distributed enforcement of unlinkability policies looking
play

Distributed Enforcement of Unlinkability Policies: Looking Beyond - PowerPoint PPT Presentation

Sep 27, 2022 •213 likes •369 views

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007 Lack

  1. Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007

  2. Lack of audit-log privacy � Enterprise-level access to services � Doors, printers, Wi-Fi, vending, … � Accesses logged at several severs � Security of audit logs � Access by authorized administrators � Privacy of audit logs � Who is allowed to link records? � Wi-Fi logs + Email logs = exposed location Apu Kapadia, Dartmouth College 2

  3. Unlinkability: “Two or more accesses cannot be tied to the same user” � Cryptographic approaches � Mathematical unlinkability � Not always feasible (legal requirements) � Unlinkability through access control � Prevent users from accessing records that can be linked Apu Kapadia, Dartmouth College 3

  4. Chinese Wall is not scalable Alice’s Session Need to maintain access history Apu Kapadia, Dartmouth College 4

  5. Modified semantics for decentralized enforcement � Unlinkability semantics � Prevent access to two or more audit flows � But don’t guarantee access to audit flows of administrator’s choosing Apu Kapadia, Dartmouth College 5

  6. Attached constraints are easy to enforce locally Alice’s Session Apu Kapadia, Dartmouth College 6

  7. Users negotiate unlinkability policies with the PNS Apu Kapadia, Dartmouth College 7

  8. Computing linkability threats Apu Kapadia, Dartmouth College 8

  9. Correctness of policy constraints � Secure � Prevents linking of records � Precise � Users who cannot link records are allowed access Apu Kapadia, Dartmouth College 9

  10. Open-ended sessions are permitted Secure and Precise Apu Kapadia, Dartmouth College 10

  11. Evolving protection state can make deployed policies stale Alice’s Session Campus Security Apu Kapadia, Dartmouth College 11

  12. Use versioning to cope with evolving permissions User Policy Logical clock version number version number Apu Kapadia, Dartmouth College 12

  13. Security and Precision � Security and precision guaranteed � If user’s version number policy version number � Loss in precision � For users with larger version numbers � But security is maintained Apu Kapadia, Dartmouth College 13

  14. Future Directions � More precision � Better policy analysis? � Better versioning scheme � More version numbers? � Experimental evaluation � Degradation of precision � Overhead of evaluating constraints � Usability � Interaction with Policy Negotiation Server Apu Kapadia, Dartmouth College 14

  15. Conclusions � Unlinkability through access control � Policies attached to audit records � Efficient decentralized enforcement � Modified Chinese Wall semantics � Copes with evolving protection state � Versioning scheme to maintain security and precision Apu Kapadia, Dartmouth College 15

Recommend

Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules

Deriving Enforcement Mechanisms from Policies Deriving Enforcement Mechanisms from H. Janicke, et.al. Policies Motivation ITL Policy Rules Helge Janicke, Antonio Cau, Fran cois Siewe, Enforcement Hussein Zedan Summary Software

550 views • 16 slides
Philippine Policies and Legislation And their Enforcement for the Protection of Migrant Workers

Philippine Policies and Legislation And their Enforcement for the Protection of Migrant Workers

Philippine Policies and Legislation And their Enforcement for the Protection of Migrant Workers in the Fishing Industry during Recruitment and Employment September 12-13, 2013 Aston Hotel, Makassar, Indonesia 1 The Philippines presently

801 views • 54 slides
Security Summer 2016 Cornell University 1 Today Security policies Enforcement

Security Summer 2016 Cornell University 1 Today Security policies Enforcement

CS 4410 Operating Systems Security Summer 2016 Cornell University 1 Today Security policies Enforcement Authenticating people Passwords 2 Security policy Security policies prescribe what must be done and what must not be

431 views • 13 slides
Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

625 views • 25 slides
Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich,

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Hardware Enforcement of Application Security Policies Using Tagged Memory Nickolai Zeldovich, Hari Kannan, Michael Dalton and Christos Kozyrakis Dresden,

553 views • 14 slides
Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2

Motivation A Language-Based Approach Issues Summary Specification and Enforcement of Information Erasure Policies Sebastian Hunt 1 David Sands 2 Filippo Del Tedesco 2 1 City University London 2 Chalmers University of Technology, Sweden The

1.03k views • 29 slides
Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise

Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise

in case it gets lost or stolen, enterprises also require easy administration, patching, Push-Email And Mobile enforcement of company policies, secure access Devices In The Enterprise to corporate resources etc. These requirements become more

545 views • 9 slides
The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg

This Document Does Not Contain Controlled Technology or Technical Data Draper Proprietary The Dover Architecture Hardware Enforcement of Software-Defined Security Policies Team: Greg Sullivan (Draper) (presenting), Andr DeHon (UPenn), Eli

433 views • 19 slides
Formal Computational Unlinkability Proofs of RFID Protocols Hubert Comon, Adrien Koutsos January

Formal Computational Unlinkability Proofs of RFID Protocols Hubert Comon, Adrien Koutsos January

Formal Computational Unlinkability Proofs of RFID Protocols Hubert Comon, Adrien Koutsos January 29, 2018 Hubert Comon, Adrien Koutsos Formal Proofs of RFID Protocols January 29, 2018 1 / 21 Motivations Security protocols Distributed

483 views • 21 slides
Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and

Cassandra: Distributed Access Control Policies with Tunable Expressiveness Moritz Y. Becker and Peter Sewell Computer Laboratory, University of Cambridge, U.K. Cassandra: Distributed Access Control Policies with Tunable Expressiveness p.

1.44k views • 20 slides
Modelling Unlinkability Stefan K opsell Sandra Steinbrecher Technische Universit at

Modelling Unlinkability Stefan K opsell Sandra Steinbrecher Technische Universit at

Modelling Unlinkability Stefan K opsell Sandra Steinbrecher Technische Universit at Dresden Freie Universit at Berlin <sk13@inf.tu-dresden.de> <steinbrecher@acm.org> Talk at PET 2003, Dresden Contents: 1. Metrics for

568 views • 18 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Key State Policies Supporting Distributed Generation in New York 2 NYS PSCs Reforming the

Key State Policies Supporting Distributed Generation in New York 2 NYS PSCs Reforming the

Key State Policies Supporting Distributed Generation in New York 2 NYS PSCs Reforming the Energy Vision Proceeding (14-M-0101) is About: to Achieve Higher through Animating Empowering System Efficiency, Lower Customers to Better

598 views • 23 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which

Monitoring Security Policies Felix Klaedtke NEC Labs Europe Story so far . . . Which policies are enforceable ? Characterization for an abstract setting Enforcement via execution monitoring system allowed

1.03k views • 73 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
Distributed Privacy Policy Enforcement David Chadwick, Kaniz Fatema University of Kent Scenario

Distributed Privacy Policy Enforcement David Chadwick, Kaniz Fatema University of Kent Scenario

Distributed Privacy Policy Enforcement David Chadwick, Kaniz Fatema University of Kent Scenario A Subject submits some personal identifying information (PII) along with her privacy policy to a service provider (SP) An SP user

429 views • 18 slides
BRIEFING ON EELGRASS HABITAT RESTORATION ADRIENNE KLEIN, BCDC ENFORCEMENT STAFF JUNE 24, 2020

BRIEFING ON EELGRASS HABITAT RESTORATION ADRIENNE KLEIN, BCDC ENFORCEMENT STAFF JUNE 24, 2020

BRIEFING ON EELGRASS HABITAT RESTORATION ADRIENNE KLEIN, BCDC ENFORCEMENT STAFF JUNE 24, 2020 BCDC ENFORCEMENT COMMITTEE MEETING ITEM 7 OUTLINE Purpose for todays briefing Review relevant policies of the SF Bay Plan and Richardsons

351 views • 15 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and

Rewrite Specifications of Access Control Policies in Distributed Environments C. Bertolissi and M. Fernndez LIF , Marseille & Kings College London WTS2010, Nancy C. Bertolissi, M. Fernndez () Term rewriting for Access Control

1.04k views • 28 slides
Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings

Rewrite-Based Access Control Policies in Distributed Environments Maribel Fern andez Kings College London Joint work with Clara Bertolissi (LIF, Univ. Marseilles) 12th CREST Open Workshop - Security and Code April 2011 M. Fern andez

1.04k views • 30 slides
POLICIES AND REGULATIONS TO IMPROVE TRANSPARENCY IN THE OWNERSHIP, CONTROL AND BENEFIT OF

POLICIES AND REGULATIONS TO IMPROVE TRANSPARENCY IN THE OWNERSHIP, CONTROL AND BENEFIT OF

POLICIES AND REGULATIONS TO IMPROVE TRANSPARENCY IN THE OWNERSHIP, CONTROL AND BENEFIT OF CORPORATE VEHICLES ALFONSO D. LANUZA, JR Officer-In-Charge Anti-Money Laundering Division Enforcement and Investor Protection Department SECURITIES

481 views • 44 slides
WHITE PAPER: ELECTROSHOCK WEAPONS (ESWs) AND PUBLIC SAFETY: THE NEED FOR LAW ENFORCEMENT

WHITE PAPER: ELECTROSHOCK WEAPONS (ESWs) AND PUBLIC SAFETY: THE NEED FOR LAW ENFORCEMENT

WHITE PAPER: ELECTROSHOCK WEAPONS (ESWs) AND PUBLIC SAFETY: THE NEED FOR LAW ENFORCEMENT AGENCIES (LEAs) TO UPDATE POLICIES, PRACTICES AND TRAINING TO REFLECT THE LATEST RESEARCH AND RISKS OF THESE POTENTIALLY DEADLY WEAPONS DEFEND. PROTECT.

467 views • 9 slides

More recommend