Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating.

Slides:

Advertisements

Similar presentations

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Advertisements

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

D u k e S y s t e m s Some tutorial slides on ABAC Jeff Chase Duke University.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Management and X.509 Certificates

Report on Attribute Certificates By Ganesh Godavari.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

8.2 Discretionary Access Control Models Weiling Li.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Computer Security Key Management

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

“Managing Update Conflicts in Bayou, a Weakly Connected Replicated Storage System ” Distributed Systems Κωνσταντακοπούλου Τζένη.

Making certificates programmable1 John DeTreville Microsoft Research April 24, 2002.

CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”

Lesson 6. Refinement of the Operator Model This page describes formally how we refine Figure 2.5 into a more detailed model so that we can connect it.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

X.509 Certificate management in.Net By, Vishnu Kamisetty

Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.

Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Chapter 10: Authentication Guide to Computer Network Security.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

REFACTORING Lecture 4. Definition Refactoring is a process of changing the internal structure of the program, not affecting its external behavior and.

Inference is a process of building a proof of a sentence, or put it differently inference is an implementation of the entailment relation between sentences.

Sanzi-1 CSE5 810 CSE5810: Intro to Biomedical Informatics Dynamically Generated Adaptive Credentials for Health Information Exchange Eugene Sanzi.

Chapter 9 Integrity. Copyright © 2004 Pearson Addison-Wesley. All rights reserved.9-2 Topics in this Chapter Predicates and Propositions Internal vs.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

DECIDABILITY OF PRESBURGER ARITHMETIC USING FINITE AUTOMATA Presented by : Shubha Jain Reference : Paper by Alexandre Boudet and Hubert Comon.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Cryptography, Authentication and Digital Signatures

Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Proof-Carrying Code & Proof-Carrying Authentication Stuart Pickard CSCI 297 June 2, 2005.

Pattern-directed inference systems

1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.

Slide 1 Propositional Definite Clause Logic: Syntax, Semantics and Bottom-up Proofs Jim Little UBC CS 322 – CSP October 20, 2014.

Confidentiality-preserving Proof Theories for Distributed Proof Systems Kazuhiro Minami National Institute of Informatics FAIS 2011.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements.

SecPAL Presented by Daniel Pechulis CS5204 – Operating Systems1.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

1/20 Arrays Changki PSWLAB Arrays Daniel Kroening and Ofer Strichman Decision Procedure.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Artificial Intelligence Logical Agents Chapter 7.

TAG Presentation 18th May 2004 Paul Butler

Decentralized Access Control: Policy Languages and Logics

Chapter 14: System Protection

TAG Presentation 18th May 2004 Paul Butler

Digital Signatures A digital signature is a protocol that produces the same effect as a real signature: It is a mark that only the sender can make but.

CS480 Cryptography and Information Security

Chinese wall model in the internet Environment

Presentation transcript:

Binder: A logic-based security language John DeTreville, Microsoft What has this to do with building secure software? I think we need many collaborating small languages that are security specific. Binder is an example: we learn about design issues behind security languages and other languages.

Binder Facts 1: owns(Alice, Foo.txt). 2: Alice says good(Bob). Rules 3: may_access(p, o) :-owns(q, o), blesses(q, p). 4: blesses(Alice, p) :-Alice says good(p). Conclusions 5: may_access(Bob, Foo.txt). Resolution proof: 6: 2,4: blesses(Alice, Bob). 7: 1, 6,3: may_access(Bob, Foo.txt).

Binder However these security statements are encoded, they must necessarily obey some formal schema. We can say that this schema and its accompanying decision procedure define a security language, and that our certificates, policies, ACLs, etc., are formed from security statements written in our security language and interpreted by its decision procedure.

Datalog for authorization Binder is an extension of the datalog logic- programming language, which can be decided in polynomial time. Datalog is a restricted subset of the well- known Prolog logic-programming language. Binder extends Datalog with constructs for communicating securely across a distributed environment.

Datalog program can(X, read, resource_r) :- employee(X, bigco), boss(Y, X), approves(Y, X, read, resource_r). employee(john_smith, bigco). boss(fred_jones, john_smith). approves(fred_jones, john_smith, read, resource_r).

Communicating contexts Each component has its own Binder context with its own Binder program. Binder provides extensions to datalog for these distributed contexts to work together. Binder contexts communicate via signed certificates, as shown in Figure 2.

Communicating contexts Each Binder context has its own cryptographic key pair; the exporting context uses the private key (which it keeps secret) to sign statements, and the corresponding public key—used to verify the signature at the importing context—also serves to name the context.

Export-Import A statement from one Binder context—fact, rule, or derivable atom—may be exported into a signed certificate, and later imported from the certificate into another context. Imported statements are automatically quoted using says to distinguish them from local assertions.

employee(john_smith, bigco) exported by BigCo HR would be imported as rsa:3:c1ebab5d says employee(john_smith, bigco). If the public key rsa:3:c1ebab5d belongs to BigCo HR.

Do we trust BigCo HR? If the importing context has a rule like employee(X, bigco) :- rsa:3:c1ebab5d says employee(X, bigco). then employee(john_smith, bigco) is also derivable there.

Delegation and trust The controlled importation of signed statements is Binder’s mechanism for “trust” (as in, “Service S trusts BigCo HR”) or “delegation” (“Service S delegates the identification of BigCo employees to BigCo HR”) or “speaks-for” (“BigCo HR speaks for service S”); Binder lets us implement an unambiguous logic-based policy with the same effect.

Extended Example We model a traditional “chain of trust”: service S trusts BigCo HR to establish a policy, while BigCo HR trusts BCL HR. Figure 1 and Figure 3 in Binder.

Proofs, monotonicity and revocation A service grants access to a resource in Binder only when it can derive an atom saying it should; otherwise, by default, access is denied. The derivation steps form a proof that access should be granted.

Proof: Service or client A proof can be generated at the service—as traditionally—or we can require that the client generate the proof and transmit it with the request. If so, the service need only check the proof; this optimization can offload work from a heavily loaded service onto its less busy clients, while also helping avoid denial-of-service attacks.

Pass back information to client Since the service’s policy is stored as a Binder program, and since Binder statements can be passed in certificates, the service can pass its policy to the client in preparation for the construction of such a proof.

Monotonic Binder is monotonic—if an atom is derivable, it’s still derivable if we add more statements [15]. Monotonicity is appropriate in a distributed environment, since withholding some statements from a service will not cause it to grant greater access rights. Moreover, a proof generated on a client with little information available will still check on a service with more information.

Support for revocation One consequence of monotonicity is that traditional certificate revocation cannot be modeled from inside Binder; it requires additional mechanism. We have studied three ways to extend Binder to support revocation reliably.

First One is through short-lived statements. We can attach validity intervals to each Binder statement, as with traditional certificates, and constrain the validity intervals of derived atoms accordingly. Once a statement expires, it can be removed from all contexts, along with all atoms that cannot be derived without it.

Second A second approach is through a language extension allowing freshness constraints on statements. If a derivation rule depends on fresh P(X, Y), say, instead of just P(X, Y), then a new P(X, Y) must be derived for each use. This may involve contacting the exporters of old certificates to obtain fresher ones. A generalization of this mechanism is to allow each use of a certificate to specify how fresh it must be.

Third The final approach is to reference distributed state. For example, a statement could have an associated Boolean state “valid” that turns from true to false if it is revoked. This state could be explicitly referenced from Binder, perhaps with a freshness constraint.

4 key properties English New predicates Arbitrary statements in certificates Decidable in polynomial time.