Access Control in KMIPv1.1/v2

Slides:



Advertisements
Similar presentations
Managing User, Computer and Group Accounts
Advertisements

Chapter Five Users, Groups, Profiles, and Policies.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
Key Wrapping in KMIP Mark Joseph, P6R Inc 2/27/2015.
Modifying Managed Objects Alan Frindell 3/29/2011.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
Access Control Intro, DAC and MAC System Security.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Working with Workgroups and Domains
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
PKCS11 Key Protection And the Insider Threat.
Global Customer Partnership Council Forum | 2008 | November 18 1IBM - GCPC MeetingIBM - GCPC Meeting IBM Lotus® Sametime® Meeting Server Deployment and.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
Chapter 7: WORKING WITH GROUPS
© 2010 IBM Corporation 23 September 2015 KMIP Server-to-server: use-cases and status Marko Vukolic Robert Haas
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Bob: Hello and welcome to this webinar on the OASIS Key Management Interoperability Protocol., or KMIP. My name is Bob Griffin, Chief.
MINT Working Group Jan 9-10 at Harris FBC Melbourne, FL.
KMIP Profiles version 1.3 A Method to Define Operations Access Control and Interaction Between a Client and Server Presented by: Kiran Kumar Thota & Bob.
Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
NT SECURITY Introduction Security features of an operating system revolve around the principles of “Availability,” “Integrity,” and Confidentiality. For.
Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
TIDEN Node Management Texas Integrated Data Exchange Node Partnered with.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Chapter 4- Part3. 2 Implementing User Profiles A local user profile is automatically created at the local computer when you log on with an account for.
Working with Users and Groups Lesson 5. Skills Matrix Technology SkillObjective DomainObjective # Introducing User Account Control Configure and troubleshoot.
Privilege Management Chapter 22.
KMIP Notes 1.3 – Security Attribute Security 15 May 2014 Chuck White – 1.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
©2009 HP Confidential1 Proposal to OASIS KMIP TC Stan Feather and Indra Fitzgerald Hewlett-Packard Co. 26 October, 2010 Encoding Options for Key Wrap of.
© SafeNet Confidential and Proprietary KMIP Entity Object and Client Registration Alan Frindell Contributors: Robert Haas, Indra Fitzgerald SafeNet, Inc.
Configuring and Managing Resource Access Lecture 5.
The Exchange Network Node Mentoring Workshop User Management on the Exchange Network Joe Carioti February 28, 2005.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
Proposal to Update KMIP State Model Addition of Suspended, Revoked and Shredded key states.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Searchable Encryption in Cloud
Introduction to NTFS Permissions
OGF PGI – EDGI Security Use Case and Requirements
RSA Laboratories’ PKCS Series - a Tutorial
Grid Security.
Cryptography and Network Security
Active Directory Administration
KMIP Client Registration Ideas for Discussion
CS691 M2009 Semester Project PHILIP HUYNH
IBM Certified WAS 8.5 Administrator
Real IBM C exam questions and answers
KMIP Server-to-server: use-cases and status
CS691 M2009 Semester Project PHILIP HUYNH
CE Operating Systems Lecture 21
KMIP Entity Object and Client Registration
Student: Ying Hong Course: Database Security Instructor: Dr. Yang
Server Side Wrap Operations
(Authentication / Authorization)
Content Distribution Network
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
IPP Job Storage 2.0: Fixing JPS2
People’s Choice… When not just any CA will do
Presentation transcript:

Access Control in KMIPv1.1/v2 Robert Haas <rha@zurich.ibm.com> 21 November 2018 Access Control in KMIPv1.1/v2

Access Control in KMIPv1 Operation Policy Name placeholder Object Attribute Not mandatory Defines the default permissions 21 November 2018

Access Control in KMIPv1.1/v2: Proposal We suggest two complementary mechanisms Basic Access Control Strict Access Control (SAC) Possibly mandatory (at least regulated through profiles) Access Control Lists (ACLs) attached to objects Object Attribute Consists of (user/role,permission) pairs User Permission Lists (UPLs) For operations that refer to not yet existing objects (Create, Create Key Pair, Register) “global” list of (user/role, permission pairs) “global” is here in the sense of “unique per key-management domain” Finer granularity (e.g., multiple subdomains) possible Possibly optional (also could be regulated through profiles) To prevent KMIP API attacks introduced by object dependencies Object dependencies are introduced notably through derivation and key wrapping API might “leak” information about dependent keys This may lead to ACL violation if object interdependencies are not checked Through standardization of additional SAC specific attributes (in addition to Basic AC) 21 November 2018

Basic Access Control (BAC) ACLs and UPLs are forseen as lists (user/role, permission) pairs ACL is foreseen as a potentially mandatory attribute of an object A UPL (potentially also mandatory) is not attached to any object Users There is a tight interplay between the standardization of user representation in KMIP (cf. Client Registration Action Item) Special users any and creator already in KMIPv1 Permissions Suggested in the following Rough initial proposal, to be refined for each Object type 21 November 2018

BAC: Proposed UPL permissions Operations and permissions Create, Create Key Pair, Register : create 21 November 2018

BAC: Proposed ACL Permissions Operations, ACL permissions and UPL permissions Special permission admin permitting all operations Rekey: rekey for the targeted Managed Object (MO) irrespective of create in UPL Derive: derive for MO Certify, Re-certify: certify for MO Locate, Check, Get Attrs, GetAttrList: read_attributes for MO Get: for MO: read (for Get in cleartext), export (for Get wrapped) for the wrapping key: wrap (Get wrapped) Add, Modify, Delete Attr, Activate, Revoke: modify_attributes for MO (to change everything but ACL) Obtain Lease, Get Usage Allocation: read or export for MO Destroy: destroy for MO (or simply admin) Archive/Recover: archive for MO (or simply admin) Validate: read for all given Certificate objects TBD: should read be implicit for all Certificates? Query: no permission Cancel, Poll: TBD: separate permission for asynchronous operations (if at all) 21 November 2018

Strict Access Control (SAC): Motivation API attacks on key management APIs a legitimate concern Operation on cryptographic keys might introduce dependencies between keys Example operations: Derive, Get (wrapped) If only basic ACL/RBAC mechanisms are implemented/specified in KMIPv2, these might be circumvented by exploiting the KMIP API Such API attacks are applicable to existing practical key management interfaces like PKCS #11 21 November 2018

Example of the Attack on BAC (Note: already presented at KMIP f2f Sep 28-29 2009) Use case Tape drive encryption Setup Key B is used to encrypt the tape drive Key B wrapped with key A is stored on a tape drive (e.g., by user Bob) Initially no user (except administrator) has a permissions to read the key material of Key A Administrator gives the permission to user Alice to read the key material on key A, not knowing that it was used to wrap key B Administrator does not intend to allow Alice the permission to read key B Attack Alice reads the key material of Key A from KMIP server, gets the wrapped Key B, unwraps it and obtains the key material of Key B 21 November 2018

Example (Get Wrapped) Alice Bob User/Key Key A Key B Alice read - Bob export 21 November 2018

SAC: Details References: Proposed solution for the API attack problem in future KMIP servers Support could be optional (perhaps related to certain KMIPv1.1/v2 profiles) Standardize KMIP attributes to track dependencies among keys and modify basic AC mechanisms to account for these References: 1. Christian Cachin and Nishanth Chandran. A secure cryptographic token interface. In Proc. Computer Security Foundations Symposium (CSF-22). IEEE, July 2009. 2. Mathias Bjorkqvist, Christian Cachin, Robert Haas, Xiao-Yu Hu, Anil Kurmus, Rene Pawlitzek, and Marko Vukolic, Design and Implementation of a Key Lifecycle Management System. To appear in Proc. Financial Cryptography and Data Security (FC’10), January 2010. Also available as IBM Research Report RZ 3739, June 2009. 21 November 2018

SAC: Proposed Attributes Strict (flag, boolean) Denotes whether strict policy applies to an object Important for support of legacy applications in use cases where SAC guarantees are not required/possible to implement Dependents Set of UUIDs of Dependent objects Ancestors Set of UUIDs of Objects that have a given object in the Dependents Readers Set of users that have read the cleartext of the key 21 November 2018

Comments? 21 November 2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.