Access Control � Origin Usage Control (UCON) � Since the advent of timesharing system � The main goal is to selectively determine � who can access services, resources, and ISA 767, Secure Electronic Commerce digital contents and Xinwen Zhang, xzhang6@gmu.edu � exactly what access is provided George Mason University 2 Access Control Models Traditional Access Control � Evolvement of AC Models � To protect computer/information resources by limiting previously known users’ actions � Identity-based � AC Matrix, DAC, etc or operations � Label-based � Access matrix based approach still remains � MAC unchanged (ACL, Capability list) � Function/duty/task/role-based: � RBAC, etc � Right is pre-defined and granted to a � Attribute-based: subject � UCON � MAC, DAC, RBAC � DRM � Trusted Management 3 4 Digital Rights Management Trust Management (DRM) � Superdistribution � TM deals with authorization process in distributed � It’s a system, a technology, a service, an application systems environment for the access of users who software, and a solution are previously unknown to the system � No concrete definition. � Trust management does not utilize identity of a � Many interests groups, many vendors, many solutions, but no standards subject for authorization process. Rather, it � Controlling and tracking access to and usage (including utilizes capabilities or properties of a subject for dissemination) of digital information objects authorization decisions. � Securing digital object itself, not the transmission � Only server-side information can be protected. � By using cryptographic, and watermarking technologies � Business perspectives � Not just for protections, but new business models � Increased revenue 5 6 1
DRM (continued) And other works � Problem-specific enhancement to traditional � Incrementally enhanced models access control � Provisional authorization [Kudo & Hada, 2000] � enables controls on usage of digital objects at � EACL [Ryutov & Neuman, 2001] client-side by utilizing Client-side reference monitor � Task-based Access Control [Thomas & Sandhu, 1997] � mainly focus on intellectual property rights protection. � Ponder [Damianou et al., 2001] � Architecture and Mechanism level studies, Functional specification languages – Lack of access control model 7 8 Provisional authorization EACL [Ryutov & Neuman, 2001] Support of the advanced policies that allow actions when security Kudo & Hada, CCS’00 � � violations are suspected or detected. An access can be authorized � Support policy enforcement at various time stages of the requested provided the subject (and/or � the system) takes certain action. security actions : Simplify integration of related security services, such as � You are allowed to access � authentication, intrusion detection, audit and notification with confidential information, applications. but the access must be logged Facilitate authorization decisions for applications. � You are allowed to read Provide generic policy evaluation environment. � � sensitive information, but Provide a uniform integration model. you must sign a terms and � conditions statement first Aim for extensibility to avoid the need to redesign the system in the � If unauthorized access is future. � detected, a warning message must be sent to an administrator 9 10 EACL Task-based � Tom can run a process on host bom.isi.edu. � Task-based Access Control [Thomas & � If the request fails, a notification must be sent to a system Sandhu, 1997] administrator. � The process must not consume more than 20% of the CPU. � Consumable rights � An audit record about the completed process must be generated. � Conditions � Authorization is one-time and request- � Identity, authentication method, based permission by utilizing � Payment, Time, consumable rights. � Location � Notification � Audit System Threat Level Threshold � Application specific � Continuous control and update issues 11 12 2
Ponder Problem Statement (1) � Traditional access control models are not � A policy language � Authorizations adequate for today’s distributed, network- � Obligations (more like duties) connected digital environment. � Delegations � Authorization only – No obligation or condition based control � Decision is made before access – No ongoing control � No consumable rights - No mutable attributes � Rights are pre-defined and granted to subjects 13 14 Problem Statement (2) Motivations � No access control models available for DRM. � Highly dynamic and distributed � Recently enhanced models are not computing environments require flexible comprehensive enough to resolve various AC shortcomings. � Need for a unified model that can encompass � Object can be located in various places traditional access control models, DRM and � General client side platforms other enhanced access control models from recent literature � Unknown or partial authenticated users � General attributes of users 15 16 Motivations Security Techniques � Multi-aspects of access control decisions � Prevention � access control � Attributes of subjects and objects � Detection � Obligations � auditing/intrusion detection � Environmental conditions � incident handling � Continually control � Tracing � Access is has a duration - usage � Response/Reaction/Recover � Dynamics of subject and object � Backup attributes � Restore � Acceptance • Tolerance and practicality 17 18 3
Research Scope in Infosec Usage Control (UCON) Coverage � Security Objectives Protection Objectives � Response/ � Sensitive � Prevention Reaction Privacy information Protection IDRS � Detection protection � IPR protection � Response/reaction Detection IDS Intellectual � Privacy protection IDS IDS � Target Resources Property Rights DRM Protection Protection � � Information resources Architectures DRM � Computer system � Server-side Prevention Firewall TM Sensitive reference monitor resources Traditional Trust Usage Control TAC Access Information Management � Client-side � network resources Control Protection reference monitor Information Computer System Network Resources Resources Resources � SRM & CRM Server-side Client-side Reference Monitor Reference Monitor SRM & CRM 19 20 (SRM) (CRM) OM-AM layered Approach Building UCON ABC Models pre ongoing N/A Continuity of Decisions Authoriza- Before Usage After tions (A) What ? Policy neutral Usage Decision Mutability of UCON ABC model pre ongoing post Attributes Server-side RM, client-side RM, etc Subjects Rights Objects DRM technologies, (S) (R) (O) � Continuity How ? attribute certificates, trustec computing, XrML, XACML, etc. � Decision can be made during Usage Control System usage for continuous enforcement Subject Attributes Object Attributes Assurance (ATT(S)) (ATT(O)) � Mutability Obligations Conditions (B) (C) � Attributes can be updated as side- effects of subjects’ actions 21 22 Subjects (S) Subject Attributes (ATT(S)) � entities associated with attributes, and hold � Properties of a subject that can be used for the usage decision process and exercise certain rights on objects � identity, role, credit, membership, security level, � For simplicity, subject can be regarded as capability, etc. representing an individual human being � Immutable attributes: can be changed only by administrative action � Consumer, Provider, Identifiee subjects � Mutable attributes: can be modified as a side � Identifiee subjects: identified subjects in digital effects of subject’s access to objects (credit, objects that include their privacy-sensitive clearance with high watermark, access time, etc.) information. (patients in health care system). � Trusted source of attribute values and timeliness is prerequisite for UCON. 23 24 4
Recommend
More recommend
