Specication and Enforcement of Static Specication and Enforcement of - - PowerPoint PPT Presentation

specication and enforcement of static specication and
SMART_READER_LITE
LIVE PREVIEW

Specication and Enforcement of Static Specication and Enforcement of - - PowerPoint PPT Presentation

Oct 08, 2023 370 likes •625 views

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

slide-1
SLIDE 1

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control

Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji i H d Xi M Jinwei Hu, and Xiaopu Ma

Huazhong University of Science and Technology Wuhan, China

1

slide-2
SLIDE 2

li Outline

1

Background

1.

Background

2.

Specification of SSoD Policies

3

E f bilit f SS D P li i

3.

Enforceability of SSoD Policies

4.

Enforcing SSoD Policies by SMEA Constraints

5.

Conclusion and Future work

2

slide-3
SLIDE 3

k d Background

Sensitive Task Alice Bob Carl

slide-4
SLIDE 4

h d i Why study SoD in UCON

 One of RBAC's great advantages is that SoD rules can  One of RBAC s great advantages is that SoD rules can

be implemented in a natural and efficient way

 UCON has been considered as the next generation

access control model access control model SS D i i f S D

 SSoD is a important type of SoD  UCONA is a sub-model of UCON only considering

authorizations

4

slide-5
SLIDE 5

ib i Our contributions

 A set based specification scheme for SSoD  A set-based specification scheme for SSoD

St d th bl f d t i i h th SS D

 Study the problem of determining whether an SSoD

policy is enforceable

 Generate SMEA constraints to indirect enforce SSoD

li i b i ib l l SS D i policies, by using attribute level SSoD requirements (ASSoD) as an intermediate step from SSoD policies to SMEA constraints to SMEA constraints

5

slide-6
SLIDE 6

l d k Related work

 SoD can be traced back to 1975 by Saltzer and  SoD can be traced back to 1975 by Saltzer and

Schroeder, under the name “separation-of-privilege”

 ChineseWall model  Specification:

 RCL 2000 specification language  NIST RBAC: SMER && SSoD; DMER&& DSoD

6

slide-7
SLIDE 7

l d k Related work

 Enforcement:  Enforcement:

 Sandhu presented a history-based mechanism for

dynamically enforcing SoD dynamically enforcing SoD

 Jason employed blacklist to enforce historical constraints

Jason employed blacklist to enforce historical constraints

 Ninghui Li uses SMER to enforce SSoD (motivated)

g ( )

7

slide-8
SLIDE 8

li Outline

1

Background

1.

Background

2.

Specification of SSoD Policies

3

E f bilit f SS D P li i

3.

Enforceability of SSoD Policies

4.

Enforcing SSoD Policies by SMEA Constraints

5.

Conclusion and Future work

8

slide-9
SLIDE 9

ifi i f li i Specification of SSoD policies

 Three requirements:  Three requirements:

① An SSoD policy must be a high-level requirement ② An SSoD policy must be described in terms of

restrictions on permissions restrictions on permissions

③ An SSoD policy must capture restrictions on user set ③

p y p involved in the task

9

slide-10
SLIDE 10

ifi i f li i Specification of SSoD policies

10

slide-11
SLIDE 11

li Outline

1

Background

1.

Background

2.

Specification of SSoD Policies

3

E f bilit f SS D P li i

3.

Enforceability of SSoD Policies

4.

Enforcing SSoD Policies by SMEA Constraints

5.

Conclusion and Future work

11

slide-12
SLIDE 12

f bili f li i Enforceability of SSoD Policies

 Example  Example

 supervisor is a senior role to both engineer and

programmer.

12

slide-13
SLIDE 13

Enforceability of SSoD Policies ( ) (cont.)

 If (I, M) satisfies exactly the requirement of allowed(u,

p), we say (I, M) is the threshold attribute set of p

13

slide-14
SLIDE 14

Enforceability of SSoD Policies ( ) (cont.)

14

slide-15
SLIDE 15

li Outline

1

Background

1.

Background

2.

Specification of SSoD Policies

3

E f bilit f SS D P li i

3.

Enforceability of SSoD Policies

4.

Enforcing SSoD Policies by SMEA Constraints

5.

Conclusion and Future work

15

slide-16
SLIDE 16

Enforcing SSoD policies by SMEA i Constraints

 Motivated by SMER constraint  SMEA (statically mutually exclusive attribute)

constraint

16

slide-17
SLIDE 17

i SMEA constraints

17

slide-18
SLIDE 18

Translating SSoD Policies to ASSoD i Requirements

 ASSoD: attribute level SSoD  ASSoD: attribute-level SSoD

18

slide-19
SLIDE 19

Translating SSoD Policies to ASSoD i ( ) Requirements (cont.)

19

slide-20
SLIDE 20

Generating SMEA Constraints to f i Enforce ASSoD Requirements

20

slide-21
SLIDE 21

Generating SMEA Constraints to f i ( ) Enforce ASSoD Requirements(cont.)

21

slide-22
SLIDE 22

li Outline

1

Background

1.

Background

2.

Specification of SSoD Policies

3

E f bilit f SS D P li i

3.

Enforceability of SSoD Policies

4.

Enforcing SSoD Policies by SMEA Constraints

5.

Conclusion and Future work

22

slide-23
SLIDE 23

l i Conclusion

 The specification and enforcement of SSoD in UCON  The specification and enforcement of SSoD in UCON.

 The specification is set based and we show that it has  The specification is set-based and we show that it has

simpler syntax than existing approaches

 We have studied a number of problems related to

generating SMEA constraints for enforcing SSoD policies in UCONA system

23

slide-24
SLIDE 24

k Future work

 The research of the SSoD policies in UCONonA  The research of the SSoD policies in UCONonA

models

 DSoD policies

24

slide-25
SLIDE 25

Thanks for your attention and have a nice lunch http://idc.hust.edu.cn