specication and enforcement of static specication and
play

Specication and Enforcement of Static Specication and Enforcement of - PowerPoint PPT Presentation

Oct 08, 2023 •370 likes •625 views

Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and

  1. Specication and Enforcement of Static Specication and Enforcement of Static Separation-of-Duty Policies in Usage Control Jianfeng Lu, Ruixuan Li, Zhengding Lu, Ji Jinwei Hu, and Xiaopu Ma i H d Xi M Huazhong University of Science and Technology Wuhan, China 1

  2. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 2

  3. Sensitive Task d Background k Alice Carl Bob

  4. Why study SoD in UCON h d i  One of RBAC's great advantages is that SoD rules can  One of RBAC s great advantages is that SoD rules can be implemented in a natural and efficient way  UCON has been considered as the next generation access control model access control model  SSoD is a important type of SoD SS D i i f S D  UCON A is a sub-model of UCON only considering authorizations 4

  5. Our contributions ib i  A set based specification scheme for SSoD  A set-based specification scheme for SSoD  Study the problem of determining whether an SSoD St d th bl f d t i i h th SS D policy is enforceable  Generate SMEA constraints to indirect enforce SSoD policies, by using attribute level SSoD requirements li i b i ib l l SS D i (ASSoD) as an intermediate step from SSoD policies to SMEA constraints to SMEA constraints 5

  6. Related work l d k  SoD can be traced back to 1975 by Saltzer and  SoD can be traced back to 1975 by Saltzer and Schroeder, under the name “separation-of-privilege”  ChineseWall model  Specification:  RCL 2000 specification language  NIST RBAC: SMER && SSoD; DMER&& DSoD 6

  7. Related work l d k  Enforcement:  Enforcement:  Sandhu presented a history-based mechanism for dynamically enforcing SoD dynamically enforcing SoD  Jason employed blacklist to enforce historical constraints Jason employed blacklist to enforce historical constraints  Ninghui Li uses SMER to enforce SSoD (motivated) g ( ) 7

  8. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 8

  9. Specification of SSoD policies ifi i f li i  Three requirements :  Three requirements : ① An SSoD policy must be a high-level requirement ② An SSoD policy must be described in terms of restrictions on permissions restrictions on permissions ③ An SSoD policy must capture restrictions on user set ③ p y p involved in the task 9

  10. Specification of SSoD policies li i f i ifi 10

  11. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 11

  12. Enforceability of SSoD Policies f bili f li i  Example  Example  supervisor is a senior role to both engineer and programmer. 12

  13. Enforceability of SSoD Policies ( (cont.) )  If (I, M) satisfies exactly the requirement of allowed(u, p), we say (I, M) is the threshold attribute set of p 13

  14. Enforceability of SSoD Policies ) (cont.) ( 14

  15. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 15

  16. Enforcing SSoD policies by SMEA Constraints i  Motivated by SMER constraint  SMEA (statically mutually exclusive attribute) constraint 16

  17. SMEA constraints i 17

  18. Translating SSoD Policies to ASSoD Requirements i  ASSoD: attribute level SSoD  ASSoD: attribute-level SSoD 18

  19. Translating SSoD Policies to ASSoD Requirements (cont.) i ( ) 19

  20. Generating SMEA Constraints to Enforce ASSoD Requirements f i 20

  21. Generating SMEA Constraints to Enforce ASSoD Requirements(cont.) f i ( ) 21

  22. Outline li Background Background 1 1. Specification of SSoD Policies 2. Enforceability of SSoD Policies E f bilit f SS D P li i 3. 3 Enforcing SSoD Policies by SMEA Constraints 4. Conclusion and Future work 5. 22

  23. Conclusion l i  The specification and enforcement of SSoD in UCON  The specification and enforcement of SSoD in UCON.  The specification is set based and we show that it has  The specification is set-based and we show that it has simpler syntax than existing approaches  We have studied a number of problems related to generating SMEA constraints for enforcing SSoD policies in UCONA system 23

  24. Future work k  The research of the SSoD policies in UCON onA  The research of the SSoD policies in UCON onA models  DSoD policies 24

  25. Thanks for your attention and have a nice lunch http://idc.hust.edu.cn

Recommend

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna

Static Enforcement of Web Application Integrity William Robertson and Giovanni Vigna { wkr,vigna } @cs.ucsb.edu Computer Security Group UC Santa Barbara 13 August 2009 (UCSB SecLab) Static Web App Integrity Enforcement 13 August 2009 1 / 28

433 views • 42 slides
Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code

Gatekeeper Mostly Static Enforcement of Security & Reliability Policies for JavaScript Code Salvatore Guarnieri, University of Washington Ben Livshits, Microsoft Research 1 alert (hi); program malicious Catch me if you can dont

828 views • 26 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

324 views • 7 slides
1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

1 Static Equilibrium From Static Eq. to Dynamic Eq. System of mass points Static

Static/ Dynamic Deformation I ntroduction to Static deformation Dynamic deformation Static/ Dynamic Deformation with Mass-Spring Systems undeformed shape f internal + = f inertia = 0 f external Min Gyu Choi deformed

426 views • 4 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and

Austin Hackett UNCLASSIFIED/UNLIMITED DISTIBUTION GIS in Law Enforcement Planning and analysis Data management Situational awareness/ Field Operations Contingency Preparation UNCLASSIFIED/UNLIMITED DISTIBUTION Static Reports

394 views • 8 slides
Static and dynamic verification Static and dynamic V&V Software inspections Concerned

Static and dynamic verification Static and dynamic V&V Software inspections Concerned

1 2 Static and dynamic verification Static and dynamic V&V Software inspections Concerned with analysis of the static system Static representation to discover problems (static verification verification) May be supplement by

107 views • 6 slides
Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles & non-road engines in the District of Columbia Kelly Crawford Chief, Compliance and Enforcement Branch Air Quality Division Department of Energy &

132 views • 10 slides
1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims Simon London Evasion Stats vs Boat Numbers 14 3500 12 3000 10 2500 No of Boats Evasion % 8 2000 6 1500 4 1000 2 500 0 0 2007

262 views • 13 slides
Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of Service Resistant Populations Lt. Charlie Consolian, City of Phoenix PD Margaret Kilman MPA, Human Services Campus Melissa Kovacs PhD,

473 views • 20 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class

static vs automatic storage classes Three types of memory allocations static storage class means variable persists through static allocation: for globals and any static the life of the program variables in functions automatic storage

569 views • 9 slides
Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement is a kind of Update Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P . Bisquert, C. Cayrol, F . Dupin de Saint-Cyr, MC. Lagasquie IRIT, Toulouse University, France July 2013 F. Dupin de

752 views • 71 slides
Mining Data that Changes 17 July 2015 Data is Not Static Data is not static New

Mining Data that Changes 17 July 2015 Data is Not Static Data is not static New

Mining Data that Changes 17 July 2015 Data is Not Static Data is not static New transactions, new friends, stop following somebody in T witter, But most data mining algorithms assume static data Even a minor change requires

925 views • 44 slides
CODE ENFORCEMENT Florida Association of Code Enforcement F.A.C.E. Presented by: Shawn E.

CODE ENFORCEMENT Florida Association of Code Enforcement F.A.C.E. Presented by: Shawn E.

CODE ENFORCEMENT Florida Association of Code Enforcement F.A.C.E. Presented by: Shawn E. ORourke F.A.C.E. Past President & 8 Year Board Member Code Enforcement Manager City of Oviedo, FL 32765 F.A.C.E. The Florida Association

392 views • 37 slides
Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static

Libraries In C++ its possible to create static libraries and shared libraries Static libraries (end in .a) are combined/linked into an executable Executables are large. If library is updated in a binary compatible way, programs

297 views • 8 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
TEXAS PARKS AND WILDLIFE DEPARTMENT LAW ENFORCEMENT DIVISION FISHERIES ENFORCEMENT ALONG THE TX/MX

TEXAS PARKS AND WILDLIFE DEPARTMENT LAW ENFORCEMENT DIVISION FISHERIES ENFORCEMENT ALONG THE TX/MX

TEXAS PARKS AND WILDLIFE DEPARTMENT LAW ENFORCEMENT DIVISION FISHERIES ENFORCEMENT ALONG THE TX/MX BORDER Tab A, No. 8 RE REGI GION ON 8 JO JOIN INT IU IUU OPERA OPERATIONS NS CAMERON/HIDALGO COUNTIES PORTS OF ENTRY FEBRUARY 2018

612 views • 40 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
CODE ENFORCEMENT 101 Presented by Caon City Code Enforcement Officers: Joelene Inman Joshua

CODE ENFORCEMENT 101 Presented by Caon City Code Enforcement Officers: Joelene Inman Joshua

CODE ENFORCEMENT 101 Presented by Caon City Code Enforcement Officers: Joelene Inman Joshua Webb PURPOSE OF CODE ENFORCEMENT To preserve a high quality of life throughout the community through safe and sanitary living conditions and

781 views • 31 slides
Cooperation Report from the June 2015 International Enforcement Cooperation Meeting An

Cooperation Report from the June 2015 International Enforcement Cooperation Meeting An

Giving Life to Enforcement Cooperation Report from the June 2015 International Enforcement Cooperation Meeting An Enforcement Cooperation Handbook How might we cooperate? Stages of enforcement cooperation Laying the foundation

340 views • 5 slides

More recommend