on key assignment for hierarchical access control
play

On Key Assignment for Hierarchical Access Control Jason Crampton - PowerPoint PPT Presentation

Nov 09, 2023 •993 likes •1.27k views

On Key Assignment for Hierarchical Access Control Jason Crampton Keith Martin Peter Wild Information Security Group Royal Holloway University of London 19th Computer Security Foundations Workshop Introduction On Key Assignment for

  1. On Key Assignment for Hierarchical Access Control Jason Crampton · Keith Martin · Peter Wild Information Security Group · Royal Holloway · University of London 19th Computer Security Foundations Workshop

  2. Introduction

  3. On Key Assignment for Hierarchical Access Control · Introduction What is hierarchical access control? We assume the existence of a set of users U and a set of objects O , a partially ordered set ( X, � ), and a function λ : U ∪ O → X • λ associates each entity e with a security label λ ( e ) • u ∈ U may access o ∈ O if λ ( u ) � λ ( o ) – Sometimes known as the simple security property – Cornerstone of many military security policies CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  4. On Key Assignment for Hierarchical Access Control · Introduction Example X = { unclassified , classified , secret , top secret } unclassified < classified < secret < top secret peter − → t top secret • λ ( peter ) = top secret , λ ( jason ) = classified • peter can read any object secret file . txt − → t secret (including secret file.txt ) • jason can read any unclassified jason − → t classified or classified object (but not secret file.txt ) t unclassified CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  5. On Key Assignment for Hierarchical Access Control · Introduction What is a key assignment scheme? Encrypt objects and supply users peter − → t top secret with appropriate keys • Give peter k u , k c , k s and k t secret file . txt − → t secret • Give jason k u and k c Users have to maintain a number jason − → of different keys t classified • Can we do better? t unclassified CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  6. On Key Assignment for Hierarchical Access Control · Introduction A simple scheme Use some form of top-down encryption to generate keys from a security label and the key associated with the parent label • Choose k t and define – k s = E k t (“ secret ”) – k c = E k s (“ classified ”) – k u = E k c (“ unclassified ”) • Give peter k t and jason k c One implementation is to hash concatenation of parent key and junior security label Can be extended to a key assignment scheme for trees CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  7. On Key Assignment for Hierarchical Access Control · Introduction General problem • How do we handle arbitrary x 1 s � ❅ posets? � ❅ � ❅ • There is not a unique path � ❅ x 2 x 3 s s � ❅ � ❅ from x 1 to x 5 � ❅ � ❅ � ❅ � ❅ � ❅ � ❅ s s s x 4 x 5 x 6 CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  8. On Key Assignment for Hierarchical Access Control · Introduction Our motivation There are (too) many schemes in the literature • Rely on specific cryptographic primitives • Do not consider basic requirements and features of key assignment schemes We want to develop an abstract approach to key assignment schemes • Classify existing schemes • Evaluate the respective merits of different types of scheme CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  9. Key assignment schemes

  10. On Key Assignment for Hierarchical Access Control · Key assignment schemes Basic concepts We assume the existence of a scheme administrator (trusted centre) A key assignment scheme comprises (up to) four algorithms • makeKeys returns a labelled set of encryption keys ( κ ( x ) : x ∈ X ) • makeSecrets returns a labelled set of secret values ( σ ( x ) : x ∈ X ) • makePublicData returns a set of data Pub that is made public by the trusted centre • getKey takes x, y ∈ X , σ ( x ) and Pub and returns κ ( y ) whenever y � x A scheme has independent keys if the keys can be chosen independently of each other and of Pub CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  11. On Key Assignment for Hierarchical Access Control · Key assignment schemes Evaluation criteria • Amount of secret data that needs to be distributed to and stored by end users • Amount of data that needs to be made public • Complexity of key derivation • Complexity of key update (if user leaves or key is compromised) – How much secret data needs to be re-distributed? – How much public data needs to be re-computed? • Resistance to collusion attacks CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  12. On Key Assignment for Hierarchical Access Control · Key assignment schemes Trivial key assignment scheme ✗ High private storage • Independent keys κ ( X ) costs • σ ( x ) = ( κ ( y ) : y � x ) ✓ No public storage • Pub = ∅ ✗ High update costs for • κ ( y ) ∈ σ ( x ) so key derivation is private data trivial ✓ Direct key derivation CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  13. On Key Assignment for Hierarchical Access Control · Key assignment schemes Trivial key encrypting key assignment scheme ✗ High private storage • Independent keys κ ( X ) and set of key encrypting keys K ( X ) costs ✗ High public storage costs • σ ( x ) = ( K ( y ) : y � x ) ✓ Very low costs for • Pub = ( E K ( x ) ( κ ( x )) : x ∈ X ) update of κ ( y ) • κ ( y ) is obtained by decrypting ✗ High costs for update of E K ( y ) ( κ ( y )) ∈ Pub using K ( y ) ∈ σ ( x ) K ( y ) ✓ Direct key derivation CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  14. On Key Assignment for Hierarchical Access Control · Key assignment schemes Direct key encrypting key assignment scheme ✓ Minimizes private • Independent keys κ ( X ) storage costs • σ ( x ) = κ ( x ) ✗ High public storage • Pub = ( E κ ( x ) ( κ ( y )) : y < x ) costs • κ ( y ) is obtained by decrypting • Moderate costs for E κ ( x ) ( κ ( y )) ∈ Pub using κ ( x ) update of private and public data ✓ Direct key derivation CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  15. On Key Assignment for Hierarchical Access Control · Key assignment schemes Iterative key encrypting key assignment scheme ✓ Minimizes private • Independent keys κ ( X ) storage costs • σ ( x ) = κ ( x ) ✓ Minimizes public • Pub = ( E κ ( x ) ( κ ( y )) : y ⋖ x ) storage costs • κ ( y ) is obtained by decrypting • Moderate costs for κ ( z ) for all z on a path from x update of private and to y public data ✗ Iterative key derivation CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  16. On Key Assignment for Hierarchical Access Control · Key assignment schemes Example • TKAS – σ ( x 1 ) = { κ 1 , . . . , κ 6 } x 1 r � ❅ � ❅ • TKEKAS � ❅ x 2 x 3 r r � ❅ � ❅ – σ ( x 1 ) = { K 1 , . . . , K 1 } � ❅ � ❅ � ❅ � ❅ – Pub = { E K 1 ( κ 1 ) , . . . , E K 6 ( κ 6 ) } r r r x 4 x 5 x 6 • DKEKAS – Pub = { E κ 1 ( κ 2 ) , E κ 1 ( κ 3 ) , E κ 1 ( κ 4 ) , . . . } • IKEKAS – Pub = { E κ 1 ( κ 2 ) , E κ 1 ( κ 3 ) , E κ 2 ( κ 4 ) , . . . } CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  17. On Key Assignment for Hierarchical Access Control · Key assignment schemes IKEKAS example Atallah, Frikken and Blanton ( CCS 2005) • Pub = { κ ( y ) − h ( κ ( x ) , y ) : y ⋖ x } , h is a hash function • User with security label x can recover κ ( y ) by computing h ( κ ( x ) , y ) CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  18. On Key Assignment for Hierarchical Access Control · Key assignment schemes Node-based key assignment scheme • Pub ⊇ ( e ( x ) : x ∈ X ) • κ ( x ) = f ( e ( x )) – f is a secret function – There exists a public algorithm g such that g ( f ( e ( x )) , e ( x ) , e ( y )) = g ( κ ( x ) , e ( x ) , e ( y )) = κ ( y ) is feasible to compute if and only y � x • By construction κ ( y ) can be derived (directly) from κ ( x ) (using g ) • Dependent keys ( κ ( x ) = f ( e ( x ))) CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  19. On Key Assignment for Hierarchical Access Control · Key assignment schemes Example Akl and Taylor ( ACM Trans. Comp. Sys. , 1983) • Pub = { n } ∪ ( e ( x ) : x ∈ X ) – n = pq , p and q are large primes – e : X → N such that e ( x ) | e ( y ) if and only if y � x • κ ( x ) = s e ( x ) mod n , where s ∈ Z ∗ n is a system secret e ( y ) e ( x ) = s e ( y ) – Note that ( s e ( x ) ) e ( y ) – Hence κ ( y ) = ( κ ( x )) e ( x ) – It is only feasible to compute κ ( y ) if y � x (on the assumption that it is difficult to compute integral roots modulo n ) • Usual to choose e ( x ) = � y � � x p ( x ), where p ( x ) is a prime CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  20. On Key Assignment for Hierarchical Access Control · Key assignment schemes Characteristics of (simplified) Akl-Taylor scheme ✓ Low private storage • Moderate public storage ✓ Update of public information is very simple ✗ Update of secret information worse than IKEKAS ✓ Direct key derivation ✗ Exponentiation required CSFW · 5 July 2006 · Venice Jason Crampton · Keith Martin · Peter Wild

  21. Conclusion

Recommend

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys

Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys

Preliminaries A bounded asynchronous Cryptographically-Enforced Hierarchical scheme An unbounded Access Control with Multiple Keys asynchronous scheme Concluding remarks Jason Crampton Questions Information Security Group Royal

673 views • 43 slides
HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn

HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control Sylvia L. Osborn Daniel Servos sylvia@csd.uwo.ca dservos5@uwo.ca Department of Computer Science The 7th International Symposium on Foundations &amp; Practice of

1.05k views • 49 slides
Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information

Applying Hierarchical and Role-Based Access Control to XML Documents Jason Crampton Information Security Group Royal Holloway, University of London ACM Workshop on Secure Web Services 2004 George Mason University, 29 October 2004 Applying

647 views • 31 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment quorum consensus: not requiring unanimity goal: use nodes for redundancy, but keep them consistent keep operating when suffjciently many nodes are

1k views • 62 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Access to HE Diploma Assignment Brief (Form AP3 ) Provider name: Sunshine College Access Diploma

Access to HE Diploma Assignment Brief (Form AP3 ) Provider name: Sunshine College Access Diploma

Access to HE Diploma Assignment Brief (Form AP3 ) Provider name: Sunshine College Access Diploma title: Access to HE Diploma (Education) Unit title and code: Teaching and Learning GB7/3/AA/04G Assignment 1 of 3 Presentation Analysis

413 views • 3 slides
Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control

Outline Unix-style access control, contd CSci 5271 Multilevel and mandatory access control Introduction to Computer Security Access control, contd Announcements intermission Stephen McCamant Capability-based access control University

380 views • 7 slides
D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient

D2: Access Control #2: Access cess Contr trol ol Similar to OWASP Top 10 Insufficient access control and authentication checks Insecure access control methods Private, internal functions and data are accessible through a

547 views • 11 slides
Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation

Introduction Delegation operations in hierarchical RBAC Delegation in Role-Based Access Control Controlling delegation Enforcing transfer delegation Jason Crampton Hemanth Khambhammettu semantics Conclusion Information Security

959 views • 57 slides
Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a

Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP NETWORKED ACCESS CONTROL Smart.Net-IP is a simple, modular approach to networked access control with scalability in mind. Easy management from a central location PC from anywhere with an

196 views • 9 slides
Lecture 5: Hierarchical control: theoretical and numerical results Enrique FERNNDEZ-CARA Dpto.

Lecture 5: Hierarchical control: theoretical and numerical results Enrique FERNNDEZ-CARA Dpto.

Lecture 5: Hierarchical control: theoretical and numerical results Enrique FERNNDEZ-CARA Dpto. E.D.A.N. - Univ. of Sevilla Hierarchical control: why and what for Nash and Pareto equilibria Stackelberg strategies Numerics E. Fernndez-Cara

469 views • 43 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confiden5ality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ applica5on Hardware/

985 views • 46 slides
Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer

Outline Basics of access control Unix-style access control CSci 5271 Introduction to Computer Security Announcements intermission Day 10: OS security: access control Multilevel and mandatory access control Stephen McCamant University of

324 views • 10 slides
Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of

Access Control Chester Rebeiro Indian Institute of Technology Madras Access Control (the tao of achieving confidentiality and integrity) Who can access What Objects : Subjects : Files/ Programs/ Sockets/ User/ process/ application

1.31k views • 50 slides
Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following

Access Control Mechanisms Week 6 1 CEN-5079: 7.March.2019 Why Access Control Following authentication, we need to decide what the subject can access 1 Read F 1 OK 2 Bob Write to F Alice 2 F NO ! 3 Execute G G 3 OK

596 views • 56 slides
Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access

Incorporating Off-Line Attribute Delegation into Hierarchical Group and Attribute-Based Access Control Daniel Servos Michael Bauer Western University Western University London, Ontario London, Ontario dservos5@uwo.ca bauer@uwo.ca November

511 views • 34 slides
Assignment 4 Clustering Languages Verena Blaschke July 04, 2018 Assignment 4 I: Feature

Assignment 4 Clustering Languages Verena Blaschke July 04, 2018 Assignment 4 I: Feature

Assignment 4 Clustering Languages Verena Blaschke July 04, 2018 Assignment 4 I: Feature extraction II: K-means clustering III: Principal component analysis IV: Evaluation with gold-standard labels V: Calculating distances VI: Hierarchical

720 views • 28 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is

Access Control SecAppDev 2016 Maarten Decat maarten.decat@kuleuven.be @maartendecat What is access control? Access control is the part of security that constrains the actions that are performed in a system based on access control rules .

1.4k views • 113 slides

More recommend