Project AutoMate SESAME: Dynamic Context Aware Access Control G. Zhang, The AutoMate Group The Applied Software Systems Laboratory Rutgers, The State University of New Jersey http://automate.rutgers.edu CAIP Autonomic Computing Tutorial/Workshop June, 2003 Overview • Security Issues in Autonomic Computing • SESAME – Access Control Mechanism for Automate • RBAC Introduction • DRBAC Model • DRBAC Model Explanation • SESAME Architecture • A Prototype Implementation in Discover • Current Issues CAIP Autonomic Computing Tutorial/Workshop, June 2003 2 Security Issues in Autonomic Computing • Authentication • Authorization, Access Control • Intrusion Detection • Security Policy Definition and Reasoning • Resistant to Fraud and Persuasion • Privacy • Digital Signature, Non-repudiation – Crucial for E-commerce Application CAIP Autonomic Computing Tutorial/Workshop, June 2003 3
Authorization, Access Control • The environment will be heterogeneous and dynamic • Components amount will be huge and across domain • Centralized Authorization is not sufficient • Global name space has constraints. • Access Control should be Context Aware • DAC, MAC, RBAC • Fine grained access control mechanism – Our approach – SESAME( Environment Sensitive Access Management Engine) • Dynamic Role Based Access Control CAIP Autonomic Computing Tutorial/Workshop, June 2003 4 RBAC Introduction • Alternative to traditional discretionary access control (DAC) and mandatory access control (MAC) • In RBAC, users are assigned roles and roles are assigned permissions. • RBAC0 the basic model where users are associated with roles and roles are associated with permissions. • RBAC1: RBAC0 with role hierarchies. • RBAC2: RBAC1 with constraints on user/role, role/role, and/or role/permission association. • Cost of administrating RBAC is proportional to U+P while the cost of associating users directly with permissions is proportional to U*P CAIP Autonomic Computing Tutorial/Workshop, June 2003 5 SESAME-DRBAC Model • Current access control mechanism focus on relatively static scenarios where access depends on identity of the subject. • Autonomic Computing –Self Protecting( Context aware, Dynamic) • Access capabilities and privileges of a component not only depend on its identity but also on its current context (i.e. current time, location, system resources, network state, etc.) and state. • Extension of RBAC ( context information play a role in access decision) CAIP Autonomic Computing Tutorial/Workshop, June 2003 6
SESAME-DRBAC Model CAIP Autonomic Computing Tutorial/Workshop, June 2003 7 SESAME-DRBAC Model Explanation • Central Authority (CA) maintains the overall role hierarchy for each domain. • Each entity is assigned a subset of the role hierarchy • Context agent monitors the context for the Entity and dynamically changes the active role( Role State Machine). • Context agent at the subject resource will use environment and state information to dynamically adjust the permissions for each role (Permission State Machine). CAIP Autonomic Computing Tutorial/Workshop, June 2003 8 Role & Permission State Machine Role Hierarchy Permission Hierarchy CAIP Autonomic Computing Tutorial/Workshop, June 2003 9
SESAME Architecture CAIP Autonomic Computing Tutorial/Workshop, June 2003 10 A Prototype-DRBAC in Discover • Discover enables geographically distributed scientists and engineers to collaboratively access, monitor and control applications, services, resources and data on the Grid using pervasive portals. – Discover Collaborative Portals – Discover Middleware Substrate – DIOS Interactive Object Framework (DIOS) CAIP Autonomic Computing Tutorial/Workshop, June 2003 11 A Prototype-DRBAC in Discover CAIP Autonomic Computing Tutorial/Workshop, June 2003 12
Role & Permission Hierarchy in Discover Roles Permissions Super User P1, P2,P3 Super User P1 Basic User P2,P3 P2 Basic User Guest P3 P3 Guest Permissions Privileges Role Hierarchy Permission Hierarchy P1 Steer object, View object, Basic P2 View object, Basic P3 Basic CAIP Autonomic Computing Tutorial/Workshop, June 2003 13 Permission Hierarchy of One Application P1 P2 P2 P3 P3 P3 null null null Basic User’s Permission Super User’s Permission Guest’s Permission CAIP Autonomic Computing Tutorial/Workshop, June 2003 14 Access Control Policy – An Example CAIP Autonomic Computing Tutorial/Workshop, June 2003 15
A Prototype-DRBAC in Discover CAIP Autonomic Computing Tutorial/Workshop, June 2003 16 Current Issues • Must guarantee the security of the context information. • The active role of the user and the active permission of the role will change dynamically. We need some mechanism to keep the consistency. • Combine with available authentication mechanism. • Delegation with DRBAC CAIP Autonomic Computing Tutorial/Workshop, June 2003 17 Bibliography • Ravi Sandhu, E.C., Hal Feinstein, Charles Youman, “ Role-Based Access Control Models”. IEEE Computer, 1996. • D. M. Chess, C. C. Palmer, and S. R. White, "Security in an autonomic computing environment", p.107, IBM Systems Journal - Vol. 42, No. 1, 2003. • M. Agarwal, V. Bhat, Z. Li, H. Liu, B. Khargharia, V. Matossian, V.Putty, C. Schmidt, G. Zhang, S. Hariri and M. Parashar, “AutoMate: Enabling Autonomic Applications on the Grid,” accepted for publications in the Proceedings of the Autonomic Computing Workshop(AMS2003), Seattle, WA, USA, IEEE Computer Society Press, June 2003 . • G. Zhang, Manish Parashar, “Dynamic Context-aware Access Control for Grid Applications”, submitted to 4th International Workshop on Grid Computing (Grid2003) • G. Zhang, Manish Parashar, “Context-aware Dynamic Access Control for Pervasive Computing”, submitted to 10 th ACM Conference on Computer and Communications Security (CCS 2003). CAIP Autonomic Computing Tutorial/Workshop, June 2003 18
Recommend
More recommend
