[PPT] - Secure Interoperation in Multidomain Environments Employing UCON PowerPoint Presentation

SLIDE 1

Secure Interoperation in Multidomain Environments Employing UCON Policies Environments Employing UCON Policies

Jianfeng Lu, RuixuanLi, VijayVaradharajan, ZhengdingLu and XiaopuMa ZhengdingLu, and XiaopuMa

H h U i it f S i d T h l Huazhong University of Science and Technology Wuhan, China

1

SLIDE 2

li Outline

1 Background

1. Background

2. Attribute Mapping Technique

3 S it I f Att ib t M i

3. Security Issues for Attribute Mappings

4. Illustration and Analysis

5. Conclusion and Future work

2

SLIDE 3

k d Background

Bob β α Alice ｒ

SLIDE 4

i Secure Interoperation

secure interoperability secure interoperability p y policies p y policies R

sharing

Resources Resources

g

Secure interoperability

Security and

Secure interoperability

4

Security and Availability

SLIDE 5

bl Problems

 Interoperation based on RBAC (traditional)  Interoperation based on RBAC (traditional)

Sh t i

 Shortcomings

 static authorization

f th f t d i th

 no further enforcement during the access

R i t

 Requirements

 Interactive

t

 concurrent

5

SLIDE 6

Why Employ Usage Control ( ) (UCON)

 Distinguishing properties  Distinguishing properties

 decision continuity  attribute mutability  attribute mutability

 Unified framework  Unified framework

 Traditional access control  Digital management  Digital management  Trust negotiation

 Next generation access control model

6

SLIDE 7

i i l Motivation Example

DRM application Object O Object O Alice Alice

7

Foreign Domain Local Domain

SLIDE 8

i i l ( ) Motivation Example (cont.)

 A new access request is allowed or not  A new access request is allowed or not

 the number of users accessing the object is smaller than

g j 10

 (a)Junior-Member role.  (b) virtual-money≥$100

th b f i th bj t i l d 10

 the number of users accessing the object is already 10

 Role  virtual-money  virtual money  Domain  usage-time

8

SLIDE 9

i i l ( ) Motivation Example (cont.)

 Traditional access control models lack the flexibility to  Traditional access control models lack the flexibility to

specify policies in these scenarios

 The access control of this motivating example is not a

simple action but it consists of a sequence of actions simple action, but it consists of a sequence of actions and events from subjects and system

 In UCON terminology, this example includes pre-

update ongoing update post update revoking access update, ongoing-update, post-update, revoking access actions

9

SLIDE 10

ib i Our contributions

 Attribute mapping based interoperation policy  Attribute mapping based interoperation policy

framework

 Study how security violations arise and show it is

efficient to resolve them efficient to resolve them.

 Cyclic inheritance  Cyclic inheritance  SoD  Cardinality constraint  Cardinality constraint

10

SLIDE 11

l d k Related work

 Traditional interoperation policy based on RBAC

 Static authorization  Static authorization  Dynamic considered

 Security violation detection and resolution

N i

 New properties  New resolutions

11

SLIDE 12

li Outline

1 Background

1. Background

2. Attribute Mapping Technique

3 S it I f Att ib t M i

3. Security Issues for Attribute Mappings

4. Illustration and Analysis

5. Conclusion and Future work

12

SLIDE 13

ib l ifi i Attribute Classification

 based on available scope  based on available scope

 Local-domain attributes  Multi domain attributes  Multi-domain attributes

 based on liveness

 Temporary attributes  Temporary attributes  Persistent attributes

 based on whether the attributes can be updated during  based on whether the attributes can be updated during

the usage process

 Mutable attributes  Mutable attributes  Immutable attributes

13

SLIDE 14

ib l ifi i ( ) Attribute Classification (cont.)

 Combine

14

SLIDE 15

Which types of attributes need to be l d translated?

 Not Translate  Not Translate

 Multi-domain attributes  Temporary attributes  Temporary attributes

 Translate  Translate

 LPM (local-domain persistent mutable)  LPI (local domain persistent immutable)  LPI (local-domain persistent immutable)

15

SLIDE 16

ib i Attribute mapping

16

SLIDE 17

i LPM,LPI mappings

17

SLIDE 18

li Outline

1 Background

1. Background

2. Attribute Mapping Technique

3 S it I f Att ib t M i

3. Security Issues for Attribute Mappings

4. Illustration and Analysis

5. Conclusion and Future work

18

SLIDE 19

Security issues for attribute i mappings

 Various types of security violations

 Cyclic inheritance  Separation-of-Duty (SoD)  Cardinality constraint

19

SLIDE 20

li i h i i l i Cyclic inheritance violation

20

SLIDE 21

li i h i i l i ( ) Cyclic inheritance violation (cont.)

 Theorem 3. The checking problem for violations of

li i h it i i P cyclic inheritance is in P.

21

SLIDE 22

i f i l i Separation-of-Duty violation

22

SLIDE 23

i SD-SMEA constraint

23

SLIDE 24

i ( ) SD-SMEA constraint (cont.)

24

SLIDE 25

i MD-SMEA constraint

25

SLIDE 26

i ( ) MD-SMEA constraint (cont.)

26

SLIDE 27

SD-SMEA && MD-SMEA

 Difference  Difference

 SD-SMEA: single type of LPI attribute (e.g., role,

identify, occupation et al) identify, occupation et al)

 MD-SMEA: multiple (SD-SMEA) +multiple (Trust

MD SMEA: multiple (SD SMEA) multiple (Trust negotion)

27

SLIDE 28

h ki bl f Checking Problem for SMEA

28

SLIDE 29

li Outline

1 Background

1. Background

2. Attribute Mapping Technique

3 S it I f Att ib t M i

3. Security Issues for Attribute Mappings

4. Illustration and Analysis

5. Conclusion and Future work

29

SLIDE 30

ll i d l i Illustration and analysis

 The proposed policy framework is based on the  The proposed policy framework is based on the

following suppositions:

 All security domains in the interoperation environments  All security domains in the interoperation environments

employ the usage control policy

 Foreign users trying to access the local objects have

g y g j already passed the authentication, and the different domains have undergone the trust negotiation

30

SLIDE 31

ll i d l i ( ) Illustration and analysis (cont.)

 Local Domain Usage Control Policies  Local Domain Usage Control Policies

31

SLIDE 32

Attribute Mapping and Conflict l i i Resolution among Domains

 MPI and MPM attributes are forwarded from foreign  MPI and MPM attributes are forwarded from foreign

domain to local domain without any attribute mappings mappings

 Establish the mappings of LPI and LPM attributes  Establish the mappings of LPI and LPM attributes

32

SLIDE 33

ib i i i d d Attribute acquisition and updates

 We employ push based mode to acquire immutable  We employ push-based mode to acquire immutable

subject and object attributes

 We employ pull based mode to acquire mutable  We employ pull-based mode to acquire mutable

subject and object attributes

33

SLIDE 34

li Outline

1 Background

1. Background

2. Attribute Mapping Technique

3 S it I f Att ib t M i

3. Security Issues for Attribute Mappings

4. Illustration and Analysis

5. Conclusion and Future work

34

SLIDE 35

l i Conclusion

 Attribute mapping technique new interoperation  Attribute mapping technique, new interoperation

policy framework based it.

 Study how conflicts arise and show it is efficient to

resolve them resolve them

 cyclic inheritance  separation of duty  separation of duty  cardinality constraint

35

SLIDE 36

k Future work

 Provide pragmatic application  How to generate a set of SD-SMEA and MD-SMEA

i h d f SS D constraints that are adequate to enforce an SSoD policy?”

36

SLIDE 37