may 3 trust and hybrid models
play

May 3: Trust and Hybrid Models Trust models Chinese Wall model - PowerPoint PPT Presentation

May 30, 2023 •335 likes •714 views

May 3: Trust and Hybrid Models Trust models Chinese Wall model Aggressive Chinese Wall model May 3, 2017 ECS 235B Spring Quarter 2017 Slide #1 Types of Trust Models Policy-based trust management Recommendation-based trust

  1. May 3: Trust and Hybrid Models • Trust models • Chinese Wall model – Aggressive Chinese Wall model May 3, 2017 ECS 235B Spring Quarter 2017 Slide #1

  2. Types of Trust Models • Policy-based trust management • Recommendation-based trust management May 3, 2017 ECS 235B Spring Quarter 2017 Slide #2

  3. Policy-Based Trust Management • Policy rules determine whether to trust • Credentials provide instantiation information – Credentials themselves may be input to rules – Trusted third parties may be involved • Generally assume agents act autonomously May 3, 2017 ECS 235B Spring Quarter 2017 Slide #3

  4. Keynote • Rule-based trust management system • Policy assertions: statements about policy • Credential assertions: describe actions allowed by credentials • Action environment: set of attributes describing action associated with set of credentials May 3, 2017 ECS 235B Spring Quarter 2017 Slide #4

  5. Evaluator • Inputs – Policy assertions describing local policy – Set of credentials – Action environment • Applies instantiated assertions to action environment • Outputs – Whether proposed action consistent with local policy May 3, 2017 ECS 235B Spring Quarter 2017 Slide #5

  6. Example: Email Domain Policy, credential assertions: Local-Constants: Alice="cred1234", Bob="credABCD" Authorizer: "authcred" Licensees: Alice || Bob Conditions: (app_domain == "RFC822-EMAIL") && (address ~= "^.*@keynote\\.ucdavis\\.edu$") Signature: "signed” entity with “authcred” credentials trust holders of “cred1234”, “credABCD” to issue credentials (“signed”) for users in email domain when address ends in “@keynote.ucdavis.edu May 3, 2017 ECS 235B Spring Quarter 2017 Slide #6

  7. Example: Email Domain Compliance values: _MAX_TRUST, _MIN_TRUST Action environment: _ACTION_AUTHORIZERS=Alice app_domain = "RFC822-EMAIL" address = ”opus@keynote.ucdavis.edu" Satisfied; output _MAX_TRUST May 3, 2017 ECS 235B Spring Quarter 2017 Slide #7

  8. Example: Separation of Duty Invoicing system delegates authority for payment of invoices to entity with credential fundmgrcred Policy assertion: Authorizer: "POLICY" Licensee: "fundmgecred" Conditions: (app_domain == "INVOICE" && @dollars < 10000) May 3, 2017 ECS 235B Spring Quarter 2017 Slide #8

  9. Example: Separation of Duty Credential assertion requiring at least 2 signatures on expenditure: Comment: specifies a spending policy Authorizer: "authcred" Licensees: 2-of("cred1", "cred2", "cred3", "cred4", "cred5") Conditions: (app_domain=="INVOICE”) -> { (@dollars) < 2500) -> _MAX_TRUST; (@dollars < 7500) -> "ApproveAndLog"; }; Signature: "signed" May 3, 2017 ECS 235B Spring Quarter 2017 Slide #9

  10. Example: Separation of Duty Compliance values: Reject, ApproveAndLog, Approve Action environment: _ACTION_AUTHORIZERS = "cred1,cred4" app_domain = "INVOICE" dollars = "1000" Satisfied; output Approve May 3, 2017 ECS 235B Spring Quarter 2017 Slide #10

  11. Example: Separation of Duty Action environment: _ACTION_AUTHORIZERS = "cred1,cred2" app_domain = "INVOICE" dollars = "3541" Satisfied; output ApproveAndLog May 3, 2017 ECS 235B Spring Quarter 2017 Slide #11

  12. Example: Separation of Duty Action environment: _ACTION_AUTHORIZERS = "cred1" app_domain = "INVOICE" dollars = "1500” _ACTION_AUTHORIZERS = "cred1,cred5" app_domain = "INVOICE" dollars = "8000” Not satisfied; output Reject May 3, 2017 ECS 235B Spring Quarter 2017 Slide #12

  13. Reputation-Based Trust Management • Trust based on past behavior, especially during interactions, and other information – May include other recommendations – Each entity maintains its own list of relationships May 3, 2017 ECS 235B Spring Quarter 2017 Slide #13

  14. Types of Trust • Direct trust – Amy trusts Boris • Recommender trust – Amy trusts Boris to make recommendations about others May 3, 2017 ECS 235B Spring Quarter 2017 Slide #14

  15. Example: Abdul-Rahman, Hailes • Trust value semantics value DT meaning RT meaning –1 Untrustworthy Untrustworthy 0 Cannot make trust judgment Cannot make trust judgment 1 Lowest trust level * 2 Average trustworthiness * 3 More trustworthy than most entities * 4 Completely trustworthy * May 3, 2017 ECS 235B Spring Quarter 2017 Slide #15

  16. Example • Amy needs Boris’ recommendation about Danny – Amy trusts Boris recommendation with value 2 • Boris doesn’t know Danny, so asks Carole • Carole replies with recommendation of 3 • Boris adds his name to recommendation, sends it on May 3, 2017 ECS 235B Spring Quarter 2017 Slide #16

  17. Amy’s Computation • 4 entities involved: Amy, Boris, Carole, Danny • tv (Amy:Boris)/4 × tv (Boris:Carole)/4 × tv (Carole:Danny)/4 = 2/4 × 3/4 × 3 = 9/8 May 3, 2017 ECS 235B Spring Quarter 2017 Slide #17

  18. Main Issue • How do you populate the initial matrix – That is, how do you set the trust values for each pair of entities May 3, 2017 ECS 235B Spring Quarter 2017 Slide #18

  19. Example: PeerTrust • Based on complaints as feedback – P peer-to-peer network, u node – p ( u , t ) node that u interacts with in transaction t – S ( u , t ) amount of satisfaction u gets from p ( u , t ) – I ( u ) total number of transactions u does – Cr ( v ) credibility of node v ’s feedback May 3, 2017 ECS 235B Spring Quarter 2017 Slide #19

  20. Example: PeerTrust • Trust value of u is: • where Cr ( v ) is (one of many possible): May 3, 2017 ECS 235B Spring Quarter 2017 Slide #20

  21. Key Points • Integrity policies deal with trust – As trust is hard to quantify, these policies are hard to evaluate completely – Look for assumptions and trusted users to find possible weak points in their implementation • Biba, Lipner based on multilevel integrity • Clark-Wilson focuses on separation of duty and transactions May 3, 2017 ECS 235B Spring Quarter 2017 Slide #21

  22. Chinese Wall Model Problem: – Tony advises American Bank about investments – He is asked to advise Toyland Bank about investments • Conflict of interest to accept, because his advice for either bank would affect his advice to the other bank May 3, 2017 ECS 235B Spring Quarter 2017 Slide #22

  23. Organization • Organize entities into “ conflict of interest ” classes • Control subject accesses to each class • Control writing to all classes to ensure information is not passed along in violation of rules • Allow sanitized data to be viewed by everyone May 3, 2017 ECS 235B Spring Quarter 2017 Slide #23

  24. Definitions • Objects : items of information related to a company • Company dataset (CD): contains objects related to a single company – Written CD ( O ) • Conflict of interest class (COI): contains datasets of companies in competition – Written COI ( O ) – Assume: each object belongs to exactly one COI class May 3, 2017 ECS 235B Spring Quarter 2017 Slide #24

  25. Example Bank COI Class Gasoline Company COI Class Bank of America Shell Oil Standard Oil Citibank Bank of the West Union ‘ 76 ARCO May 3, 2017 ECS 235B Spring Quarter 2017 Slide #25

  26. Temporal Element • If Anthony reads any CD in a COI, he can never read another CD in that COI – Possible that information learned earlier may allow him to make decisions later – Let PR ( S ) be set of objects that S has already read May 3, 2017 ECS 235B Spring Quarter 2017 Slide #26

  27. CW-Simple Security Condition • s can read o iff either condition holds: 1. There is an o ʹ such that s has accessed o ʹ and CD ( o ʹ ) = CD ( o ) Meaning s has read something in o ’ s dataset – 2. For all o ʹ ∈ O , o ʹ ∈ PR ( s ) ⇒ COI ( o ʹ ) ≠ COI ( o ) Meaning s has not read any objects in o ’ s conflict of – interest class • Ignores sanitized data (see below) • Initially, PR ( s ) = ∅ , so initial read request granted May 3, 2017 ECS 235B Spring Quarter 2017 Slide #27

  28. Sanitization • Public information may belong to a CD – As is publicly available, no conflicts of interest arise – So, should not affect ability of analysts to read – Typically, all sensitive data removed from such information before it is released publicly (called sanitization ) • Add third condition to CW-Simple Security Condition: 3. o is a sanitized object May 3, 2017 ECS 235B Spring Quarter 2017 Slide #28

  29. Writing • Anthony, Susan work in same trading house • Anthony can read Bank 1 ’ s CD, Gas ’ CD • Susan can read Bank 2 ’ s CD, Gas ’ CD • If Anthony could write to Gas ’ CD, Susan can read it – Hence, indirectly, she can read information from Bank 1 ’ s CD, a clear conflict of interest May 3, 2017 ECS 235B Spring Quarter 2017 Slide #29

  30. CW-*-Property • s can write to o iff both of the following hold: 1. The CW-simple security condition permits s to read o ; and 2. For all unsanitized objects o ʹ , if s can read o ʹ , then CD ( o ʹ ) = CD ( o ) • Says that s can write to an object if all the (unsanitized) objects it can read are in the same dataset May 3, 2017 ECS 235B Spring Quarter 2017 Slide #30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and

A New Framework For Hybrid Models An Application: Deep Hybrid Models Supervised and Semi-Supervised Experiments Deep Hybrid Models: Bridging Discriminative and Generative Approaches Volodymyr Kuleshov and Stefano Ermon Department of Computer

523 views • 29 slides
Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what

www.cdbf.ch STEPSATC Lausanne Conference 2015 Towards a Swiss Trust : Pondering Models Prof. Luc Thvenoz Swiss trust: who for? what for? Promoting a Swiss trust requires clear choices: n family planning or commercial

271 views • 14 slides
Hybrid Models with Deep and Invertible Features Eric Nalisnick *, Akihiro Matsukawa*, Yee Whye

Hybrid Models with Deep and Invertible Features Eric Nalisnick *, Akihiro Matsukawa*, Yee Whye

Hybrid Models with Deep and Invertible Features Eric Nalisnick *, Akihiro Matsukawa*, Yee Whye Teh, Dilan Gorur, Balaji Lakshminarayanan *equal contribution Predictive Models Hybrid Models with Deep and Invertible Features Predictive Models

809 views • 16 slides
The Ambiguity of Trust Maj Bishane Doc Whitmore Definitions/Relevant Models

The Ambiguity of Trust Maj Bishane Doc Whitmore Definitions/Relevant Models

The Ambiguity of Trust Maj Bishane Doc Whitmore Definitions/Relevant Models Background/Purpose/Research Question(s) - Trust is defined as assured reliance on the - Lack of fidelity regarding trust. character, ability, strength, or

676 views • 5 slides
Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control

Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control

Stochastic hybrid models for DNA replication in the fission yeast John Lygeros Automatic Control Laboratory, ETH Zrich www.control.ethz.ch Outline 1. Hybrid and stochastic hybrid systems 2. Reachability &amp; randomized methods 3. DNA

682 views • 44 slides
Trust Models CS461/ECE422 1 Reading Chapter 5.1 5.3 (stopping at Models Proving

Trust Models CS461/ECE422 1 Reading Chapter 5.1 5.3 (stopping at Models Proving

Trust Models CS461/ECE422 1 Reading Chapter 5.1 5.3 (stopping at Models Proving Theoretical Limitations) in Security in Computing 2 Outline Trusted System Basics Specific Policies and models Military Policy

561 views • 43 slides
Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works

Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works

Francis Bernardeau IHP, 2006 SPhT Saclay Extended hybrid inflationary Extended hybrid inflationary models models Partly based on works in collaboration with Partly based on works in collaboration with Tristan Brunier Brunier ( (SPhT

938 views • 25 slides
1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid

1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid

1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid discrete-continuous models are convenient for many systems Active Estimation for Switching Failure-prone components (Funiak03, Dearden02) Piloted

418 views • 7 slides
Models for Hybrid Systems Bart De Schutter TU Delft, The Netherlands b.deschutter@its.tudelft.nl

Models for Hybrid Systems Bart De Schutter TU Delft, The Netherlands b.deschutter@its.tudelft.nl

st 1 HYCON PhD School on Hybrid Systems www.ist-hycon.org www.unisi.it Models for Hybrid Systems Bart De Schutter TU Delft, The Netherlands b.deschutter@its.tudelft.nl scimanyd suounitnoc enibmoc smetsys dirbyH lacipyt (snoitauqe ecnereffid

147 views • 12 slides
Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS

May 1: Integrity Models Biba Clark-Wilson Comparison Trust models May 1, 2017 ECS 235B Spring Quarter 2017 Slide #1 Integrity Overview Requirements Very different than confidentiality policies Biba s models

514 views • 33 slides
MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS

MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS

DISCRETE DISCRETE EVENT AN EVENT AND HYBRID SY HYBRID SYSTEM STEM MODELS AND M MODELS AND METHODS ETHODS FOR FOR CYBER-PHY CYBER PHYSICAL SICAL SY SYSTEMS STEMS C. G . G. Cassand . Cassandras as Division of Systems Engineering

1.34k views • 118 slides
Japanese Higher Education Hybrid of models Towards privatisation? Restructuring of the

Japanese Higher Education Hybrid of models Towards privatisation? Restructuring of the

2 nd International Workshop on Reform of Higher Education in Six Countries 8-9 July 2004, Wiener Gartenhotel Altmannsdorf, Vienna, Austria Japanese Higher Education Hybrid of models Towards privatisation? Restructuring of the national

305 views • 6 slides
Motivation: Embedded Systems Motivation: Embedded Systems discrete inputs Hybrid Models for

Motivation: Embedded Systems Motivation: Embedded Systems discrete inputs Hybrid Models for

Motivation: Embedded Systems Motivation: Embedded Systems discrete inputs Hybrid Models for Hybrid Models for Analysis and Control Design Analysis and Control Design symbols symbols Consumer electronics Home appliances automaton /

345 views • 12 slides
DAA DNT Hybrid Yahoo! Privacy, Trust &amp; Safety Group 28 April 2011 Presented by: Vinay Goel

DAA DNT Hybrid Yahoo! Privacy, Trust &amp; Safety Group 28 April 2011 Presented by: Vinay Goel

DAA DNT Hybrid Yahoo! Privacy, Trust &amp; Safety Group 28 April 2011 Presented by: Vinay Goel (vgoel@yahoo-inc.com) Session Topic: Opt-outs, Granular Control and Multiple Mechanisms How can we provide granular controls that allow users to

1.02k views • 3 slides
Flat MPI vs. Hybrid: Evaluation of Parallel Programming Models for Preconditioned Iterative

Flat MPI vs. Hybrid: Evaluation of Parallel Programming Models for Preconditioned Iterative

Flat MPI vs. Hybrid: Evaluation of Parallel Programming Models for Preconditioned Iterative Solvers on T2K Open Supercomputer Kengo NAKAJIMA Information Technology Center The University of Tokyo Second International Workshop on Parallel

330 views • 30 slides
The Postulates What is a postulate? 1 suggest or assume the existence, fact, or truth of

The Postulates What is a postulate? 1 suggest or assume the existence, fact, or truth of

The Postulates What is a postulate? 1 suggest or assume the existence, fact, or truth of (something) as a basis for reasoning, discussion, or belief. a theory postulated by a respected scientist synonyms: suggest, advance, posit,

583 views • 25 slides
Breaking the Rules of Game Design: when to go against Autonomy, Competence, and Relatedness

Breaking the Rules of Game Design: when to go against Autonomy, Competence, and Relatedness

Breaking the Rules of Game Design: when to go against Autonomy, Competence, and Relatedness Kaitlyn Burnell Programmer, Naughty Dog (ideas for this talk developed at CCP) Spoiler Warning Glossary Autonomy Competence Relatedness Why

1.9k views • 126 slides
1. Vectors and the dot product v in R 3 is an arrow. It has a direction and a length (aka A vector

1. Vectors and the dot product v in R 3 is an arrow. It has a direction and a length (aka A vector

1. Vectors and the dot product v in R 3 is an arrow. It has a direction and a length (aka A vector the magnitude), but the position is not important. Given a coordinate axis, where the x -axis points out of the board, a little towards the left,

239 views • 6 slides
CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME Window may contain frames from different sources Frame: rigid division as part of frameset iFrame: flo floati ting inline frame iFrame

787 views • 60 slides
Wireless Usage Measurement: Research Needs and Support for National Policy and Rule Making Dr.

Wireless Usage Measurement: Research Needs and Support for National Policy and Rule Making Dr.

Wireless Usage Measurement: Research Needs and Support for National Policy and Rule Making Dr. Rangam Subramanian, MBA Office of Spectrum Management Chief Technology and Spectrum Policy Strategist National Telecommunication Information

601 views • 8 slides
Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li

Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li

Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li 1 , and Milos Gligoric 1 The Coq Workshop 2020 1 The University of Texas at Austin 2 KTH Royal Institute of Technology Background: Coq is a

487 views • 24 slides
Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li

Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li

Learning to Format Coq Code Using Language Models Pengyu Nie 1 , Karl Palmskog 2 , Junyi Jessy Li 1 , and Milos Gligoric 1 The Coq Workshop 2020 1 The University of Texas at Austin 2 KTH Royal Institute of Technology Background: Coq is a

630 views • 25 slides
Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Hoare logic separation logic. We looked at the concepts separation logic is based on, the new

Introduction In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing Hoare logic separation logic. We looked at the concepts separation logic is based on, the new assertions that

396 views • 14 slides

More recommend