SLIDE 1
2/4/2000 2
Secure Virtual Enclaves February 4, 2000 Deborah Shands, Richard - - PowerPoint PPT Presentation
Secure Virtual Enclaves February 4, 2000 Deborah Shands, Richard - - PowerPoint PPT Presentation
Secure Virtual Enclaves February 4, 2000 Deborah Shands, Richard Yee Jay Jacobs, E. John Sebes Outline Project Overview SVE Architecture Observations Results/Conclusions 2/4/2000 2 Coalition Examples Commercial :
SLIDE 2
SLIDE 3
2/4/2000 3
Coalition Examples
Commercial: outsourcing, contractors, or customers needing limited access to corporate data Civilian: disaster/incident response teams and crisis management Military: joint task forces engaged in distributed collaborative planning
SLIDE 4
2/4/2000 4
SVE Project Goals
Support collaborative computing Provide mechanisms to control sharing Enable unified approach to multiple distributed application technologies (e.g., Java, DCOM, web apps.) Support dynamic access policies, allowing changes to: SVE membership, resources to be shared, and access types permitted
SLIDE 5
2/4/2000 5
SVE Project Constraints
Ensure application transparency Retain organizational autonomy over local resources Use only standard network protocols Use only commercially available operating systems
SLIDE 6
2/4/2000 6
Concept of Operation
enclaveA.com enclaveB.com
Legend:
Services in SVE Services partly in SVE Services not in SVE Principals not in SVE Principals in SVE
STOP
SLIDE 7
2/4/2000 7
SVE Concept of Operation
Virtual enclave: formed by collaborators sharing resources and services
– Enclaves define limited trust relationships with one another – Each enclave specifies internal resources accessible to partners
Secure virtual enclave: each enclave’s exports are
– Protected from access by non-SVE members – Available to SVE members as specified by access policy
Dynamic modification: automatic reconfiguration due to changes in SVE membership, resources, access policy
SLIDE 8
2/4/2000 8
Outline
Project Overview SVE Architecture Observations Results/Conclusions
SLIDE 9
2/4/2000 9 Server
SVE Interceptor/ Enforcer
Server
SVE Interceptor/ Enforcer
Gateway
Enclave A
Client Client
Enclave B
Client-Server Architecture
SLIDE 10
2/4/2000 10 SPEX Controller Access Calculator Access Calculator Access Calculator SPEX Admin GUI Policy GUI Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer
Enclave A
SPEX Controller Access Calculator Access Calculator Access Calculator SPEX Admin GUI Policy GUI Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer
Enclave B
SVE Control Messages
SVE Infrastructure Architecture
SLIDE 11
2/4/2000 11
Current SVE policy semantics are very similar to Object- Oriented Domain and Type Enforcement (OODTE) Principals are mapped to a domain equivalence class using a set of domain derivation rules Resources are mapped to a type equivalence class Access matrix is formed by associating a set of types with a given domain Principal recognition rules are domain derivation rules that are published by an SVE member to allow its principals to be recognized by other SVE members
SVE Policy Semantics
SLIDE 12
2/4/2000 12
Outline
Project Overview SVE Architecture Observations Results/Conclusions
SLIDE 13
2/4/2000 13
Enclave Autonomy
Organizations require a certain level of autonomy Autonomy is a difficult requirement for distributed security systems SVE system supports autonomy
Most components of access policy used only within
the local enclave
An enclave may unilaterally withdraw from an SVE
at any time Need to balance autonomy and collaboration requirements via business decisions
SLIDE 14
2/4/2000 14
Ambiguous Policy Semantics
Meaning of policy statements known only within defining enclave (e.g., “manager” role) How to prevent misunderstandings as coalitions are formed???
Establish semantics offline Represent and negotiate semantics within system
SLIDE 15
2/4/2000 15
Outline
Project Overview SVE Architecture Observations Results/Conclusions
SLIDE 16
2/4/2000 16