEP decision publish discover and policy retrieve policy SQL, LDAP, DSML, ebXML PAP – Policy administration point PDP – Policy decision point 15 PEP – Policy enforcement point Rights models commonly attach the policy to the resource. This may happen also with privacy policy. Polices can be indexed by the post-condition (in the case of an authorization policy) or by the pre-condition (in the case of a management policy). Inefficient to retrieve from repository at run-time. 15 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

  16. Future work - delegation policy policy Bearer token Attributes Policy policy 16 The user launches a job on a server, such as a grid computer. The grid computer needs to access software, data or hardware resources in order to complete the job. These resources are protected by policies. The policies speak in terms of the attributes of the user, not the grid computer. How can the grid computer be granted access to the resources if it is authorized by the user? There are three main options: 1) impersonation, in which the user supplies a bearer token; 2) the user issues attributes for the computer and 3) the user issues a policy for the computer. Option 1 is the option in most common use today, but it is higher risk and accountability is poor. The rights model uses option 3. Most research directed at option 3, because it places greater control in the hands of the user. I.e. the user can grant a specific permission. 16 PDF created with FinePrint pdfFactory trial version www.pdffactory.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
1 Multilevel Security Different security levels for resources Important systems A

1 Multilevel Security Different security levels for resources Important systems A

Last time Threats Introduction Threat analysis Policy Introduction to access Specification control matrix Design Implementation Operation and Maintenance 7/10 - 05 Distributed systems - Jonny Pettersson, UmU 1 Security in the

444 views • 13 slides
RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix

RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix

Introduction Modeling Distributed Systems RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix Dekker, Jason Crampton, Sandro Etalle Questions Distributed and Embedded Systems groep (DIES), Universitity

541 views • 26 slides
Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key

Security in Distributed Systems Introduction Cryptography Authentication Key exchange Computer Science Lecture 18, page 1 Network Security Intruder may eavesdrop remove, modify, and/or insert messages read and

361 views • 11 slides
The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt

The Role of Trust Management in Distributed Systems Security (KeyNote) Darrell Hyatt Introduction For secure distributed systems, ACLs are inadequate Password-based protocols are insecure in a networked environment Centralized

252 views • 12 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

Linking Assurity OneKey 2FA to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will require 2 Factor Authentication (2FA) login with effect from 18 July 2018 IRMS AcuteNET (eReferral ACP (InteRAI)

229 views • 21 slides
to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will

Testing Assurity OneKey 2FA Link to AIC Systems 1 In compliance with MOHH IT Security Policy The following AIC systems will require 2 Factor Authentication (2FA) login with effect from 18 July 2018 IRMS AcuteNET (eReferral ACP (InteRAI)

424 views • 16 slides
Research Interests Distributed algorithms Distributed shared memory systems Distributed

Research Interests Distributed algorithms Distributed shared memory systems Distributed

Privacy & Security in Machine Learning / Optimization Nitin Vaidya University of Illinois at Urbana-Champaign disc.ece.illinois.edu Research Interests Distributed algorithms Distributed shared memory systems Distributed

1.2k views • 70 slides
Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17, 2014 Recap & outline Security is hard Cryptography is not security No "security through obscurity" Today:

924 views • 39 slides
Distributed Systems 1 Roadmap CPU management Memory management Disk management

Distributed Systems 1 Roadmap CPU management Memory management Disk management

Distributed Systems 1 Roadmap CPU management Memory management Disk management Distributed System Protection & Security Virtual machine 2 Today Distributed systems overview Basic network concepts TCP/IP

316 views • 16 slides
The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed

The Intersection of Application and Security Architecture Through the lens of distributed systems Walt Williams Who is this bloke? Author of Security for Service Oriented Architecture, CRC press 2014 Director of Information Security,

1.12k views • 55 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
Safely Reusing Model Transformations through Family Polymorphism

Safely Reusing Model Transformations through Family Polymorphism

02/10/2014 Safely Reusing Model Transformations through Family Polymorphism Director of IRISA

430 views • 24 slides
Introduction to Programming Assist. Prof. Dr. Moharram Challenger Ege University, International

Introduction to Programming Assist. Prof. Dr. Moharram Challenger Ege University, International

Introduction to Programming Assist. Prof. Dr. Moharram Challenger Ege University, International Computer Institute Who are the teaching team? Lecturer: Moharram Challenger, PhD. Email: m.challenger@gmail.com

650 views • 17 slides
2.1.1 URDF: Introduction Gijs van der Hoorn URDF? robot model storage format? simulation

2.1.1 URDF: Introduction Gijs van der Hoorn URDF? robot model storage format? simulation

2.1.1 URDF: Introduction Gijs van der Hoorn URDF? robot model storage format? simulation format? required? URDF What is it? Domain specific modeling language (DSML) XML Stores: Kinematics Dynamics parameters

578 views • 11 slides
Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems

Pragmatic integration of model driven engineering and formal methods for safety critical systems design Marc Pantel and many others IRIT - ACADIE ENSEEIHT - INPT - Universit de Toulouse Institute of Cybernetics Institute Tallinn

1.58k views • 110 slides
INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by

Chapter #1 INTRODUCTION Teaching material for the book Model-Driven Software Engineering in Practice by Marco Brambilla, Jordi Cabot, Manuel Wimmer. Morgan & Claypool, USA, 2012. Marco Brambilla, Jordi Cabot, Manuel Wimmer.

221 views • 19 slides
Towards Law-Aware Semantic Cloud Policies with Exceptions for Data Integration and Protection

Towards Law-Aware Semantic Cloud Policies with Exceptions for Data Integration and Protection

Towards Law-Aware Semantic Cloud Policies with Exceptions for Data Integration and Protection Yuh-Jong Hu Win-Nan Wu Di-Rong Cheng { hu, d9905, 98753031 } @cs.nccu.edu.tw Emerging Network Technology(ENT) Lab. Department of Computer Science

1.24k views • 112 slides
Tutorial at SPLC 2013 August 27 th 2013 Motivation ivation Introduction

Tutorial at SPLC 2013 August 27 th 2013 Motivation ivation Introduction

Mahdi Bashari University of New Brunswick Ebrahim Bagheri Ryerson University Tutorial at SPLC 2013 August 27 th 2013 Motivation ivation Introduction Adaptation aspects Overview of three DSPL approaches Engineering of

1.37k views • 125 slides
Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach

Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach

RTNS 2010 4th Junior Researcher Workshop on Real-Time Computing (JRWRTC10) November 4th, 2010, Toulouse, FRANCE Towards a Behavioral Modeling of Real-Time Kernel in a Model Driven Development Approach Cdrick Lelionnais & Jrme

357 views • 10 slides

More recommend