policy driven distributed
play

Policy-driven Distributed University of Illinois Marianne Winslett - PDF document

Apr 07, 2023 •215 likes •763 views

1 Marianne Winslett / POLICY 2007 Policy-driven Distributed University of Illinois Marianne Winslett Status and Prospects Authorization: (sanitized version) 2 A tale of two trends Marianne Winslett / POLICY 2007 3 Organizational

  1. 1 Marianne Winslett / POLICY 2007 Policy-driven Distributed University of Illinois Marianne Winslett Status and Prospects Authorization: (sanitized version)

  2. 2 A tale of two trends Marianne Winslett / POLICY 2007

  3. 3 Organizational boundaries used to be solid Marianne Winslett / POLICY 2007

  4. 4 Now boundaries are fuzzy Why? Marianne Winslett / POLICY 2007

  5. 5 Competitive pressures are dissolving boundaries Who It Supplies Who It Supplies Organization Organization Partner Partner Partner Partner Partner Partner Partner Partner Who Supplies It Who Supplies It Marianne Winslett / POLICY 2007

  6. 6 Example: supply chains Walmart Walmart Supplier Supplier Supplier Supplier Supplier Supplier Supplier Supplier Supplier Supplier 2 nd level 2 nd level 2 nd level 2 nd level 2 nd level 2 nd level Supplier Supplier Supplier Supplier Supplier Supplier Marianne Winslett / POLICY 2007

  7. 7 Example: first responders EOC EOC Police Fire Police Fire Medical Public Red Medical Public Red Transit Cross Transit Cross Illinois School Chemical Illinois School Chemical Railroad District Owner Railroad District Owner Marianne Winslett / POLICY 2007

  8. 8 Example: any large enterprise Organization Organization Japanese Division European Division Japanese Division European Division US Division US Division Accounting Accounting Accounting Accounting Accounting Accounting HR HR HR HR HR HR Product Product Product Product Product Product Line 1 Line 1 Line 4 Line 7 Line 4 Line 7 Product Product Product Product Product Product Line 8 Line 2 Line 5 Line 8 Product Line 2 Line 5 Product Product Product Product Line 6 Product Line 6 Line 3 Line 3 Line 9 Line 9 Marianne Winslett / POLICY 2007

  9. 9 Distinction between insiders and outsiders becomes unclear Organization Marianne Winslett / POLICY 2007

  10. 10 Corporations are also facing new pressures for accountability Marianne Winslett / POLICY 2007

  11. 11 Accountability includes knowing who can/did do what to your data when Marianne Winslett / POLICY 2007

  12. 12 Industry is taking several steps to meet these needs Strong authentication (X.509) Centralize role definitions, base on attributes Get access control out of apps (some day) Emp3 Emp2 Emp Emp4 SAP Access Policy CRM SAP ERP Access Access Access Policy Policy Emp1 Policy Marianne Winslett / POLICY 2007

  13. 13 So enterprises are moving toward attribute-based access control HR Based off centralized LDAP + X.509 HR HR HR Avoids inconsistency due to distribution Easier to maintain, compared to ACLs HR HR Walmart Walmart Walmart’s supplier Walmart’s supplier Walmart’s supplier’s Walmart’s supplier’s supplier supplier Less insider threat Marianne Winslett / POLICY 2007

  14. 14 Doesn’t this sound like a good thing? Marianne Winslett / POLICY 2007

  15. 15 Why this scares me: Automated exploitation of policy errors Marianne Winslett / POLICY 2007

  16. 16 Why this scares me: Cent ralized aut horizat ion services can be at t acked Marianne Winslett / POLICY 2007

  17. 17 Why this scares me: Understanding policies Industrial policy languages were not int ended for rigorous analysis or user- friendliness Analysis tools Marianne Winslett / POLICY 2007

  18. 18 Do things look more promising outside of industry? Bilateral trust Sensitive policies and credentials We understand this theory pretty well Marianne Winslett / POLICY 2007

  19. Trust-negotiation-like approaches will 19 inevitably come into use Beijing Office Alice’s Network TrustBuilder Authorization Security Server’s TrustBuilder Agent Security Agent Authorization Server receives Alice’s LAN access request C I Auth. Server discloses access policy (on- s c o site access for WidgetCorp employees only) 4 o h c c s C I a t P Alice discloses her policy for C I s c o disclosing her WidgetCorp employee ID Patch 4 Auth. Server discloses its patch Patch 4 level credential, proves ownership C I s c o Alice discloses her employee Patch 4 C I s c o ID, proves ownership Auth. Server grants access to certain portions of LAN Marianne Winslett / POLICY 2007

  20. 20 But this only means more policies, more complex decisions to explain “ Ohhhhhhh . . . Look at t hat , Schust er . . . Dogs are so cut e when t hey t ry t o comprehend quant um mechanics” --Gary Larson Marianne Winslett / POLICY 2007

  21. 21 Traditional access control is transparent; TN is not You are in the right group Marianne Winslett / POLICY 2007

  22. 22 Great ideas can fail if they don’t consider the human factor The success of at t ribut e-based policies for securit y and privacy, and ult imat ely t he open and compliant syst ems t hey enable, relies on t he abilit y of humans to comprehend and manage these policies. Marianne Winslett / POLICY 2007

  23. 23 Policy HCI is my #1 open problem Real-world case studies of policy management activities, to learn how users think about these activities User interfaces to help people understand and modify large, complex sets of policies Marianne Winslett / POLICY 2007

  24. 24 Example: Allegis policy middleware company Software for cross-organizational access to customer relationship management applications Allegis does not allow its clients to update their policies themselves Only policy specialists can be trusted to understand and update the policies correctly Even they may struggle to specify, modify, and comprehend complex policies--- note CRM focus Marianne Winslett / POLICY 2007

  25. 25 Large policies are as complex as any software Declarative policy languages are not a panacea Consider hundreds of pages of (declarative) SQL SELECT a1.Name, a1.Sales, SUM(a2.Sales)/(SELECT SUM(Sales) FROM Total_Sales) Pct_To_Total FROM Total_Sales a1, Total_Sales a2 WHERE a1.Sales <= a2.sales or (a1.Sales=a2.Sales and a1.Name = a2.Name) GROUP BY a1.Name, a1.Sales ORDER BY a1.Sales DESC, a1.Name DESC; … And any bugs may be found and exploited automatically Marianne Winslett / POLICY 2007

  26. 26 What if companies manage their own policies, as is natural with ABAC? How can a decision-maker with limited technical expert ise quickly underst and a part icular policy t hat suddenly becomes crucial? What if the company’ s policy admin quits or is sick? How can a new hire quickly underst and policies? Ordinary users: Why was t his decision made? How can I get it reversed? What if I … Marianne Winslett / POLICY 2007

  27. 27 A proof is not an explanation Proofs are fundamental in TN But almost no one can understand a proof Need heuristics to turn proofs into explanations, both for ordinary users and administrators An explanation of why you didn’ t get access, or how to get access, or what these policies say, doesn’ t start from a proof Marianne Winslett / POLICY 2007

  28. 28 A possible solution: visual metaphors Context sensitive menus could be used to set temporal and other related constraints, indicated with small icons File Edit Actions Window Subject Request Resource Entity Roles Credentials * Gurtner Resources Nurse Doctor Demographic Prescription Nurse Doctor Policies conceal ** control Adam ... Patient Administrator Lab report X-ray Patient Administrator Users Conceal Release Visual View The patient, Adam, wants to conceal Conceal-request(Jay, [(X-Ray, 5/2003, 7/2003)], Dr_Gupta, 5/2003) prescriptions after May 2006* and lab reports after June 2006** from Dr. Gurtner [his Conceal-request(Ragib, [(Demographic)], Dr_Snir, 8/2000) previous physician]. Conceal-request(Adam, [(Lab_Report, 6/2006), Adjustable borders allow the (Prescriptions, 5/2006)], Dr_Gurtner, NOW) source code and explanation windows to be selectively Conceal-request(Megan, [(Prescriptions, 1/2005)], Dr_Nelson, 12/2004) positioned or closed Source Code Explanation Figure . Early design schematic for a visual interface for managing security policies. Marianne Winslett / POLICY 2007

  29. 29 A possible solution: use AI to convert proofs into explanations Marianne Winslett / POLICY 2007

  30. 30 Policy analysis is the #2 open problem We need to develop tools for analyzing large sets of policies Safety Availability What-if? Why? both for policy administrators and ordinary users even in heterogeneous systems. Challenges #1 & #2 should keep us busy for the next decade! Marianne Winslett / POLICY 2007

  31. 31 Lack of real-world experience is challenge #3 Cassandra health care policies Shibboleth installations--- but only one-shot unilateral trust, with a closed set of organizations We need more feedback from the real world to ensure that we are addressing the most important problems in policy-based authorization! Marianne Winslett / POLICY 2007

  32. 32 Vulnerability to attack is #4 Cent ralized aut horizat ion servers are attractive target TN is heavyweight � DDoS is so easy Marianne Winslett / POLICY 2007

  33. 33 TN is heavyweight Multiple rounds of exchange ? ? ?? ? ? ?? ? ? ? ? (Nested) third-party Complex decision making processes interactions Expensive crypto ?? ?? This is a liability . Solutions will require a multi-faceted ? ? approach. Marianne Winslett / POLICY 2007

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

UNIVERSIT DOTTAWA IEEE NM Workshop-98, Kazi Farooqui.. UNIVERSITY OF OTTAWA Policy-Driven

UNIVERSIT DOTTAWA IEEE NM Workshop-98, Kazi Farooqui.. UNIVERSITY OF OTTAWA Policy-Driven

UNIVERSIT DOTTAWA IEEE NM Workshop-98, Kazi Farooqui.. UNIVERSITY OF OTTAWA Policy-Driven DISTRIBUTED MANAGEMENT ARCHITECTURES (Towards Open Distributed Management Architecture) Integrating Management and Distributed Object

538 views • 28 slides
A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev

A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev

A Framework for Distributed Intrusion Detection using Interest-Driven Cooperating Agents Rajeev Gopalakrishna and Eugene H. Spafford Distributed IDS a system where the analysis of the data is performed on a number of locations

387 views • 17 slides
Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan

Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan

Authentic Execution of Distributed Event-Driven Applications with a Small TCB Job Noorman, Jan Tobias Mhlberg and Frank Piessens jantobias.muehlberg@cs.kuleuven.be imec-DistriNet, KU Leuven, Celestijnenlaan 200A, B-3001 Belgium STM17, Oslo,

568 views • 29 slides
Model Driven Middleware Presented by: Thomas Repantis trep@cs.ucr.edu CS260-Seminar in Computer

Model Driven Middleware Presented by: Thomas Repantis trep@cs.ucr.edu CS260-Seminar in Computer

Model Driven Middleware Presented by: Thomas Repantis trep@cs.ucr.edu CS260-Seminar in Computer Science, Spring 2004 p.1/20 Overview Applying Model Driven Architectures to Distributed Systems. 1. Distributed Real-Time Embedded Systems

494 views • 20 slides
Performance-driven system Performance-driven system generation for distributed generation for

Performance-driven system Performance-driven system generation for distributed generation for

Performance-driven system Performance-driven system generation for distributed generation for distributed vertex-centric vertex-centric graph processing graph processing on multi-FPGA systems on multi-FPGA systems Nina Engelhardt C.-H.

435 views • 14 slides
Data-driven Coordination of Distributed Energy Resources Alejandro D. Dom nguez-Garc a

Data-driven Coordination of Distributed Energy Resources Alejandro D. Dom nguez-Garc a

Data-driven Coordination of Distributed Energy Resources Alejandro D. Dom nguez-Garc a Coordinated Science Laboratory Department of Electrical and Computer Engineering University of Illinois at Urbana-Champaign PSERC Webinar Series

730 views • 43 slides
RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix

RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix

Introduction Modeling Distributed Systems RBAC Administration in Distributed Systems Policy Distribution Concluding Remarks Marnix Dekker, Jason Crampton, Sandro Etalle Questions Distributed and Embedded Systems groep (DIES), Universitity

541 views • 26 slides
BONUS, the policy-driven joint Baltic Sea research and development programme supports cleaner and

BONUS, the policy-driven joint Baltic Sea research and development programme supports cleaner and

BONUS, the policy-driven joint Baltic Sea research and development programme supports cleaner and safer maritime activities and related policy action Maija Sirola at CBSS Expert Group on Maritime Policy, 5 September 2017, Dons Participating

386 views • 11 slides
QoSPL: A QoS-Driven Software Product Line Engineering Framework for Distributed Real-time and

QoSPL: A QoS-Driven Software Product Line Engineering Framework for Distributed Real-time and

QoSPL: A QoS-Driven Software Product Line Engineering Framework for Distributed Real-time and Embedded Systems Shih-Hsi Liu 1 , Barrett R. Bryant 1 , Jeff Gray 1 , Rajeev Raje 2 , Mihran Tuceryan 2 , Andrew Olson 2 and Mikhail Auguston 3 Abstract

110 views • 6 slides
Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University

Policy-driven Negotiation for Authorization in the Grid Ionut Constandache Duke University Daniel Olm edilla L3S Research Center Frank SiebenList Argonne National Laboratory 8 th IEEE POLICY Bologna, Italy, 15 th June 20 0 7 Outline

414 views • 19 slides
Data-driven assessment of distributed PV systems and their impacts on electricity network planning

Data-driven assessment of distributed PV systems and their impacts on electricity network planning

Data-driven assessment of distributed PV systems and their impacts on electricity network planning and operation Navid Haghdadi UNSW SPREE Seminar 20 September 2018 A PhD story with lots of fun! 3 months ago: 2018-06 8.45GW PhD

400 views • 25 slides
Dynamic Generation of Agent Communities from Distributed Production and Content-Driven Delivery

Dynamic Generation of Agent Communities from Distributed Production and Content-Driven Delivery

Dynamic Generation of Agent Communities from Distributed Production and Content-Driven Delivery of Knowledge AAAI Spring Symposium on Agent-Mediated Knowledge Management (AMKM-03) Sinuh Arroyo Juan Manuel Dodero Richard Benjamins Institut

473 views • 16 slides
Distributed Workflow-Driven Analysis of Large-Scale Biological Data using bioKepler Ilkay

Distributed Workflow-Driven Analysis of Large-Scale Biological Data using bioKepler Ilkay

Distributed Workflow-Driven Analysis of Large-Scale Biological Data using bioKepler Ilkay ALTINTAS, Ph.D. Deputy Coordinator for Research, San Diego Supercomputer Center, UCSD Lab Director, Scientific Workflow Automation Technologies

758 views • 36 slides
Flexibility Driven Scheduling and Mapping for Distributed Real-Time Systems Paul Pop, Petru Eles,

Flexibility Driven Scheduling and Mapping for Distributed Real-Time Systems Paul Pop, Petru Eles,

Flexibility Driven Scheduling and Mapping for Distributed Real-Time Systems Paul Pop, Petru Eles, Zebo Peng Department of Computer and Information S cience Linkpings universitet, Sweden 1 /23 1 of 14 Outline Introduction

559 views • 23 slides
AgriVIVO A Global Ontology-Driven RDF Store Based on a Distributed Architecture Valeria Pesce*,

AgriVIVO A Global Ontology-Driven RDF Store Based on a Distributed Architecture Valeria Pesce*,

Semantic Web in Libraries 2013 25 - 27 November 2013 Hamburg, Germany AgriVIVO A Global Ontology-Driven RDF Store Based on a Distributed Architecture Valeria Pesce*, John Fereira^, Jon Corson-Rikert^, Johannes Keizer~ *Global Forum on

1.02k views • 52 slides
Managing security policy in distributed systems Tim Moses 13 April 2004 v2 1 1 PDF created

Managing security policy in distributed systems Tim Moses 13 April 2004 v2 1 1 PDF created

Managing security policy in distributed systems Tim Moses 13 April 2004 v2 1 1 PDF created with FinePrint pdfFactory trial version www.pdffactory.com Agenda Definitions Motivation Policy models Policy languages Future w ork

226 views • 18 slides
A User -Perceived Availability Evaluation of a Web-based Travel Agency Mohamed Kaniche, Karama

A User -Perceived Availability Evaluation of a Web-based Travel Agency Mohamed Kaniche, Karama

A User -Perceived Availability Evaluation of a Web-based Travel Agency Mohamed Kaniche, Karama Kanoun, Magnos Martinello Partially supported by the European Community, DSoS - Project IST-1999-11585 DSN-2003, IPDS, 22-25 June 2003, San

479 views • 17 slides
RM6187 Management Consultancy Services Supplier Engagement 3rd February 2020 1 Agenda 1.

RM6187 Management Consultancy Services Supplier Engagement 3rd February 2020 1 Agenda 1.

RM6187 Management Consultancy Services Supplier Engagement 3rd February 2020 1 Agenda 1. Introductions 2. Timeline 3. Feedback from initial customer &amp; supplier sessions 4. Current lot proposal 5. Next Steps Supplier numbers

957 views • 29 slides
Peter Kolb Model for Outsourced Project Management Projects ETH Zurich Successful Software

Peter Kolb Model for Outsourced Project Management Projects ETH Zurich Successful Software

Peter Kolb Model for Outsourced Project Management Projects ETH Zurich Successful Software Outsourcing and Offshoring, - 1 - Objectives This module will enable the participant to: Plan and execute Software development projects with sub-

579 views • 21 slides
Managing Compliance Presented by Grace Robertson Internal Revenue Service November 17, 2009 ,

Managing Compliance Presented by Grace Robertson Internal Revenue Service November 17, 2009 ,

Managing Compliance Presented by Grace Robertson Internal Revenue Service November 17, 2009 , Introduction Objectives Objectives Guide for Completing Form 8823: Summary of Revisions Prioritize for Day-to-Day Operations Priority Topics

949 views • 69 slides
Local Buying Program Supplier Information Sessions : Port Hedland | 19 September 2017 Newman |

Local Buying Program Supplier Information Sessions : Port Hedland | 19 September 2017 Newman |

Local Buying Program Supplier Information Sessions : Port Hedland | 19 September 2017 Newman | 20 September 2017 1 Agenda WHAT: Is the Local Buying Program? WHY: Value and benefit to BHP / Community HOW : LBP portal works WHEN:

806 views • 16 slides
Design-by-Contract (DbC) Readings: OOSC2 Chapter 11 EECS3311 A: Software Design Fall 2018 C HEN

Design-by-Contract (DbC) Readings: OOSC2 Chapter 11 EECS3311 A: Software Design Fall 2018 C HEN

Design-by-Contract (DbC) Readings: OOSC2 Chapter 11 EECS3311 A: Software Design Fall 2018 C HEN -W EI W ANG Motivation: Catching Defects Design or Implementation Phase? To minimize development costs , minimize software defects . The

1.07k views • 57 slides
Teaching methods Pre-reading Ground Rules Research 1.

Teaching methods Pre-reading Ground Rules Research 1.

Teaching methods Pre-reading Ground Rules Research 1. Be on Gme and dont leave early Lecture 2. Mobiles and laptops off Discussion 3.

368 views • 8 slides
Organization Authority Database with classification principles Dagobert Soergel Department of

Organization Authority Database with classification principles Dagobert Soergel Department of

Design of an Organization Authority Database with classification principles Dagobert Soergel Department of Library and Information Studies Graduate School of Education, University at Buffalo Denisa Popescu World Bank Group, Washington, DC,

481 views • 28 slides

More recommend