1 / 28

Recent Advances in the Flexible Access Control Models

Recent Advances in the Flexible Access Control Models. Duminda Wijesekera dwijesek@gmu.edu ise.gmu.edu/~duminda.html. Outline. Access Control A Flexible Access Control Model Materialization Editing Rules Revoking Permissions Provisions and Obligations Access Constraints

zorina
Télécharger la présentation

Recent Advances in the Flexible Access Control Models

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Recent Advances in the Flexible Access Control Models Duminda Wijesekera dwijesek@gmu.edu ise.gmu.edu/~duminda.html

  2. Outline • Access Control • A Flexible Access Control Model • Materialization • Editing Rules • Revoking Permissions • Provisions and Obligations • Access Constraints • Concluding comments

  3. Access Control Outline • Integrity • Information Assurance • Intrusion Detection • Final Remarks

  4. Access Control Models • Making them flexible • Making them general

  5. Access Control in Commercial Systems • Unix • xrw xrw xrw • Database management systems • Griffiths and Wade, ACM TODS 1976 • GRANT <privilege> ON <relation>TO <users>[WITH GRANT OPTION] • REVOKE <privileges> [ON <relations>]FROM <users>

  6. Need for Multiple AccessControl Policies • Closed policy • Open policy • Closed policy with negative authorizations and denials-take-precedence • Closed policy with negative authorizations and most-specific-authorizations-take-precedence • Static and dynamic separation of duty • Chinese wall

  7. Usual Approach • Separation between policies high level guidelines and mechanisms implementing the policies • Policy neutral mechanism • For each policy a security server is specified • Security server maps the policy into mechanisms • Change of policy Change of server

  8. Policy Neutral Mechanism o,a Policy NeutralMechanism User u,o,a yes/no Open Policy Server Closed Policy Server

  9. Flexible Authorization Framework • An authorization is of the form s,o,<sign>a • An authorization specification AS consists of a set of: • authorization cando, • derivation dercando, • conflict resolution do, • history done, and I • ntegrity error predicate symbols

  10. Closed Policy in ASL dercando (u,o,+a) cando(s,o,+a) & in(u,s).do (u,o,+a) dercando(u,o,+a).error(s,o,a) cando(s,o,-a).do (u,o,-a) not do(u,o,+a).

  11. Denials-take-precedence do (u,o,+a) dercando(u,o,+a)& not dercando(u,o,-a). do (u,o,-a) not do(u,o,+a).

  12. Static Separation of Duty error() do(s,budget,submitting) & do(s,budget,evaluating) & do(s,budget,approving) .

  13. Dynamic Separation of Duty error() done(u,o,R,submitting,t) & done(u,o,R’,approving,t’) & done(u,o,R,approving,t’’) & typeof(o,Order).

  14. Chinese Wall error() done(u,o’,R,a’,t) & done(u,o,R’,a,t’) & typeof(o,Company-A) & typeof(o,Company-B).

  15. Functional Architecture AuthorizationTable HistoryTable DECISION USER PropagationPolicy Conflict Resol.+Decision Policy IntegrityConstraints o,s,+a

  16. Reference • Jajodia, Samarati, Sapino, Subrahmanian, “A united framework for supporting multiple access control polices,” ACM TODS, June 2001.

  17. Semantics • A FAF specification forms a locally stratified logic program • It has a unique stable model • Stable model = well founded model

  18. Materialization • Access requests must be decided fast. • Hence materialize FAF predicates • Most useful = DO • Materialization algorithm reconstructs the unique stable model • Looking up materialized rules are faster that backtracking.

  19. Updating FAF Specifications

  20. Example: Electronic Library System • An article A that is published under project P can be made available to all members of P • Any user at the rank of manager or above can access A • If the user is a sponsor who funded the project or the writing of A, then A can be released only after a proprietary notice is added • No one else should have access to the article.

  21. Example: Sealed-bid Auctions • Three kinds of participants • Auctioneer, Supplier, Bidders • The supplier fills in the item to be auctioned, closing time, and the minimum price • Bidders may submit a bid by specifying the item and a bidding price if the current time is before the close of the auction • Auctioneer can fill in “no good” in the status field if the maximum price of all the bids < minimum price and “completed” if the maximum price >= minimum price

  22. Mobile Policy Grant <Access Type> on <Object>to <Security Principal>with provision [<Provisions>]where [<Security Principal> has attribute <tag, value, …> | <predicate>]

  23. Example Grant update on BalanceSheetto user1with provision Add notice “For accounting Group Only”where user1 has attribute (group, accounting group) and (rank, manager of accounting group)

  24. Another Example DoNotGrant write on PayrollEmployeeCheckto user1with provision Notify PayrollSupervisorwhere user1 has attribute (group, payroll)

  25. Auction Example • cando(supplier_info, X, +rw)  in(X,supplier). • cando(auctioneer_info,X, +r)  in(X,supplier). • cando(auctioneer_info,X, +r)  in(X,bidder). • cando(bid, A1, +r)  owner(bid, A1) and uid(A1). • cando(status, auctioneer, +w(“No Good”))  current_top(A1) and field(minimum_price, A2) and A1 < A2 and time(T) and field(closing_time, A3) and T >= A3. • cando(status, auctioneer, +w(“Completed”))  current_top(A1) and field(minimum_price, A2) and A1 >= A2 and time(T) and field(closing_time, A3) and T >= A3.

  26. References • Vinti Doshi, Amgad Fayad, Sushil Jajodia, Roswitha MacLean, “Using attribute certificates with mobile policies in electronic commerce applications,” Proc. 16th Annual Computer Security Applications Conf., New Orleans, LA, December 2000, pages 298-307. • Sushil Jajodia, Michiharu Kudo, V. S. Subrahmanian, ``Provisional authorizations,'' Proc. 1st Workshop on Security and Privacy in E-Commerce, Athens, Greece, November 2000.

  27. Final Remarks • Cryptography is the solution • Firewalls are the solution • Intrusion detection systems are the solution NOT!!!

  28. Focus is back on host security • Access control • DBMS security • Application security

More Related