distributed enforcement of unlinkability policies looking
play

Distributed Enforcement of Unlinkability Policies: Looking Beyond - PowerPoint PPT Presentation

Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007 Lack


  1. Distributed Enforcement of Unlinkability Policies: Looking Beyond the Chinese Wall Apu Kapadia, Prasad Naldurg, Roy H. Campbell Dartmouth College (ISTS) Microsoft Research, India University of Illinois at Urbana-Champaign Policy 2007

  2. Lack of audit-log privacy � Enterprise-level access to services � Doors, printers, Wi-Fi, vending, … � Accesses logged at several severs � Security of audit logs � Access by authorized administrators � Privacy of audit logs � Who is allowed to link records? � Wi-Fi logs + Email logs = exposed location Apu Kapadia, Dartmouth College 2

  3. Unlinkability: “Two or more accesses cannot be tied to the same user” � Cryptographic approaches � Mathematical unlinkability � Not always feasible (legal requirements) � Unlinkability through access control � Prevent users from accessing records that can be linked Apu Kapadia, Dartmouth College 3

  4. Chinese Wall is not scalable Alice’s Session Need to maintain access history Apu Kapadia, Dartmouth College 4

  5. Modified semantics for decentralized enforcement � Unlinkability semantics � Prevent access to two or more audit flows � But don’t guarantee access to audit flows of administrator’s choosing Apu Kapadia, Dartmouth College 5

  6. Attached constraints are easy to enforce locally Alice’s Session Apu Kapadia, Dartmouth College 6

  7. Users negotiate unlinkability policies with the PNS Apu Kapadia, Dartmouth College 7

  8. Computing linkability threats Apu Kapadia, Dartmouth College 8

  9. Correctness of policy constraints � Secure � Prevents linking of records � Precise � Users who cannot link records are allowed access Apu Kapadia, Dartmouth College 9

  10. Open-ended sessions are permitted Secure and Precise Apu Kapadia, Dartmouth College 10

  11. Evolving protection state can make deployed policies stale Alice’s Session Campus Security Apu Kapadia, Dartmouth College 11

  12. Use versioning to cope with evolving permissions User Policy Logical clock version number version number Apu Kapadia, Dartmouth College 12

  13. Security and Precision � Security and precision guaranteed � If user’s version number policy version number � Loss in precision � For users with larger version numbers � But security is maintained Apu Kapadia, Dartmouth College 13

  14. Future Directions � More precision � Better policy analysis? � Better versioning scheme � More version numbers? � Experimental evaluation � Degradation of precision � Overhead of evaluating constraints � Usability � Interaction with Policy Negotiation Server Apu Kapadia, Dartmouth College 14

  15. Conclusions � Unlinkability through access control � Policies attached to audit records � Efficient decentralized enforcement � Modified Chinese Wall semantics � Copes with evolving protection state � Versioning scheme to maintain security and precision Apu Kapadia, Dartmouth College 15

Recommend


More recommend