reachability analysis for role based administration of
play

Reachability Analysis For Role Based Administration of User - PowerPoint PPT Presentation

Oct 28, 2022 •325 likes •583 views

Reachability Analysis For Role Based Administration of User Attributes Xin Jin, Ram Krishnan, Ravi Sandhu Institute of Cyber Security (ICS) University of Texas at San Antonio (UTSA) San Antonio, Texas, USA April 22, 2014 1 / 25 Content

  1. Reachability Analysis For Role Based Administration of User Attributes Xin Jin, Ram Krishnan, Ravi Sandhu Institute of Cyber Security (ICS) University of Texas at San Antonio (UTSA) San Antonio, Texas, USA April 22, 2014 1 / 25

  2. Content Background and Motivation Related Work Contributions of Our Paper Conclusion and Future Work 2 / 25

  3. Background and Motivation What is User Attributes 3 / 25

  4. Background and Motivation Related research with User Attributes ◮ Attribute based access control ( ABAC ): Jin et al (DBSEC 12), Wang et al (FSME 04), Hu et al (NIST draft model 2013), Chadwick et al (WETICE 06), XACML 3.0 (06), Pirretti et al (CCS 06), Li et al (Oakland 02) ◮ Attribute based encryption ( ABE ): Goyal et al (CCS 06), Bethencourt et al (Oakland 07), Ostrovsky et al (CCS 07), Rouselakis et al (CCS 13), Liu et al (CCS 13) ◮ Identity management : Chadwick et al (Computer 09) ◮ Usage control : UCON ABC by Park et al (TISSEC 04) 4 / 25

  5. Background and Motivation Attribute Administration ◮ In each organization, certain administrators have to assign user attributes values when the user is provisioned and modify user attributes values thereafter. ◮ Attributes of the same user constrain each other. Administration rules are specified to regulate attribute modifications. Example Rule clearance attribute of users can be assigned to “topsecret” IF : “officer” ∈ role(u) ∧ clearance(u) == “secret” ∧ work-type(u) == “full-time”. 5 / 25

  6. Background and Motivation Motivation for Reachability Problem Example Authorization Policy read( sub , obj ) → ¬ (clearance(u) == “topsecret” ∧ work-type(u) == “part-time”) Questions Given a predefined administrative rules, will Alice ever be able to access obj in the future? It is equivalent to ask whether Alice’s attribute can reach conditions which satisfies the authorization policy. 6 / 25

  7. Background and Motivation Attributes Assignment Constraints ◮ Rule 1 : assign clearance(u) to “topsecret” IF : “officer” ∈ role(u) ∧ clearance(u) == “secret” ∧ work-type(u) == “full-time”. ◮ Rule 2 : assign work-type(u) to “part-time” IF “officer” ∈ role(u). Transition by Rule 1 From rule 1, it seems that the user will never get access to obj . Transition by Rule 2 “officer” ∈ role(Alice), clearance(Alice) == “topsecret”, work-type(Alice) == “full-time” → “officer” ∈ role(Alice), clearance(Alice) == “topsecret” , work-type(Alice) == “part-time”. 7 / 25

  8. Background and Motivation ◮ Given a large set of administration rules, it is hard to tell whether user attributes can reach certain values as expected. ◮ Constraints (Crampton et al (SACMAT 03), Ahn et al (TISSEC), Bijon et al (PASSAT 13)) can be deployed on user attributes assignment. It prevent values to be assigned. Reachability is still important. Help understand what each assignment enables indirectly and also help design constraints. ◮ Reachability analysis help solves this problem by determining whether user attributes can reach certain value based on given policies. 8 / 25

  9. Related Work ◮ The Harrison Ruzzo Ullman (HRU) model: Safety problem regarding leakage of a specific right. Others are TAM, ATAM by Sandhu et al (Oakland 92). ◮ Role Based Trust Management (RT): safety analysis on trust relationships: Li et al (Oakland 02, 03) ◮ ARBAC97 Related: Safety analysis on role administration rules: Stoller et al (CCS 07, ESORICS 10, CSFW 06, SACMAT 09), Alberti et al (ASIACCS 2011), Armando et al (DBSEC 2012), Li et al (SACMAT 04) ◮ Others: policy mis-configuration detection, model checking, policy analysis, etc. 9 / 25

  10. Related Work Limitations ◮ Analysis on only rules for one user attribute—–role, and is for RBAC authorization policy, i.e., role represents permissions. ◮ There is connection between those work and reachability analysis for attributes. But it is not intuitive and has not been studied. ◮ Attribute reachability is beyond the safety analysis of role as defined in related work. 10 / 25

  11. Contributions of Our Paper Our Contributions ◮ Formally define user attribute administration as state transition system. ◮ Define two kinds of reachability problems in the context of attribute administration Model. ◮ Provide formal proof for problem complexity. Most problems are in PSPACE-complete. ◮ Discover practical restrictions on policies and design polynomial time solvable algorithms. 11 / 25

  12. Contributions of Our Paper Attributes, State, State Transition and Rules 12 / 25

  13. Contributions of Our Paper State Transition Rules User attributes changes as guided by some models. We take a restricted version of the Generalized User-Role Assignment Model (GURA) (Jin et al WSRAS12) here. It is simple while the reachability problem is not obvious. can add sua ⊆ AR × C × SCOPE sua can delete sua ⊆ AR × C × SCOPE sua can assign aua ⊆ AR × C × SCOPE aua sua : a set-valued attribute, aua : an atomic-valued attribute, AR : administrative role, C : preconditions on attributes of users. ◮ if � hr, clearance(u) = secret ∧ employee ∈ role(u), manager � ∈ can add role then add (hr, Alice, role, manager) is allowed if clearance(Alice) == secret ∧ employee ∈ role(Alice). 13 / 25

  14. Contributions of Our Paper The rGURA 0 Schemes For preconditions in each can assign aua relation: ϕ ::= ¬ ϕ | ϕ ∧ ϕ | aua ( u ) = avalue avalue ::= aval 1 | aval 2 . . . | aval n where SCOPE aua = { aval 1 , aval 2 , . . . , aval n } . For preconditions in each can add sua and can delete sua relations: ϕ ::= ¬ ϕ | ϕ ∧ ϕ | svalue ∈ sua ( u ) svalue ::= sval 1 | sval 2 | . . . | sval m where SCOPE sua = { sval 1 , sval 2 , . . . , sval m } . 14 / 25

  15. Contributions of Our Paper Example rGURA 0 Instance UA = { clearance, dept, role, project } U = { Alice } AR = { ar 1 , ar 2 } ◮ can assign dept : {� ar 1 , dept(u) = finance, IT �} ◮ can add role : {� ar 2 , employee ∈ role(u) ∧ ¬ (manager ∈ role(u)), leader �} ◮ can delete project : {� ar 1 , prj 1 ∈ project(u) ∧ ¬ (prj 2 ∈ project(u)), prj 3 � , � ar, ¬ (prj 1 ∈ project(u)) ∧ ¬ (prj 2 ∈ project(u)), prj 4 �} 15 / 25

  16. Contributions of Our Paper The rGURA 1 Schemes For preconditions in all relations: ϕ ::= ¬ ϕ | ϕ ∧ ϕ | aua ( u ) = avalue | svalue ∈ sua ( u ) Example rGURA 1 instance : UA = { clearance, dept, role, project } U = { Alice } AR = { ar 1 , ar 2 } ◮ can assign dept : � ar, dept(u) = finance ∧ ¬ (prj 1 ∈ project(u)) ∧ ¬ (prj 2 ∈ project(u)) ∧ employee ∈ role(u) ∧ ¬ (manager ∈ role(u)) , IT � 16 / 25

  17. Contributions of Our Paper Reachability Problem Example 17 / 25

  18. Contributions of Our Paper Two types of Reachability Problems (RP) A query is a state or subset of a state. Given a initial state and a query of the following types : ◮ RP = : All attributes should be the same. ◮ RP ⊇ : For set-valued attribute, the target state may contain additional values. Example: Initial state: att 1 (Alice) = 1, att 2 (Alice) = { 1,2 } Query: att 1 (Alice) = 1, att 2 (Alice) = { 1,3 } Target States that satisfy the query: ◮ RP = : att 1 (Alice) = 1, att 2 (Alice) = { 1,3 } ◮ RP ⊇ : att 1 (Alice) = 1 , att 2 (Alice) = { 1, 3, 4 } OR att 1 (Alice) = 1 , att 2 (Alice) = { 1, 3, 5 } OR att 1 (Alice) = 1 , att 2 (Alice) = { 1, 3, 6 } 18 / 25

  19. Contributions of Our Paper Content of Analysis We use [ rGURA x -[atomic, set], Restriction ] denote a specialized rGURA scheme. ◮ The subscript x takes a value of 0 or 1. ◮ Restriction represents possible combinations of SR , D and N . Example [ rGURA 1 -atomic, N ] denotes an rGURA 1 scheme where only atomic-valued attributes are defined and the administrative rules satisfy N . 19 / 25

  20. Contributions of Our Paper Analysis Results 20 / 25

  21. Contributions of Our Paper Result 1 Lemma 1: All problems are within PSPACE. Non-deterministic Turing Machine can simulate the algorithm. Polynomial space is needed. Thus, it is NPSPACE (NPSPACE = PSPACE). 21 / 25

  22. Contributions of Our Paper Result 2 RP = in [ rGURA 0 -set] is a reduction from ARBAC97 analysis problem as proved in CSFW06 by S. Stoller. RP = in [ rGURA 0 -atomic] is equivalent to path search problem in directed graph. 22 / 25

  23. Contributions of Our Paper Result 3 RP = in [ rGURA 1 -set, N] can be solved by policy traversal. RP = in [ rGURA 1 -atomic, N] is a reduction from SAS planning problem in AI. 23 / 25

  24. Conclusion and Future Work Our contribution ◮ Motivate user attributes reachability analysis. ◮ Define reachability problems based on a restricted version of GURA model. ◮ Formal proof and polynomial time solvable algorithm design. Interesting future work ◮ Heuristic algorithm to solve the general case RP = and RP ⊇ in [ rGURA 1 ]. ◮ Bring Authorization Policy into consideration. ◮ Bring ABAC into consideration such as subject attributes and its constraints. 24 / 25

  25. Thanks Any Questions? 25 / 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Reachability Analysis for Reachability Analysis for Sequential Circuits Sequential Circuits

Reachability Analysis for Reachability Analysis for Sequential Circuits Sequential Circuits

Reachability Analysis for Reachability Analysis for Sequential Circuits Sequential Circuits Supratik Chakraborty IIT Bombay 1 State of a System State of a System System state Information about system sufficient to determine future

525 views • 23 slides
Reachability Analysis of Generalized Polygonal Hybrid Systems (GSPDIs) Gerardo Schneider

Reachability Analysis of Generalized Polygonal Hybrid Systems (GSPDIs) Gerardo Schneider

Reachability Analysis of Generalized Polygonal Hybrid Systems (GSPDIs) Gerardo Schneider Department of Informatics University of Oslo SAC-SV08 March 1620, 2008 - Fortaleza university-logo Gerardo Schneider () Reachability Analysis of

650 views • 37 slides
A Constructor-Based Reachability Logic for Rewrite Theories Stephen Skeirik, Andrei Stefanescu,

A Constructor-Based Reachability Logic for Rewrite Theories Stephen Skeirik, Andrei Stefanescu,

A Constructor-Based Reachability Logic for Rewrite Theories Stephen Skeirik, Andrei Stefanescu, Jose Meseguer October 10th, 2017 Outline 1 Introduction 2 Reachability Logic Semantics 3 The Invariant Paradox 4 Inference System 5 Implementation

544 views • 29 slides
Reachability Analysis for High-Index Linear Differential Algebraic Equations (DAEs)

Reachability Analysis for High-Index Linear Differential Algebraic Equations (DAEs)

Institute for Software Integrated Systems Vanderbilt University Reachability Analysis for High-Index Linear Differential Algebraic Equations (DAEs) https://github.com/verivital/daev/ 17 th International Conference on Formal Modeling and Analysis

502 views • 33 slides
Reachability achability Analysis alysis with th Consid nsideration eration of f Th

Reachability achability Analysis alysis with th Consid nsideration eration of f Th

SRAM M Dynami namic c Sta tability bility Verification ification by Reachability achability Analysis alysis with th Consid nsideration eration of f Th Threshold eshold Voltage ltage Variatio riation Yang Song 1 , Hao Yu* 2 , Sai

352 views • 22 slides
Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton Royal

Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton Royal

Introduction Fundamental concepts Discretionary and mandatory controls Concluding remarks Questions Discretionary and Mandatory Controls for Role-Based Administration Jason Crampton Royal Holloway, University of London 20th Annual IFIP WG

398 views • 38 slides
Modeling, Control, and Modeling, Control, and Reachability Analysis of Analysis of Reachability

Modeling, Control, and Modeling, Control, and Reachability Analysis of Analysis of Reachability

Modeling, Control, and Modeling, Control, and Reachability Analysis of Analysis of Reachability Discrete- -Time Hybrid Systems Time Hybrid Systems Discrete Alberto Bemporad Alberto Bempora Alberto Bempora Alberto Bemporad DISC Course on

753 views • 72 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak

Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak

Interval Reachability Analysis using Second-Order Sensitivity Pierre-Jean Meyer , Murat Arcak IFAC 2020 Pierre-Jean Meyer (UC Berkeley) Interval Reachability Analysis using Second-Order Sensitivity IFAC 2020 1 / 12 Reachability analysis

170 views • 12 slides
TIRA: Toolbox for Interval Reachability Analysis Pierre-Jean Meyer , Alex Devonport, Murat Arcak

TIRA: Toolbox for Interval Reachability Analysis Pierre-Jean Meyer , Alex Devonport, Murat Arcak

TIRA: Toolbox for Interval Reachability Analysis Pierre-Jean Meyer , Alex Devonport, Murat Arcak April 18 th 2019 April 18 th 2019 Pierre-Jean Meyer (UC Berkeley) TIRA: Toolbox for Interval Reachability Analysis 1 / 8 Reachability analysis

174 views • 14 slides
Using Reachability Properties of Logic Program for Revising Biological Models Xinwei Chai, Tony

Using Reachability Properties of Logic Program for Revising Biological Models Xinwei Chai, Tony

Modeling framework Reachability analysis Model Revision Using Reachability Properties of Logic Program for Revising Biological Models Xinwei Chai, Tony Ribeiro , Morgan Magnin, Olivier Roux, Katsumi Inoue Laboratoire des Sciences du Num

746 views • 36 slides
Reachability Analysis of Dynamical Systems having Piecewise-Constant Derivatives Eugene Asarin

Reachability Analysis of Dynamical Systems having Piecewise-Constant Derivatives Eugene Asarin

Reachability Analysis of Dynamical Systems having Piecewise-Constant Derivatives Eugene Asarin Oded Maler Amir Pnueli CNRS - VERIMAG Grenoble, France 1993-1995 Outline of Talk Some generalities on linear hybrid automata and PCD

508 views • 31 slides
Delta-Complete Reachability Analysis Robustness Solving Correctness Sicun(Sean) Gao End

Delta-Complete Reachability Analysis Robustness Solving Correctness Sicun(Sean) Gao End

Intro Encoding Delta-Complete Reachability Analysis Robustness Solving Correctness Sicun(Sean) Gao End (Joint work with Ed Clarke and Jeremy Avigad) Carnegie Mellon University Apr 22, 2011 Hybrid Systems H = X, Q, Init , Flow , Jump ,

718 views • 23 slides
Reachability Analysis of Program Variables c 1 , 2 and Fausto Spoto 1 urica Nikoli 1. -

Reachability Analysis of Program Variables c 1 , 2 and Fausto Spoto 1 urica Nikoli 1. -

Reachability Analysis of Program Variables c 1 , 2 and Fausto Spoto 1 urica Nikoli 1. - Dipartimento di Informatica, University of Verona (Italy) 2. - Microsoft Research - University of Trento Centre for Computational and Systems Biology

942 views • 47 slides
On Zone-Based Reachability Computation for Duration-Probabilistic Automata How the Timed

On Zone-Based Reachability Computation for Duration-Probabilistic Automata How the Timed

On Zone-Based Reachability Computation for Duration-Probabilistic Automata How the Timed Automaton Lost its Tail Oded Maler CNRS - VERIMAG Grenoble, France 2010 Joint work with Kim Larsen (Aalborg) and Bruce Krogh (CMU) Summary Processes

521 views • 23 slides
Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22,

Reachability Analysis in the KeYmaera X Theorem Prover SNR 2017 | Uppsala, Sweden | April 22, 2017 Nathan Fulton Other System Contributors: Stefan Mitsch, Andr Platzer, Brandon Bohrer, Yong Kiam Tan, Jan-David Quesel, ... Trustworthy

932 views • 57 slides
3Q 2020 EARNINGS CALL R I C K M U N C R I E F , C H A I R M A N & C E O N O V E M B E R

3Q 2020 EARNINGS CALL R I C K M U N C R I E F , C H A I R M A N & C E O N O V E M B E R

3Q 2020 EARNINGS CALL R I C K M U N C R I E F , C H A I R M A N & C E O N O V E M B E R 3 , 2 0 2 0 N Y S E : W P X 2 nd Half 2020 Highlights Increasing FREE CASH FLOW Expected 2020 free cash flow increasing 50% to $300MM+

369 views • 26 slides
Atmospheric effects on UHECR signals: - molecular density and pressure on shower development -

Atmospheric effects on UHECR signals: - molecular density and pressure on shower development -

Atmospheric effects on UHECR signals: - molecular density and pressure on shower development - molecular density, pressure and humidity on fluorescence yields - aerosol and molecular density on light propagation Open questions: - impact of

940 views • 44 slides
Computer Graphics (CS 543) Lecture 7 (Part 1): Shadows and Fog Prof Emmanuel Agu Computer Science

Computer Graphics (CS 543) Lecture 7 (Part 1): Shadows and Fog Prof Emmanuel Agu Computer Science

Computer Graphics (CS 543) Lecture 7 (Part 1): Shadows and Fog Prof Emmanuel Agu Computer Science Dept. Worcester Polytechnic Institute (WPI) Introduction to Shadows Shadows give information on relative positions of objects Use ambient +

594 views • 30 slides
A Combined AIRS and MLS Perspective on Upper Tropospheric Water Vapor Calvin Liang Joint

A Combined AIRS and MLS Perspective on Upper Tropospheric Water Vapor Calvin Liang Joint

A Combined AIRS and MLS Perspective on Upper Tropospheric Water Vapor Calvin Liang Joint Institute for Regional Earth System Science and Engineering (UCLA) Motivation Better characterize upper tropospheric humidity (UTH) in relation

459 views • 20 slides
Control Charts for Attributes Terminology Attributes refers to qualitative variables like

Control Charts for Attributes Terminology Attributes refers to qualitative variables like

ST 435/535 Statistical Methods for Quality and Productivity Improvement / Statistical Process Control Control Charts for Attributes Terminology Attributes refers to qualitative variables like conforming/nonconforming, as opposed to

470 views • 24 slides
Bootstrapped Authorship Attribution in Compression Space Ramon de Graaf Leiden Institute of

Bootstrapped Authorship Attribution in Compression Space Ramon de Graaf Leiden Institute of

Bootstrapped Authorship Attribution in Compression Space Ramon de Graaf Leiden Institute of Advanced Computer Science Cor Veenman Digital Technology and Biometrics Department Bootstrapped Authorship Attribution in Compression Space de Graaff

378 views • 3 slides
Networks based on words Bowen Dai WANs definition Word-adjacency networks belong to the

Networks based on words Bowen Dai WANs definition Word-adjacency networks belong to the

Networks based on words Bowen Dai WANs definition Word-adjacency networks belong to the large class of word co-occurrence networks Given a set of words W and a list of k corpora C={c 1 ,c 2 c k }, the undirected co- occurrence

582 views • 24 slides
Pause & Think Online commonsense.org/education Shareable with attribution for noncommercial

Pause & Think Online commonsense.org/education Shareable with attribution for noncommercial

INTRODUCTORY SONG DIGITAL CITIZENSHIP | GRADE 1 Pause & Think Online commonsense.org/education Shareable with attribution for noncommercial use. Remixing is permitted. How can we be safe, responsible, and respectful online?

408 views • 15 slides

More recommend