Institute for Cyber Security An Attribute-Based Protection Model for JSON Documents Prosunjit Biswas, Ravi Sandhu and Ram Krishnan Department of Computer Science Department of Electrical and Computer Engineering 10th International Conference on Network and System Security September 28th, 2016 World-Leading Research with Real-World Impact! 1 1 1

Labeling JSON elements Implementation Q/A Outline Summary Motivation Background JSON protection model Labeling JSON elements Implementation Q/A World-Leading Research with Real-World Impact! 2 2 2

Summary We have presented an attribute based protection model and labeling schemes for securing JSON documents. World-Leading Research with Real-World Impact! 3 3 3

Motivation Why JSON documents? World-Leading Research with Real-World Impact! 4 4 4

Motivation (continuing) Why not reuse XML protection models? Features of underlying data to be protected Hierarchical relationship (e.g. house-no, street, town) Semantic association (e.g. phone-no, email, fax, mobile) Scatteredness (due to redundancy/duplicity) - Considered in XML protection models - Not considered World-Leading Research with Real-World Impact! 5 5 5

Motivation (continuing) Existing XML models vs proposed model Labeling policies Authorization policies Attribute values Authorization policies Nodes Nodes Fig 1 (a): Existing XML protection models Fig 1(b): Proposed JSON protection model World-Leading Research with Real-World Impact! 6 6 6

Fig 2 (b): Corresponding JSON tree Background - JSON JSON data forms a rooted tree hierarchical structure (like XML) { “emp-rec”:{ “name”: “...”, “con-info”:{ “email”: “...”, “work-phone”: “...” }, “emp-info”:{ “mobile”: “...”, “EID”: “...”, “salary”: “...” } “sen-info”: { “SSN”: “...”, emp-rec con-info emp-info email work-phone mobile sen-info EID Salary SSN salary name ... key nodes Fig 2 (b): Corresponding JSON tree Fig 2 (a): JSON data World-Leading Research with Real-World Impact! 7 7 7

JSON protection model Fig 3: Scope of the JSON protection model Specification of authorization policies Specification of labeling policies Content based labeling Path based labeling Fig 3: Scope of the JSON protection model World-Leading Research with Real-World Impact! 8 8 8

JSON protection model (continuing) ULH SLH JEH uLabel Micro-Policy sLabel U users UL SL security-label values JE JSON elements Adapted from EAP-ABAC model [1] Policy A actions Fig 4: The Attribute-based Operational Model (AtOM) [1] Biswas, Prosunjit, Ravi Sandhu, and Ram Krishnan. "Label-Based Access Control: An ABAC Model with Enumerated Authorization Policy." Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ACM, 2016. World-Leading Research with Real-World Impact! 9 9 9

JSON protection model - examples emp-rec {enterprise} manager HR sensitive con-info {enterprise} sen-info {sensitive} employee employment enterprise email work-phone SSN salary guest public {enterprise} {enterprise} {sensitive} {sensitive} (a) (b) (c) Fig 5: (a) User-label values, (b) security-label values and (c) annotated JSON tree Example of a policy, Policyread = {(manager, sensitive), (HR, employment), (employee, enterprise), (guest,public) } World-Leading Research with Real-World Impact! 10 10 10

Labeling JSON documents Specification of labeling policies Content based labeling Path based labeling Fig 6 (a): Types of labeling policies World-Leading Research with Real-World Impact! 11 11 11

Labeling JSON documents (continuing) Purpose of labeling policies Restrict arbitrary labeling (Assignment control) Propagation of labels (Propagation control) Fig 6 (b): Purpose of labeling policies World-Leading Research with Real-World Impact! 12 12 12

Labeling JSON documents – Assignment control Assignment controls No-restriction Senior-up Senior-down Junior-up Junior-down Fig 7 (a): Different types of Assignment controls Senior nodes Fig 7 (b): Junior-up assignment control Nodei Valuei Assignment Senior nodes of Nodei must be assigned junior values of Valuei Junior values 13 13 World-Leading Research with Real-World Impact! 13

Labeling JSON documents – Propagation control Propagation controls No-propagation One-level up One-level down Cascading-up Cascading-down Fig 8: Different types of propagation controls World-Leading Research with Real-World Impact! 14 14 14

Labeling JSON documents – Path-based labeling model JPath JSON path LabelAssignments SL security-label values constant set finite set SCOPE AC assignment control PC propagation Fig 9: Model for path-based labeling of JSON data Table 1: Example of path-based labeling World-Leading Research with Real-World Impact! 15 15 15

Prototype implementation Keystone data Roles as uLabel values Policy table JSON document sLabel values Labeling policies JSONAuth plugin 1,2 3,6 4,5 1,2: User's request to keystone & responses with the credentials 3: User Request for JSON document 4,5: Request & response from object server for JSON document 6: User receive only authorized data from JSON document OpenStack Keystone OpenStack Swift Required changes Fig 10: Implementation in OpenStack Cloud World-Leading Research with Real-World Impact! 16 16 16

Implementation - evaluation Fig 11: Performance evaluation World-Leading Research with Real-World Impact! 17 17 17