Project AutoMate SESAME: Dynamic Context Aware Access Control G. - - PDF document

Project AutoMate

SESAME: Dynamic Context Aware Access Control

• G. Zhang, The AutoMate Group

The Applied Software Systems Laboratory Rutgers, The State University of New Jersey http://automate.rutgers.edu

CAIP Autonomic Computing Tutorial/Workshop June, 2003

CAIP Autonomic Computing Tutorial/Workshop, June 2003 2

Overview

• Security Issues in Autonomic Computing
• SESAME – Access Control Mechanism for Automate
• RBAC Introduction
• DRBAC Model
• DRBAC Model Explanation
• SESAME Architecture
• A Prototype Implementation in Discover
• Current Issues

CAIP Autonomic Computing Tutorial/Workshop, June 2003 3

Security Issues in Autonomic Computing

• Authentication
• Authorization, Access Control
• Intrusion Detection
• Security Policy Definition and Reasoning
• Resistant to Fraud and Persuasion
• Privacy
• Digital Signature, Non-repudiation

– Crucial for E-commerce Application

CAIP Autonomic Computing Tutorial/Workshop, June 2003 4

Authorization, Access Control

• The environment will be heterogeneous and dynamic
• Components amount will be huge and across domain
• Centralized Authorization is not sufficient
• Global name space has constraints.
• Access Control should be Context Aware
• DAC, MAC, RBAC
• Fine grained access control mechanism

– Our approach – SESAME( Environment Sensitive Access Management Engine)

• Dynamic Role Based Access Control

CAIP Autonomic Computing Tutorial/Workshop, June 2003 5

RBAC Introduction

• Alternative to traditional discretionary access control

(DAC) and mandatory access control (MAC)

• In RBAC, users are assigned roles and roles are

assigned permissions.

• RBAC0 the basic model where users are associated with roles

and roles are associated with permissions.

• RBAC1: RBAC0 with role hierarchies.
• RBAC2: RBAC1 with constraints on user/role, role/role, and/or

role/permission association.

• Cost of administrating RBAC is proportional to U+P

while the cost of associating users directly with permissions is proportional to U*P

CAIP Autonomic Computing Tutorial/Workshop, June 2003 6

SESAME-DRBAC Model

• Current access control mechanism focus on relatively

static scenarios where access depends on identity of the subject.

• Autonomic Computing –Self Protecting( Context

aware, Dynamic)

• Access capabilities and privileges of a component not
• nly depend on its identity but also on its current

context (i.e. current time, location, system resources, network state, etc.) and state.

• Extension of RBAC ( context information play a role in

access decision)

CAIP Autonomic Computing Tutorial/Workshop, June 2003 7

SESAME-DRBAC Model

CAIP Autonomic Computing Tutorial/Workshop, June 2003 8

SESAME-DRBAC Model Explanation

• Central Authority (CA) maintains the overall role

hierarchy for each domain.

• Each entity is assigned a subset of the role hierarchy
• Context agent monitors the context for the Entity and

dynamically changes the active role( Role State Machine).

• Context agent at the subject resource will use

environment and state information to dynamically adjust the permissions for each role (Permission State Machine).

CAIP Autonomic Computing Tutorial/Workshop, June 2003 9

Role & Permission State Machine

Role Hierarchy Permission Hierarchy

CAIP Autonomic Computing Tutorial/Workshop, June 2003 10

SESAME Architecture

CAIP Autonomic Computing Tutorial/Workshop, June 2003 11

A Prototype-DRBAC in Discover

• Discover enables geographically distributed scientists

and engineers to collaboratively access, monitor and control applications, services, resources and data on the Grid using pervasive portals.

– Discover Collaborative Portals – Discover Middleware Substrate – DIOS Interactive Object Framework (DIOS)

CAIP Autonomic Computing Tutorial/Workshop, June 2003 12

A Prototype-DRBAC in Discover

CAIP Autonomic Computing Tutorial/Workshop, June 2003 13

Role & Permission Hierarchy in Discover

P3 Guest P2,P3 Basic User P1, P2,P3 Super User Permissions Roles

Super User Basic User Guest Role Hierarchy P1 P2 P3 Permission Hierarchy

Basic P3 View object, Basic P2 Steer object, View object, Basic P1 Privileges Permissions CAIP Autonomic Computing Tutorial/Workshop, June 2003 14

Permission Hierarchy of One Application

P2 P3 null Basic User’s Permission P3 null Guest’s Permission P1 P2 P3 Super User’s Permission null

CAIP Autonomic Computing Tutorial/Workshop, June 2003 15

Access Control Policy – An Example

CAIP Autonomic Computing Tutorial/Workshop, June 2003 16

A Prototype-DRBAC in Discover

CAIP Autonomic Computing Tutorial/Workshop, June 2003 17

Current Issues

• Must guarantee the security of the context information.
• The active role of the user and the active permission
• f the role will change dynamically. We need some

mechanism to keep the consistency.

• Combine with available authentication mechanism.
• Delegation with DRBAC

CAIP Autonomic Computing Tutorial/Workshop, June 2003 18

Bibliography

• Ravi Sandhu, E.C., Hal Feinstein, Charles Youman, “Role-Based

Access Control Models”. IEEE Computer, 1996.

• D. M. Chess, C. C. Palmer, and S. R. White, "Security in an autonomic

computing environment", p.107, IBM Systems Journal - Vol. 42, No. 1, 2003.

• M. Agarwal, V. Bhat, Z. Li, H. Liu, B. Khargharia, V. Matossian, V.Putty,
• C. Schmidt, G. Zhang, S. Hariri and M. Parashar, “AutoMate: Enabling

Autonomic Applications on the Grid,” accepted for publications in the Proceedings of the Autonomic Computing Workshop(AMS2003),Seattle, WA, USA, IEEE Computer Society Press, June 2003 .

• G. Zhang, Manish Parashar, “Dynamic Context-aware Access Control for

Grid Applications”, submitted to 4th International Workshop on Grid Computing (Grid2003)

• G. Zhang, Manish Parashar, “Context-aware Dynamic Access Control for

Pervasive Computing”, submitted to 10th ACM Conference on Computer and Communications Security (CCS 2003).