real time access control reconfiguration
play

Real-time Access Control Reconfiguration By Ashish Gehani and - PowerPoint PPT Presentation

Jan 08, 2023 •425 likes •585 views

Real-time Access Control Reconfiguration By Ashish Gehani and Gershon Kedem Department of Computer Science, Duke University Introduction Internet growth Increasingly frequent attacks Heterogenous deployed software More

  1. Real-time Access Control Reconfiguration By Ashish Gehani and Gershon Kedem Department of Computer Science, Duke University

  2. Introduction • Internet growth ⇒ Increasingly frequent attacks • Heterogenous deployed software ⇒ More exploitable bugs • Anonymity online ⇒ Attacks spread quickly

  3. Motivation • Automate intrusion response • Tighten access control ⇒ Reduce exposure • Dynamically reconfigure ⇒ Minimize mean time to response • Decreases system usability ⇒ Deny only when risk warrants it

  4. Design - User Space Response • Intrusion detector ⇒ Application ⇒ Change permissions • Problems : – Granularity : Exactly which permissions? – Overhead : Frequent reconfiguration – Temporal Gap : Allows race conditions (Time of use < Time of reconfiguration)

  5. Design - OS Support • Instrumented Linux 2.2.12 kernel • Instrumented Sun Java 1.2 runtime • Trapped all calls • Overhead unacceptable • Limited to extant security subsystem • Permissions are predicated • Result : Active Reference Monitor

  6. Design - Security Policy • Specified using: L : Formal language X : Axioms I : Rules of inference Q : Proof technique • Can verify statement σ ∈ L – Start with X , use I according to Q , derive σ • In principle, can specificy and verify • Problems in practice : – Complex for “real” system – Part of system outside administrative domain – Gap between abstraction and implementation

  7. Design - Permission Semantics • Focus on subset of security policy • Authorization policy : σ → p (ermission) • Given : i ∈ S(ubjects), j ∈ O(bjects), k ∈ A(uthorization types) • Instead of p(i,j,k) = 0 or p(i,j,k) = 1, Use p(i,j,k) = σ

  8. Design - Temporal Constraints • Applications do not expect: – Variable length permission checks – Access control configuration changes • Q bounded to constant t steps ⇒ Choice of L not material • Permission check time : O(t) = O(1) • Permission denial ⇒ Signal with buffer b • Signal handler can get (p, σ ) from b

  9. Design - Activation • Select based on benefit and cost • Cost is frequency in workload • Interface : enableSafeguard(Permission p) disableSafeguard(Permission p)

  10. Implementation - Interposition

  11. Implementation - Invocation public abstract class PredicateThread extends Thread{ protected PredicateThread(Permission permission, Object lock); public void run(){ if( condition ) result=true; synchronized(lock){ lock.notify(); } } public boolean getResult(); }

  12. Evaluation - Primitive times Access Type Time getSystemLoad() 0.34 ms getTransmitted(eth0) 1.02 ms getReceived(eth0) 1.01 ms getFreeSwap() 0.39 ms getFreeRAM() 0.39 ms

  13. Evaluation - Worst Case Impact

  14. Related Work • Active Capabilities, FLASK, RS-BAC … • Differences : – Constant running time guarantee – Expose denial semantics programmatically ⇒ Allow application adaptation – Activation based on cost and benefit – Predicates activatable at permission granularity ⇒ Minimizes impact

  15. Conclusion • Argued for predicated permissions • Used temporal constraints • Described changes in semantics • Showed programmatic access • Dynamic reconfigurability ⇒ Needed for real-time response • Demonstrated acceptable performance

Recommend

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of

Access Control and Protection Overview Access control: What and Why Abstract Models of Access Control Discretionary acces control Mandatory access control Real systems: Unix Access Control Model Access control Access

817 views • 47 slides
1 Challenge 4: Adaptive QoS Control Certification Develop software feedback control in

1 Challenge 4: Adaptive QoS Control Certification Develop software feedback control in

Challenges for Real-Time Systems Adaptive QoS Control Classical real-time scheduling theory relies on accurate knowledge about workload and platform. in Distributed Real-Time Middleware New challenges under uncertainties Maintain robust

342 views • 8 slides
Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning

IAB Workshop on Smart Object Security Paris, March 2012 Access Control for Smart Objects Access Control for Smart Objects Jan Janak, Hyunwoo Nam, Henning Schulzrinne I R T Columbia University Internet Real-Time Laboratory This work is

57 views • 5 slides
Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct

Access Control Access Control 1 Access Control Access control : ensures that all direct accesses to object are authorized a scheme for mapping users to allowed actions Protection objects : system resources for which protection is

576 views • 21 slides
Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control?

Access Control Jackson Argo Rackspace MO After-hours April 28, 2016 What is Access Control? How Is Access Determined? Who Determines Access? Forms of Access Control SELinux Booleans iptables File Access Control Lists Apache Access Control

711 views • 36 slides
Feedback Control for Real-Time Systems Chenyang Lu Cyber-Physical Systems Laboratory Department

Feedback Control for Real-Time Systems Chenyang Lu Cyber-Physical Systems Laboratory Department

Feedback Control for Real-Time Systems Chenyang Lu Cyber-Physical Systems Laboratory Department of Computer Science and Engineering CPS Week 2013 Outline q CPU UClizaCon Control for Distributed Real-Time Systems q Model PredicCve Control q

691 views • 37 slides
Optimized Control- and Communication- Architecture for highest Performance TwinCAT The eXtreme

Optimized Control- and Communication- Architecture for highest Performance TwinCAT The eXtreme

Optimized Control- and Communication- Architecture for highest Performance TwinCAT The eXtreme Fast Real-time Control Software real-time with MS Windows -&gt; cycle times up to 50s standard IEC61131 programming in XFC real-time tasks

289 views • 12 slides
1 General Access Control General Access Control Control of access to memory relatively easy:

1 General Access Control General Access Control Control of access to memory relatively easy:

Role of Access Control Before closing back doors we need to close front doors Access control: determines access to files &amp; processes in OS Fall 2008 We will return to these themes throughout the course Fall 2008 CS

512 views • 6 slides
Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information

Time-Storage Trade-Offs for Cryptographically-Enforced Access Control Jason Crampton Information Security Group Royal Holloway, University of London ESORICS 2011 Traditional Access Control ? SECRET Time-Storage

707 views • 45 slides
ADESBA Real Time Control Silja Mendes SEGNO Industrie Automation GmbH In a nutshell Fully

ADESBA Real Time Control Silja Mendes SEGNO Industrie Automation GmbH In a nutshell Fully

ADESBA Real Time Control Silja Mendes SEGNO Industrie Automation GmbH In a nutshell Fully automated real time control system Minimizes combined sewer overflow Using accurate communication between single CSO facilities

387 views • 13 slides
Real-Time Wireless Control Networks for Cyber-Physical Systems Chenyang Lu

Real-Time Wireless Control Networks for Cyber-Physical Systems Chenyang Lu

Real-Time Wireless Control Networks for Cyber-Physical Systems Chenyang Lu Cyber-Physical Systems Laboratory Department of Computer Science and Engineering Wireless Control Networks Real-time Sensor Reliability Control

297 views • 28 slides
SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing

SYSTEM DIAGRAMS Door Entry &amp; Access Control ACCESS CONTROL ACCESS CONTROL Allowing residents / staff access to site areas Main entrance Vehicle entrances Pedestrian entrances Gate / Barrier entrance Bin / Bike / Refuge

336 views • 14 slides
KYTCs Real Time Network and its role in GPS Machine Control Machine Control Pilot Project

KYTCs Real Time Network and its role in GPS Machine Control Machine Control Pilot Project

KYTCs Real Time Network and its role in GPS Machine Control Machine Control Pilot Project Evaluate use of RTN in place of on site GPS Base Station Additional Cost Downtime for setup Communication Issues Accuracy Comparison

635 views • 21 slides
SOCIAL INTELLIGENCE PROVIDES ACCESS TO YOUR CUSTOMERS WITH REAL-TIME MARKET INTELLIGENCE Why

SOCIAL INTELLIGENCE PROVIDES ACCESS TO YOUR CUSTOMERS WITH REAL-TIME MARKET INTELLIGENCE Why

SOCIAL INTELLIGENCE PROVIDES ACCESS TO YOUR CUSTOMERS WITH REAL-TIME MARKET INTELLIGENCE Why use MMRI Radar? IN-THE-MOMENT NON-INTRUSIVE Access to in the moment, spontaneous Gain insights without responses which are not constrained

1.07k views • 12 slides
Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #15 Updated 2009-03-03 Dependable Distributed Dependable Distributed Real- Real -Time Systems Time Systems Real- -Time Systems Time Systems Real Aircraft/automotive

501 views • 9 slides
GNU/Linux and FPGA in Real-time Control Applications Pavel Pisa pisa@cmp.felk.cvut.cz CC BY-SA

GNU/Linux and FPGA in Real-time Control Applications Pavel Pisa pisa@cmp.felk.cvut.cz CC BY-SA

Introduction BLDC/PMSM Motor Control Other Projects GNU/Linux and FPGA in Real-time Control Applications Pavel Pisa pisa@cmp.felk.cvut.cz CC BY-SA Czech Technical University in Prague Faculty of Electrical Engineering Department of Control

735 views • 44 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Kreta3 Kimaldi Electronics, S.L. www.kimaldi.com Kreta3 The strongest and most adaptable access

Kreta3 Kimaldi Electronics, S.L. www.kimaldi.com Kreta3 The strongest and most adaptable access

Access and Time&amp;Attendance Control Off-line Kreta3 Kimaldi Electronics, S.L. www.kimaldi.com Kreta3 The strongest and most adaptable access control and time&amp;attendance control terminal of the market Powerful access control and

519 views • 19 slides
RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS

RTOS Real-Time Operating Systems Chenyang Lu OS Support for Real-Time Real-Time OS Real-time extensions to general-purpose OS Chenyang Lu 2 RTOS: Features for Efficiency Small Minimal set of functionality Fast context switch

504 views • 16 slides
OceanNOMADS An Update: Real-time and Retrospective Access to Operational U.S. Ocean

OceanNOMADS An Update: Real-time and Retrospective Access to Operational U.S. Ocean

OceanNOMADS An Update: Real-time and Retrospective Access to Operational U.S. Ocean Prediction Products Presentation to: 11 th Symposium on the Coastal Environment 93 rd AMS Annual Meeting John Harding, Northern Gulf Institute Scott Cross,

434 views • 21 slides
Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time

EDA222/DIT160 Real-Time Systems, Chalmers/GU, 2008/2009 Lecture #10 Updated 2009-02-15 Real Real- -Time Systems Time Systems Designing a real- Designing a real -time system time system Logical function What should be done &amp;

500 views • 8 slides
Experiences of Teaching Real-Time Systems to Control Engineers Karl-Erik rzn Dept of

Experiences of Teaching Real-Time Systems to Control Engineers Karl-Erik rzn Dept of

Experiences of Teaching Real-Time Systems to Control Engineers Karl-Erik rzn Dept of Automatic Control Lund University Outline The Lund Education Systems The Real-Time Systems Course A MBSE Perspective on the course Education

718 views • 43 slides
In Situ Adaptive Tabulation for Real-Time Control J. D. Hedengren T. F. Edgar The University of

In Situ Adaptive Tabulation for Real-Time Control J. D. Hedengren T. F. Edgar The University of

In Situ Adaptive Tabulation for Real-Time Control J. D. Hedengren T. F. Edgar The University of Texas at Austin 2004 American Control Conference Boston, MA Outline Model reduction and computational reduction Introduction to ISAT

395 views • 26 slides
ACI Scurit Informatique CORTOS CORTOS = Control and Observation of Real-Time Open

ACI Scurit Informatique CORTOS CORTOS = Control and Observation of Real-Time Open

Verification &amp; Control Discrete Games Timed Games Symbolic Algorithms Conclusion ACI Scurit Informatique CORTOS CORTOS = Control and Observation of Real-Time Open Systems Participants: LSV + VERIMAG + IRCCyN Web:

1.97k views • 175 slides

More recommend