composite decentralized access control
play

Composite Decentralized Access Control Petar Tsankov , Srdjan - PowerPoint PPT Presentation

Composite Decentralized Access Control Petar Tsankov , Srdjan Marinovic, Mohammad Torabi Dashtj, David Basin Instjtute of Informatjon Security ETH Zurich Example: SweGrid Goal Provides computatjonal and storage resources to researchers


  1. Composite Decentralized Access Control Petar Tsankov , Srdjan Marinovic, Mohammad Torabi Dashtj, David Basin Instjtute of Informatjon Security ETH Zurich

  2. Example: SweGrid Goal Provides computatjonal and storage resources to researchers Access Control Requirements – A project leader delegates his authority over resources to principals – A project leader composes the principals' policies (e.g., using permit-override)

  3. Delegatjon Multjple principals can issue access rights delegatjons Project Leader Project leader Dave Bob access rights access rights Researchers Researchers

  4. Delegatjon Multjple principals can issue access rights delegatjons Project Leader Project leader Dave Bob access rights access rights Researchers Researchers Decentralized Access Control

  5. Compositjon Policy decisions in large-scale systems – Grant, Deny, Not-applicable, Confmict Compositjon operators, e.g.: ● Permit-override Project + leader ● Deny-override ● Confmict-override + Bob Dave

  6. Compositjon Policy decisions in large-scale systems – Grant, Deny, Not-applicable, Confmict Compositjon operators, e.g.: ● Permit-override Project + leader ● Deny-override ● Confmict-override + Bob Dave Composite Access Control

  7. System Model Resources Subjects

  8. System Model Requirements Principals control access Resources Subjects

  9. System Model Requirements Principals PDP Policies control access PEP Resources Subjects

  10. Related Work Systems and standards Formal foundatjons

  11. Related Work Delegatjon Systems SecPAL for Grid and KeyNote PDP standards (RFC 2704) RT ('01) Formal foundatjons DKAL ('08) ...

  12. Related Work Compositjon Delegatjon Systems SecPAL for Grid XACML v2.0 and KeyNote PDP standards (RFC 2704) PBel ('08) RT ('01) Formal D-Algebra ('09) DKAL ('08) foundatjons ... PTaCL ('12) ...

  13. Related Work Delegatjon Compositjon + Compositjon Delegatjon SweGrid Systems SecPAL for Grid XACML v2.0 and XACML v3.0 ('13) KeyNote PDP standards (RFC 2704) WSO2 ID Server PBel ('08) RT ('01) Formal D-Algebra ('09) DKAL ('08) foundatjons ... PTaCL ('12) ...

  14. Related Work Delegatjon Compositjon + Compositjon Delegatjon SweGrid Systems SecPAL for Grid XACML v2.0 and XACML v3.0 ('13) KeyNote PDP standards (RFC 2704) WSO2 ID Server PBel ('08) RT ('01) Formal BelLog D-Algebra ('09) DKAL ('08) foundatjons ... PTaCL ('12) ...

  15. How to Build Access Control Systems Verify Construct Specify Policy PDP Policy ➔ Formal semantjcs ➔ Analysis language ➔ Effjcient evaluatjon algorithm ➔ Support for ➔ Decision algorithms delegatjon ➔ Support for compositjon

  16. How to Build Access Control Systems Verify Construct Specify Policy PDP Policy ➔ Formal semantjcs ➔ Analysis language ➔ Effjcient evaluatjon algorithm ➔ Support for ➔ Decision algorithms delegatjon ➔ Support for compositjon

  17. Belnap Logic + Datalog = BelLog Belnap Logic (stratjfjed) Datalog Truth ordering (Program) (rule) (literal) (atom) Knowledge ordering

  18. Belnap Logic + Datalog = BelLog Belnap Logic (stratjfjed) Datalog Truth ordering (Program) (rule) (literal) (atom) Knowledge ordering

  19. Belnap Logic + Datalog = BelLog Belnap Logic (stratjfjed) Datalog Truth ordering (Program) (rule) (literal) (atom) Knowledge ordering

  20. Belnap Logic + Datalog = BelLog Belnap Logic (stratjfjed) Datalog Truth ordering (Program) (rule) (literal) (atom) Knowledge ordering BelLog (Program) Negatjon on truth (rule) Negatjon on knowledge (literal) (atom)

  21. Belnap Logic + Datalog = BelLog Belnap Logic (stratjfjed) Datalog Truth ordering (Program) (rule) (literal) (atom) Knowledge ordering Semantjcs Extend stratjfjed Datalog to four- BelLog valued fjxed-point semantjcs (Program) Negatjon on truth (rule) Negatjon on knowledge (literal) (atom)

  22. BelLog Examples

  23. BelLog Examples Transitjve delegatjon

  24. BelLog Examples Transitjve delegatjon Policy targets

  25. BelLog Examples Transitjve delegatjon Policy targets Agreement

  26. BelLog Examples Transitjve delegatjon Policy targets Agreement Confmict-override

  27. BelLog Examples Transitjve delegatjon Policy targets Other idioms? Agreement Confmict-override

  28. How to Build Access Control Systems Verify Construct Specify Policy PDP Policy ➔ Formal semantjcs ➔ Analysis language ➔ Effjcient evaluatjon algorithm ➔ Support for ➔ Decision algorithms delegatjon ➔ Support for compositjon

  29. Policy Analysis Does the policy meet its requirements? Policy Requirements

  30. Policy Analysis Does the policy meet its requirements? Policy Requirements Questjons

  31. Policy Analysis Does the policy meet its requirements? Policy Requirements Questjons Analyzer

  32. Policy Analysis Does the policy meet its requirements? Policy Requirements Questjons Fix Analyzer Counter- Policy example checked

  33. Policy Analysis Does the policy meet its requirements? Policy Requirements How do we Questjons write this? Fix Analyzer Counter- Policy example checked

  34. Policy Analysis Does the policy meet its requirements? Policy Requirements How do we Questjons write this? Fix Decidability? Analyzer Complexity? Counter- Policy example checked

  35. Analysis Questjons Syntax (questjon) (conditjon) – Is policy P2 more permissive than P1 for all inputs that satjsfy the conditjon c ?

  36. Analysis Questjons Syntax (questjon) (conditjon) – Is policy P2 more permissive than P1 for all inputs that satjsfy the conditjon c ? For a given input: Requests granted by P1 Requests All requests granted by P2

  37. Analysis Questjons Syntax (questjon) (conditjon) – Is policy P2 more permissive than P1 for all inputs that satjsfy the conditjon c ? For a given input: Requests granted by P1 Requests All requests granted by P2

  38. Analysis Questjons Syntax (questjon) (conditjon) – Is policy P2 more permissive than P1 for all inputs that satjsfy the conditjon c ? Check for all inputs that For a given input: satjsfy the conditjon Requests granted by P1 Requests All requests granted by P2

  39. Example: Analysis Questjon Policy Requirement If the requester is a project leader, then grant access.

  40. Example: Analysis Questjon Policy Requirement If the requester is a project leader, then grant access. Analysis Questjon

  41. Analysis

  42. Analysis Theorem 1 Policy containment is undecidable

  43. Analysis Theorem 1 Policy containment is undecidable Theorem 2 Policy containment for unary-input policies* is in CO-NEXP-COMPLETE *Unary-input policies – Example:

  44. Analysis Theorem 1 Policy containment is undecidable Theorem 2 Policy containment for unary-input policies* is in CO-NEXP-COMPLETE Theorem 3 Policy containment for a fjnite universe is in CO-NP-COMPLETE *Unary-input policies – Example:

  45. How to Build Access Control Systems Verify Construct Specify Policy PDP Policy ➔ Formal semantjcs ➔ Analysis language ➔ Effjcient evaluatjon algorithm ➔ Support for ➔ Decision algorithms delegatjon ➔ Support for compositjon

  46. Constructjng PDPs Theorem 4 Policy entailment is in PTIME Policy Interpreter htup://bellog.org GitHub htups://github.com/ptsankov/bellog/

  47. Limitatjons – Analysis of administratjve changes – Analysis complexity and tool support – Usability

  48. BelLog Contributjons A foundatjon for Policy analysis composite decentralized framework access control BelLog PDP (www.bellog.org)

Recommend


More recommend