1 / 24

PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE

Ashish Kamra , Elisa Bertino Purdue University Presenter: Ashish Kundu. PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE. The Real Authors . akamra@purdue.edu . bertino@cs.purdue.edu. Motivation. Databases Anomaly Detection Anomaly Response Access Control .

barb
Télécharger la présentation

PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ashish Kamra, Elisa Bertino Purdue University Presenter: AshishKundu PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINEDINTRUSION RESPONSE

  2. The Real Authors akamra@purdue.edu bertino@cs.purdue.edu

  3. Motivation • Databases • Anomaly Detection • Anomaly Response • Access Control

  4. Access Control Decision Semantics Allow Deny Request Reference Monitor

  5. Extended Decision Semantics Allow Deny Request Reference Monitor Taint Suspend

  6. Primary Contribution Mechanism to enhance the decision semantics of an access control implementation

  7. Why do we want to do that?

  8. Support for fine-grained intrusion response Detection engine Response engine Drop Request Request Anomaly Log Request Passive Monitoring 2nd factor of authentication

  9. Mapping Taint decision semantic Passive Monitoring 2nd factor of authentication Suspend decision semantics

  10. Privilege States - glue for the mapping • Assign states to privileges • Response system changes privilege state • fine-grained response actions • Response : access control decision semantics

  11. Privilege States • “state” to every privilege • a user or role • Five privilege states

  12. Privilege State Semantics • “DENY”: negative authorizations • “SUSPEND”: request suspension • “TAINT”: request tainting • “GRANT”: standard SQL GRANT • “UNASSIGN”: standard SQL REVOKE

  13. Example • U1 is a member of role R1 • DBA assigns • SELECT privilege in DENY on T1 to user U1 • SELECT privilege in TAINT on T1 to role R1 • Privilege state of SELECT on T1 for U1 ???

  14. Privilege State Dominance DENY SUSPEND X means ‘X’ overrides ‘Y’ TAINT Y GRANT UNASSIGN

  15. Privilege State Transitions unassign + + grant deny GRANT REVOKE ? suspend ? ? + taint / / / / ? + ? + DENY TAINT + / / SUSPEND ?

  16. Formal model For details, please refer to the paper …

  17. Considering Role Hierarchies • Role hierarchy based on privilege inheritance • What about privileges in “deny”, “suspend” and “taint” states? R_parent {insert} {select} R_child {select}

  18. Privilege Orientation Modes up unassign, grant down deny, taint, suspend neutral

  19. Privilege Propagation R8 R5 {select,grant} R6 R7 {insert,deny,down} R2 R3 R4 {select,grant} {insert,deny,down} R1 Recursive Propagation

  20. Implementation in PostgreSQL • New SQL commands • TAINT, SUSPEND • Enhanced Access Control Lists • To support privilege states and orientation modes • Re-authentication procedure for a privilege in “suspend” state

  21. Access Control Check Overhead No Role Hierarchy ACL Size

  22. Access Control Check Overhead With Role Hierarchy ACL Size

  23. Conclusions • Fine-granular access control in databases • Anomaly response mechanisms • Facilitates policy development • Formal model and experimental evaluation

More Related