1 / 37

Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees

Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees. Adam J. Lee, Kazuhiro Minami , and Marianne Winslett University of Illinois at Urbana-Champaign June 21, 2007 http://dais.cs.uiuc.edu/dais/security. Knowledge base. Knowledge base. Knowledge base.

niran
Télécharger la présentation

Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University of Illinois at Urbana-Champaign June 21, 2007 http://dais.cs.uiuc.edu/dais/security

  2. Knowledge base Knowledge base Knowledge base Knowledge base Distributed proof system • Construct a proof in a peer-to-peer way • Each peer maintains local security policies P2 P0 P1 P3

  3. Distributed proof system • Construct a proof in a peer-to-peer way • Each peer maintains local security policies P2 P0 P1 P3

  4. domain C Security policies Security policies Security policies Security policies domain A domain B domain d Distributed proof system • Construct a proof in a peer-to-peer way • Each peer maintains local security policies P2 P0 P1 P3

  5. true true ?location(alice, hospital) ?grant(alice, database) ?role(alice,doctor) true Distributed proof system • Construct a proof in a peer-to-peer way • Each peer maintains local security policies Location server P2 √ P0 P1 Querier Role server P3

  6. Confidentiality trust Policy Directed Proof Construction Integrity trust

  7. Policy Directed Proof Construction Confidentiality trust

  8. Access control policy Show medical records if only Alice is in the room and the door is locked. Temporal Consistency Issue in Distributed Proving Projector Room 2124

  9. true ?occupancy_one(2124, alice) ?grant(alice, projector) Consistency Issue in Distributed Proving Bob Alice Time: T1 Door (open) Room 2124 Location server P2 P0 P1 Alice Door sensor P3

  10. true ?occupancy_one(2124, alice) ?grant(alice, projector) Consistency Issue in Distributed Proving Bob Alice Time: T2 Door (locked) Room 2124 Location server P2 P0 P1 Door sensor P3

  11. Medical records true ?occupancy_one(2124, alice) ?grant(alice, projector) ?locked(2124) true true Consistency Issue in Distributed Proving Bob Alice Time: T3 Door (locked) Location server P2 √ P0 P1 Door sensor P3

  12. √ Incremental evaluation of fact validity may not be enough Only Aice in room 2124 Door locked T1 T2 T3

  13. View Consistency Problem • How to enforce temporal consistency based on the local view of a querier? • Challenges: • The validity of a statement fluctuates dynamically • No clock synchronization across different hosts • Possible hidden subproof from a querier

  14. View and fact state • View V is a set of fact states • Fact state s is a tuple that contains • fact id • time interval • Interval type: {Concrete, Fuzzy} • Concrete: fact f is valid all the times t in the interval • Fuzzy: fact f is valid at some (possibly unknown) time in the interval

  15. Three Levels of View Consistency Incremental consistency Query consistency Interval consistency Restrictiveness View V

  16. Enforcement Algorithm for Query Consistency • Each fact provider returns a pair (f, d) where d is the duration of fact’s validity Querier Fact provider

  17. Enforcement Algorithm for Query Consistency • Each fact provider returns a pair (f, d) where d is the duration of fact’s validity Querier Fact provider

  18. Motivation towards Interval Consistency Enforcement • The algorithm of query consistency could miss lots of valid proofs if proof construction takes long • May want to keep track of authorization continuously

  19. Motivation towards Interval Consistency Enforcement • The algorithm of query consistency could miss lots of valid proofs if proof construction takes long • May want to keep track of authorization continuously first responder

  20. Query Fuzzy interval True Concrete interval Fuzzy interval Verify True Approach for Interval Consistency • Recheck the validity of a constructed proof Querier Fact provider

  21. Recheck the validity of a proof efficiently Preserve security policies of each peers Goals for Interval Consistency Enforcement Querier Querier 1. construct 2. verify Sub-proof Proof Leaf node entities

  22. Leaf Node Exposure Strategy • Recheck fact validity directly with leaf node entities √

  23. Leaf Indirection Strategy • To preserve the privacy of leaf node entities, recheck fact validity by way of a trusted indirection entity

  24. Evaluation • Measure overhead latency for enforcing interval consistency • System consists of 12,500 lines of Java code • Java Cryptographic Extension framework to implement RSA and TDES operations • 25 node cluster with 100Mbit Ethernet

  25. Latency for Handling Queries 10 - 15% overhead Leaf indirection Leaf exposure Proof construction Latency (ms) Number of nodes in a proof tree

  26. Latency for Handling Queries 25 - 30% overhead Leaf indirection Leaf exposure Proof construction Latency (ms) Number of nodes in a proof tree

  27. Related Work • View consistency in automatic trust negotiation [Lee06] • Antigone Context Framework [McDaniel03] • Transaction management in distributed systems • Consistent snapshots [Chandy85]

  28. Summary • Formal definitions of view consistency in distributed proving • Safe and efficient enforcement algorithm • Modest overhead of our enforcement scheme for interval consistency

  29. Questions? Technical report:http://dais.cs.uiuc.edu/dais/security/tmcspubs.php

  30. Backup

  31. Peer-to-Peer Proof Construction • Each peer consists of an inference engine and a knowledge base • Each peer constructs a part of a whole proof Peer Subproof Query Query Peer Peer Subproof

  32. Distributed Proof Construction Algorithm by Minami and Kotz • Use Datalog as a logical language • Express trust among principals in terms of integrity and confidentiality Correctness of an answer (integrity) Handler Querier Secrecy of facts (confidentiality)

  33. User Bob request Integrity Policies trust(location(P,L)) = {Host_B} Proof tree R ?location (Bob, room112) F1 F2 TRUE Remote Query between Two principals Confidentiality Policies acl(location(P,L)) = {Host_A} R location(P,L)  owner(P,D)deviceAt(D,L) grant(P, projector)  location(P, room112) F1 owner(bob, pda15) F2 deviceAt(pda15, room112) Host A Host B

  34. Enforcement of Confidentiality Policies

  35. Transparent from Hidden leaf nodes Hidden Leaf Nodes • Leaf nodes transparent from the original querier • Example:

  36. Cache Requery Strategy • Construct the same proof twice • Need caching at intermediate nodes • Involves high communication overhead

  37. Enforcement Algorithm for Query Consistency • Each fact provider returns a pair (f, d) where d is the duration of fact’s validity Querier Fact provider Query Proof where  is the maximum clock drift f’s validity duration

More Related