specication and enforcement of static specication and
play

Specication and Enforcement of Static Specication and Enforcement of - PowerPoint PPT Presentation

Oct 08, 2023 •370 likes •625 views

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

  1. Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and Technology Wuhan, China 1

  2. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 2

  3. Sensitive Task d Background k Alice Carl Bob

  4. Why study SoD in UCON h d i  One of RBAC's great advantages is that SoD rules can  One of RBAC s great advantages is that SoD rules can be implemented in a natural and efficient way  UCON has been considered as the next generation access control model access control model  SSoD is a important type of SoD SS D i i f S D  UCON A is a sub-model of UCON only considering authorizations 4

  5. Our contributions ib i  A set based specification scheme for SSoD  A set-based specification scheme for SSoD  Study the problem of determining whether an SSoD St d th bl f d t i i h th SS D policy is enforceable  Generate SMEA constraints to indirect enforce SSoD policies, by using attribute level SSoD requirements li i b i ib l l SS D i (ASSoD) as an intermediate step from SSoD policies to SMEA constraints to SMEA constraints 5

  6. Related work l d k  SoD can be traced back to 1975 by Saltzer and  SoD can be traced back to 1975 by Saltzer and Schroeder, under the name “separation-of-privilege”  ChineseWall model  Specification:  RCL 2000 specification language  NIST RBAC: SMER && SSoD; DMER&& DSoD 6

  7. Related work l d k  Enforcement:  Enforcement:  Sandhu presented a history-based mechanism for dynamically enforcing SoD dynamically enforcing SoD  Jason employed blacklist to enforce historical constraints Jason employed blacklist to enforce historical constraints  Ninghui Li uses SMER to enforce SSoD (motivated) g ( ) 7

  8. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 8

  9. Specification of SSoD policies ifi i f li i  Three requirements :  Three requirements : ① An SSoD policy must be a high-level requirement ② An SSoD policy must be described in terms of restrictions on permissions restrictions on permissions ③ An SSoD policy must capture restrictions on user set ③ p y p involved in the task 9

  10. Specification of SSoD policies li i f i ifi 10

  11. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 11

  12. Enforceability of SSoD Policies f bili f li i  Example  Example  supervisor is a senior role to both engineer and programmer. 12

  13. Enforceability of SSoD Policies ( (cont.) )  If (I, M) satisfies exactly the requirement of allowed(u, p), we say (I, M) is the threshold attribute set of p 13

  14. Enforceability of SSoD Policies ) (cont.) ( 14

  15. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 15

  16. Enforcing SSoD policies by SMEA Constraints i  Motivated by SMER constraint  SMEA (statically mutually exclusive attribute) constraint 16

  17. SMEA constraints i 17

  18. Translating SSoD Policies to ASSoD Requirements i  ASSoD: attribute level SSoD  ASSoD: attribute-level SSoD 18

  19. Translating SSoD Policies to ASSoD Requirements (cont.) i ( ) 19

  20. Generating SMEA Constraints to Enforce ASSoD Requirements f i 20

  21. Generating SMEA Constraints to Enforce ASSoD Requirements(cont.) f i ( ) 21

  22. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 22

  23. Conclusion l i  The specification and enforcement of SSoD in UCON  The specification and enforcement of SSoD in UCON.  The specification is set based and we show that it has  The specification is set-based and we show that it has simpler syntax than existing approaches  We have studied a number of problems related to generating SMEA constraints for enforcing SSoD policies in UCONA system 23

  24. Future work k  The research of the SSoD policies in UCON onA  The research of the SSoD policies in UCON onA models  DSoD policies 24

  25. Thanks for your attention and have a nice lunch http://idc.hust.edu.cn

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

433 views • 42 slides
Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

324 views • 7 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and analysis Data management Situational awareness/ Field Operations Contingency Preparation UNCLASSIFIED/UNLIMITED DISTIBUTION Static Reports

394 views • 8 slides
Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles & non-road engines in the District of Columbia Kelly Crawford Chief, Compliance and Enforcement Branch Air Quality Division Department of Energy &

132 views • 10 slides
1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims Simon London Evasion Stats vs Boat Numbers 14 3500 12 3000 10 2500 No of Boats Evasion % 8 2000 6 1500 4 1000 2 500 0 0 2007

262 views • 13 slides
Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of Service Resistant Populations Lt. Charlie Consolian, City of Phoenix PD Margaret Kilman MPA, Human Services Campus Melissa Kovacs PhD,

473 views • 20 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class means variable persists through static allocation: for globals and any static the life of the program variables in functions automatic storage

569 views • 9 slides
Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement is a kind of Update Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P . Bisquert, C. Cayrol, F . Dupin de Saint-Cyr, MC. Lagasquie IRIT, Toulouse University, France July 2013 F. Dupin de

752 views • 71 slides
Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of

Role-based access control Role-based access control 1 RBAC: Motivations Complexity of security administration p y y For large number of subjects and objects, the number of authorizations can become extremely large For dynamic

536 views • 51 slides
Outlier Detection in Axis-Parallel Subspaces of High Dimensional Data PAKDD 2009 Hans-Peter

Outlier Detection in Axis-Parallel Subspaces of High Dimensional Data PAKDD 2009 Hans-Peter

LUDWIG- MAXIMILIANS- DEPARTMENT DATABASE UNIVERSITY INSTITUTE FOR SYSTEMS MUNICH INFORMATICS GROUP Outlier Detection in Axis-Parallel Subspaces of High Dimensional Data PAKDD 2009 Hans-Peter Kriegel, Peer Krger, Erich Schubert, Arthur

381 views • 21 slides
Autonomous Robotic Projects at Cyber Physical Systems Group Ol Olive iver Hftberger, Vi

Autonomous Robotic Projects at Cyber Physical Systems Group Ol Olive iver Hftberger, Vi

Autonomous Robotic Projects at Cyber Physical Systems Group Ol Olive iver Hftberger, Vi Vienn nna U Uni nive versit ity of Techno nology ( (Au Austria) 04/12/2013 Outline Autonomous Systems Robotic Equipment Projects and

678 views • 22 slides
zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II

zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II

. i VI aSsso a.A1 ~ 1 zsvii..Q.a e . .4 u ! /* 10 1' )I) .41-1Y4. vt I w %I II It . AA I% U4) 1.99)\grnsb .aikv)1/4440 D -_____. reoZ-V e NM Uarri-1-,:+ ell S T!, ca 0 ,I, *14x s *w

430 views • 8 slides
The symmetry-adapted configurational ensemble approach to the computer simulation of

The symmetry-adapted configurational ensemble approach to the computer simulation of

The symmetry-adapted configurational ensemble approach to the computer simulation of site-disordered solids Ricardo Grau-Crespo University of Reading, UK r.grau-crespo@reading.ac.uk Said Hamad University Pablo de Olavide Seville, Spain

747 views • 31 slides
Security on demand for (DS)MIP6 I-D:

Security on demand for (DS)MIP6 I-D:

Security on demand for (DS)MIP6 I-D: dra9-bajko-mext-sod Gabor Bajko, Basavaraj PaCl, Teemu Savolainen Background Securing the traffic or user

683 views • 5 slides
About Machine Readable Travel Documents Privacy Enhancement Using (Weakly) Non-Transferable Data

About Machine Readable Travel Documents Privacy Enhancement Using (Weakly) Non-Transferable Data

About Machine Readable Travel Documents Privacy Enhancement Using (Weakly) Non-Transferable Data Authentication Jean Monnerat, Serge Vaudenay , Martin Vuagnoux COLE POLYTECHNIQUE FDRALE DE LAUSANNE http://lasecwww.epfl.ch/ SV 2007 About

649 views • 41 slides
Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter

Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter

Possibilistic Information Flow Control for Workflow Management Systems Thomas Bauereiss Dieter Hutter DFKI Bremen Workflow management systems Coordinating manual and (semi-)automatic activities involving multiple users Security

364 views • 17 slides

More recommend