1 / 38

Introduction to Access Control and Trust Management

Introduction to Access Control and Trust Management. Daniel Trivellato. Outline. Introduction to Access Control Discretionary and Mandatory Access Control Role-Based Access Control Distributed Trust Management Reputation-based TM Rule-based TM. Authentication vs. Access Control.

randystewart
Télécharger la présentation

Introduction to Access Control and Trust Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Access Control and Trust Management Daniel Trivellato

  2. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  3. Authentication vs. Access Control • Authentication: • establishing who you are (of whether you possess a certain pseudonym) • Access Control: • establishing if you have the right of doing a certain action • Authentication is often necessary for access control Minor project course

  4. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  5. Basics: Subject, Object, Action • Subjects • Alice, Bob, Alice’s program • Objects • a file, the printer • Actions • read, write, execute, modify, send Minor project course

  6. Discretionary Access Control • Goal: prevent illegitimate access to resources • Access is granted to users, or user groups • Ownership: Users have all the rights about the objects they create • Delegation: Users can grant the rights they have to others • Users that have control can remove rights Minor project course

  7. DAC Models • Take-grant model • Lampson (1974) • Graham-Denning (1972) • Harrison-Rizzo-Ullman (1976) • Griffiths-Wade (1976) • Originator control (1989) Minor project course

  8. Lampson’s Access Matrix • Set of objects O • Set of users U • Access Matrix A (UxU and UxO) • Entries are sets of allowed actions (read, write, call,…) • Plus owns for administration of rights • * flag for delegation right Minor project course

  9. Access Matrix - Example Minor project course

  10. Mandatory Access Control • Goal: prevent illegitimate flow (leakage) of information • Attach security labels to subjects and objects • Users, processes are given a clearance • Objects, resources are given a label • Information can not flow to lower or incomparable security classes Minor project course

  11. ……..... ……..... ……..... ……..... MAC – Example • Bell-La Padula: NO READ UP NO WRITE DOWN SUBJECTS OBJECTS write TS TS read write S S read Information flow write C C read write read U U Minor project course

  12. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  13. Role-Based Access Control • Users are assigned to roles • Roles are assigned rights Minor project course

  14. RBAC • Roles can be hierarchical • Rights are inherited Project leader Tester Programmer Project member Minor project course

  15. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  16. Trust Management • Typical access control mechanism • TM alternative shows lookup subject ID authorization has infers subject attributes authorization Minor project course

  17. Distributed Trust Management • Deals with authorizations in a distributed system (e.g., the Internet) • need to interact with people you don’t know • 2 types of DTM • Reputation-based TM • Rule-based TM Minor project course

  18. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  19. Reputation-based TM (concrete) • community of cooks (200 people) • to establish trust: • you ask your friends • and friends of friends • ... • some recommendations are better than others • you check the record (if any) • after success trust increases Minor project course

  20. Reputation-based TM (virtual) • eBay (hundreds of millions of users) Minor project course

  21. Reputation-based TM (virtual) • Buyers and sellers rate each other after a transaction • Positive (r(i,j) = 1) • Neutral (r(i,j) = 0) • Negative (r(i,j) = -1) Minor project course

  22. Key features • open system (different security domains) • trust is a measure & changes in time • essential risk component • recommendation based (NOT identity-based) • peers are not continuously available • Algorithms (e.g., EigenTrust) Minor project course

  23. Outline • Introduction to Access Control • Discretionary and Mandatory Access Control • Role-Based Access Control • Distributed Trust Management • Reputation-based TM • Rule-based TM Minor project course

  24. Rule-based TM (concrete) • Bart is entitled to a discount If he is a student of the local university Minor project course

  25. Rule-based TM (virtual) • When is Bart now entitled to a discount? Minor project course

  26. Bart is entitled to a discount… • If he is a student of any accredited University. • But perhaps also… • If he is an employee of any governmental organization • If he is a member of the library club • If he is a veteran • …. • Too many to mention • Which problems does this raise? • Scalability • Knowing where and what to search Minor project course

  27. Reputation vs. Rules • open system (different security domains) • trust is a measure & changes in time • risk-based • no delegation • recommendation based (NOT identity-based) • peers are not continuously available • scalability • open system (different security domains) • trust is boolean & less time-dependent • no risk • delegation • rule (credential) based (NOT identity-based) • peers are not continuously available • scalability Minor project course

  28. Credentials • A credential is a statement • Signed by the issuer • about a subject • Containing info about the subject • Requirements • Unforgeable (!) • Verifiable (that it belongs to the subject asking for the service) • Signed (e.g. X509) Minor project course

  29. Credential Chains Bart TU/e Is student of Accreditation Bureau Is accredited by Shop Is accepted by • We have a chain of credentials • The subject of one is the issuer of the other one Minor project course

  30. Languages for TM • A good language for TM must be able to express: • Decentralized attributes • Delegation of attribute authority • Inference of attributes • Attribute fields (e.g., age) • Attribute-based delegation of authority Minor project course

  31. Decentralized Attributes • An entity asserts that another entity has a certain attribute • e.g., student(TU/e,Alice) • The TU/e asserts that Alice is a student • Issuer: TU/e • Subject: Alice • Where is it stored? Minor project course

  32. Delegation of Attribute Authority • An entity delegates (i.e. trusts) the authority over an attribute to another entity • e.g., student(DSA,X)  student(TU/e,X) • The “Dutch Students Association” considers as students all the students of the TU/e • Operationally: anyone showing a TU/e student credential can get a student credential from the DSA • Issuers: DSA, TU/e • Subject: X Minor project course

  33. Inference of Attributes • An entity uses one attribute to make inferences about another attribute • e.g., employee(TU/e,X)  professor(TU/e,X) • The TU/e asserts that every TU/e professor is also a TU/e employee Minor project course

  34. Attribute Fields • Credentials may carry field values • e.g. student(DSA,Alice,university=TU/e) • Field values can be used to infer additional attributes and for conditional delegation • e.g. ccard(VISA,X)  client(ABN,X,credit=Y) AND Y > 2000 • VISA releases credit cards only to ABN clients with more than 2000€ in their account Minor project course

  35. Attribute-based Delegation of Authority • An entity may delegate the authority to another entity depending on its attributes • e.g. ccard(VISA,X)  client(Y,X) AND certified(EB,Y) • VISA releases a credit card only to clients of banks which are certified by the “European Bank” • By doing so, VISA does not need to explicitly mention all the banks which are trusted • VISA trusts EB’s opinion about banks Minor project course

  36. Credential Storage • Every credential can be stored by its issuer, its subject, or a third party • When we try to build a credential chain, we must be able to retrieve the appropriate credentials • Credential chain discovery algorithms suggest storage schemas according to which credentials are retrieved • RT: backward and forward search algorithm • TuLiP • POLIPO Minor project course

  37. In the next lecture… • The POLIPO framework • a rule-based TM language • a reputation system • an algorithm for credential chain discovery Minor project course

  38. Thank you for your attention! Questions? n.zannone@tue.nl d.trivellato@tue.nl Minor project course

More Related