Secure Interoperation in Multidomain Environments Employing UCON - PowerPoint PPT Presentation

Secure Interoperation in Multidomain Environments Employing UCON Policies Environments Employing UCON Policies Jianfeng Lu, RuixuanLi, VijayVaradharajan, ZhengdingLu and XiaopuMa ZhengdingLu, and XiaopuMa Huazhong University of Science and Technology H h U i it f S i d T h l Wuhan, China 1

Outline li Background Background 1 1. Attribute Mapping Technique 2. Security Issues for Attribute Mappings S it I f Att ib t M i 3. 3 Illustration and Analysis 4. Conclusion and Future work 5. 2

β Bob ｒ d Background α k Alice

Secure Interoperation i secure secure interoperability p y interoperability p y policies policies sharing g R Resources Resources Secure interoperability Secure interoperability Security and Security and Availability 4

Problems bl  Interoperation based on RBAC (traditional)  Interoperation based on RBAC (traditional)  Shortcomings Sh t i  static authorization  no further enforcement during the access f th f t d i th  Requirements R i t  Interactive  concurrent t 5

Why Employ Usage Control ( (UCON) )  Distinguishing properties  Distinguishing properties  decision continuity  attribute mutability  attribute mutability  Unified framework  Unified framework  Traditional access control  Digital management  Digital management  Trust negotiation  Next generation access control model 6

Motivation Example i i l DRM application Object O Object O Alice Alice Foreign Domain Local Domain 7

Motivation Example (cont.) i i l ( )  A new access request is allowed or not  A new access request is allowed or not  the number of users accessing the object is smaller than g j 10  (a)Junior-Member role.  (b) virtual-money ≥ $100  the number of users accessing the object is already 10 th b f i th bj t i l d 10  Role  virtual-money  virtual money  Domain  usage-time 8

Motivation Example (cont.) i i l ( )  Traditional access control models lack the flexibility to  Traditional access control models lack the flexibility to specify policies in these scenarios  The access control of this motivating example is not a simple action but it consists of a sequence of actions simple action, but it consists of a sequence of actions and events from subjects and system  In UCON terminology, this example includes pre- update ongoing update post update revoking access update, ongoing-update, post-update, revoking access actions 9

Our contributions ib i  Attribute mapping based interoperation policy  Attribute mapping based interoperation policy framework  Study how security violations arise and show it is efficient to resolve them efficient to resolve them.  Cyclic inheritance  Cyclic inheritance  SoD  Cardinality constraint  Cardinality constraint 10

Related work l d k  Traditional interoperation policy based on RBAC  Static authorization  Static authorization  Dynamic considered  Security violation detection and resolution  New properties N i  New resolutions 11

Outline li Background Background 1 1. Attribute Mapping Technique 2. Security Issues for Attribute Mappings S it I f Att ib t M i 3. 3 Illustration and Analysis 4. Conclusion and Future work 5. 12

Attribute Classification ib l ifi i  based on available scope  based on available scope  Local-domain attributes  Multi domain attributes  Multi-domain attributes  based on liveness  Temporary attributes  Temporary attributes  Persistent attributes  based on whether the attributes can be updated during  based on whether the attributes can be updated during the usage process  Mutable attributes  Mutable attributes  Immutable attributes 13

Attribute Classification (cont.) ib l ifi i ( )  Combine 14

Which types of attributes need to be translated? l d  Not Translate  Not Translate  Multi-domain attributes  Temporary attributes  Temporary attributes  Translate  Translate  LPM (local-domain persistent mutable)  LPI (local domain persistent immutable)  LPI (local-domain persistent immutable) 15

Attribute mapping i ib 16

LPM,LPI mappings i 17

Outline li Background Background 1 1. Attribute Mapping Technique 2. Security Issues for Attribute Mappings S it I f Att ib t M i 3. 3 Illustration and Analysis 4. Conclusion and Future work 5. 18

Security issues for attribute mappings i  Various types of security violations  Cyclic inheritance  Separation-of-Duty (SoD)  Cardinality constraint 19

Cyclic inheritance violation i l i li i h i 20

Cyclic inheritance violation (cont.) li i h i i l i ( )  Theorem 3. The checking problem for violations of cyclic inheritance is in P. li i h it i i P 21

Separation-of-Duty violation i l i f i 22

SD-SMEA constraint i 23

) SD-SMEA constraint (cont.) ( i 24

MD-SMEA constraint i 25

) MD-SMEA constraint (cont.) ( i 26

SD-SMEA && MD-SMEA  Difference  Difference  SD-SMEA: single type of LPI attribute (e.g., role, identify, occupation et al) identify, occupation et al)  MD-SMEA: multiple (SD-SMEA) +multiple (Trust MD SMEA: multiple (SD SMEA) multiple (Trust negotion) 27

Checking Problem for SMEA f bl ki h 28

Outline li Background Background 1 1. Attribute Mapping Technique 2. Security Issues for Attribute Mappings S it I f Att ib t M i 3. 3 Illustration and Analysis 4. Conclusion and Future work 5. 29

Illustration and analysis ll i d l i  The proposed policy framework is based on the  The proposed policy framework is based on the following suppositions:  All security domains in the interoperation environments  All security domains in the interoperation environments employ the usage control policy  Foreign users trying to access the local objects have g y g j already passed the authentication, and the different domains have undergone the trust negotiation 30

Illustration and analysis (cont.) ll i d l i ( )  Local Domain Usage Control Policies  Local Domain Usage Control Policies 31

Attribute Mapping and Conflict Resolution among Domains l i i  MPI and MPM attributes are forwarded from foreign  MPI and MPM attributes are forwarded from foreign domain to local domain without any attribute mappings mappings  Establish the mappings of LPI and LPM attributes  Establish the mappings of LPI and LPM attributes 32

Attribute acquisition and updates ib i i i d d  We employ push based mode to acquire immutable  We employ push-based mode to acquire immutable subject and object attributes  We employ pull based mode to acquire mutable  We employ pull-based mode to acquire mutable subject and object attributes 33

Outline li Background Background 1 1. Attribute Mapping Technique 2. Security Issues for Attribute Mappings S it I f Att ib t M i 3. 3 Illustration and Analysis 4. Conclusion and Future work 5. 34

Conclusion l i  Attribute mapping technique new interoperation  Attribute mapping technique, new interoperation policy framework based it.  Study how conflicts arise and show it is efficient to resolve them resolve them  cyclic inheritance  separation of duty  separation of duty  cardinality constraint 35

Future work k  Provide pragmatic application  How to generate a set of SD-SMEA and MD-SMEA constraints that are adequate to enforce an SSoD i h d f SS D policy?” 36

Thanks for your attention! http://idc.hust.edu.cn