Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College.

Slides:



Advertisements
Similar presentations
Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Advertisements

Akshat Sharma Samarth Shah
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
A Survey of Key Management for Secure Group Communications Celia Li.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Access Control Methodologies
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Safety in Discretionary Access Control for Logic-based Publish-subscribe Systems Kazuhiro Minami, Nikita Borisov, and Carl A. Gunter University of Illinois.
Securing the Broker Pattern Patrick Morrison 12/08/2005.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
1 Secure Context-sensitive Authorization 2005 Author : Kazuhiro Minami, David Kotz Presented by Shih Yu Chen.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Session 6 Windows Platform Dina Alkhoudari. Learning Objectives What is Active Directory Logical components of active directory Physical components of.
WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.
Dr. Raimund Ege: Research Summary  Security in the Mobile Context Trust and Access control models Peer-to-peer delivery networks  Opportunities for student.
Overview of Privacy Preserving Techniques.  This is a high-level summary of the state-of-the-art privacy preserving techniques and research areas  Focus.
Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Tim Finin University of Maryland, Baltimore County 29 January 2013 Joint work with Anupam Joshi, Laura Zavala and our students SRI Social Media Workshop.
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Module 5 Configuring Authentication. Module Overview Lesson 1: Understanding Classic SharePoint Authentication Providers Lesson 2: Understanding Federated.
1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Confidentiality-preserving Proof Theories for Distributed Proof Systems Kazuhiro Minami National Institute of Informatics FAIS 2011.
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
Scalability in a Secure Distributed Proof System Kazuhiro Minami and David Kotz May 9, 2006 Institute for Security Technology Studies Dartmouth College.
Cerberus: A Context-Aware Security Scheme for Smart Spaces presented by L.X.Hung u-Security Research Group The First IEEE International Conference.
Lightweight Consistency Enforcement Schemes for Distributed Proofs with Hidden Subtrees Adam J. Lee, Kazuhiro Minami, and Marianne Winslett University.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.
1 Authorization for Metacomputing Applications G. Gheorghiu, T. Ryutov and B. C. Neuman University of Southern California Information Sciences Institute.
Page 1 of ?? Wireless Industry Congress 2003 NCAC Workshop (Ottawa) © Ramiro Liscano 2005 Context-based Coalition Access Control for Spontaneous Networking.
Windows Role-Based Access Control Longhorn Update
Single-bit Re-encryption with Applications to Distributed Proof Systems Nikita Borisov and Kazuhiro Minami University of Illinois at Urbana-Champaign.
19 December 1998EMGnet meeting INRIA Rhône-Alpes1 An Overview of Security Issues in the Web José KAHAN OBLATT W3C/INRIA 19 December 1998.
Scalable Grid system– VDHA_Grid: an e-Science Grid with virtual and dynamic hierarchical architecture Huang Lican College of Computer.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Decentralized authorization and data security in web content delivery * Danfeng Yao (Brown University, USA) Yunhua Koglin (Purdue University, USA) Elisa.
July 14 th SAM 2008 Las Vegas, NV An Ad Hoc Trust Inference Model for Flexible and Controlled Information Sharing Danfeng (Daphne) Yao Rutgers University,
Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.
The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL: 306, UNC Charlotte.
Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.
Chapter 4: Security Policies Overview The nature of policies What they cover Policy languages The nature of mechanisms Types Secure vs. precise Underlying.
Privilege Management Chapter 22.
CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.
1 An infrastructure for context-awareness based on first order logic 송지수 ISI LAB.
M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:
Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park
Newcastle uopn Tyne, September 2002 V. Ghini, G. Lodi, N. Mezzetti, F. Panzieri Department of Computer Science University of Bologna.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Integrating Access Control with Intentional Naming Sanjay Raman MIT Laboratory for Computer Science January 8, 2002 With help from: Dwaine.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University
Access control Presented by: Pius T. S. : Christian C. : Gabes K. : Ismael I. H. : Paulus N.
Hardware-rooted Trust for Secure Key Management & Transient Trust
Lan Zhou, Vijay Varadharajan, and Michael Hitchens
pVault Sharing Architecture
Athith Amarnath, graduate Student Database and Security Research Group
Computer Security Distributed System Security
CLIENT/SERVER COMPUTING ENVIRONMENT
Presentation transcript:

Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College

Context-sensitive Authorization Projector Smart Meeting Room Request Guest Speaker I cannot verify your identity.

Context-sensitive Authorization Projector Smart Meeting Room Request Guest Speaker Location Information Since you are in the room, I authorize you to control me. Location Sensor

Centralized Approach Resource Authorization Server Information Servers Requester Request Authorization Query Granting Decision Context Information Location Server Integrity (make correct decisions) Confidentiality (not to disclose confidential information) Role Server

Smart Room Scenario Speaker Projector Location Server Request Location Query WIFI Location Server GPS Location Server Access Point Query GPS Coordinate Query

Distributed Rule-based Authorization Central server Proof Tree Authorization Query Host A Host B Host C Sub-Proof Tree Sub-Proof Tree Sub-Proof Tree Authorization Query Logical Query

Goals Confidentiality –Preserve each principal’s confidentiality policies Integrity –Each principal receives a proof that satisfies its integrity policies Scalability –Offload work from a central server

Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

Rule-based Authorization Inference Engine Knowledge Base grant(P, projector)  location(P, room112) location(P,L)  owner(P,D)  location(D,L) owner(Bob, badge15) location(badge15, room112) Authorization Server ?grant(Bob, projector) Proof Tree Rules Facts

Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

Security Model Resource Authorization Policies / Facts Confidentiality / Integrity Policies

Security Model Host A (Alice)Host B (Dave) grant(P, projector)  location(P, room112) owner(Bob, pda15) location(pda15, room112) location(P,L)  owner(P,D)  location(D,L) ?location (Bob, room112) Confidentiality Policies acl(location(P,L)) = {Alice} acl(owner(P,D)) = {Dave} Integrity Policies trust(location(P,L)) = {Dave} TRUE

Assumptions Policies apply only to facts –Each principal issues a query to a principal that satisfies its integrity policies Integrity policies are public knowledge Public key infrastructure is available

Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

Architectural Overview Use r Resource Request Host Authorization Query Host Logical Query

Decomposition of Proof Tree Principal p 0 p1p1 p2p2 Query A handler principal only returns a query result (true or false) T0T0 n0n0 T1T1 n1n1 q0q0 T2T2 q1q1

Decomposition of Proof Tree Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 n1n1 All the nodes except for the root node are not disclosed. q0q0 q1q1 Query

Enforcement of Confidentiality Policies Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 A handler principal chooses a receiver principal from its upstream principals. K0K0 K0K0 K0K0 acl(q 1 ) = {p 0 } Confidentiality policy q0q0 q1q1 Query

Enforcement of Confidentiality Policies Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 A handler principal chooses a receiver principal from its upstream principals. K0K0 K0K0 acl(q 1 ) = {p 0 } Confidentiality policy q0q0 q1q1 Query

Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

Enforcement Algorithm p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2

p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 acl(q 2 ) = {p 0,p 1 } Security Policies

Enforcement Algorithm p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 acl(q 2 ) = {p 0,p 1 } Security Policies

Enforcement Algorithm p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 p4p4 p5p5 (p 1, ((pf 4 )(pf 5 )) K1 )) (p 1,((pf 4 )(pf 5 )) K1 ) (p 0,(pf 4 ) K0 ) p0p0 p0p0 TRUE pf 4  (P 0, (TRUE) K0 ) pf 5  (P 1, (TRUE) K1 ) q3q3 q4q4

p1p1 Enforcement Algorithm p0p0 p2p2 p3p3 q0q0 q1q1 q2q2 p4p4 p5p5 pf 4  (P 0, (TRUE) K0 ) q3q3 pf 5  (P 1, (TRUE) K1 ) pf 3  (p 0, ((pf 4 )(pf 5 )) K0 )) (p 1,(pf 3 ) K1 )(p 0,(pf 3 ) K0 ) p1p1 pf 5 cannot be decrypted!

Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 0,p 1 ]) p4p4 p5p5 p0p0 p0p0 p0p0

Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 p0p0 p0p0 p0p0

Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 p0p0 p0p0 (q 2,[p 1,p 0,p 2 ]) p0p0

Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 (p 0, ((pf 4 )(pf 5 ))))(p 1,((pf 4 )(pf 5 ))) p0p0 p0p0 (q 2,[p 1,p 0,p 2 ]) q 2 ’s result is FALSE acl(q 2 ) = {p 0 } Security Policies q3q3 pf 4  (P 0, (TRUE) K0 ) pf 5  (P 1, (FALSE) K1 ) q4q4 p0p0

Related Work Rule-based Authorization –Cerberus [Al-Muhtadi, Ranganathan, Cambell, Mickunas] PerCom 2003 –[Myles, Friday, Davies] IEEE Pervasive Computing 2003 Role-based Access Control –Generalized RBAC [Covington, Ahamad, Srinivasan] SACMAT 2001 –OASIS [Bacon, Moody, Yao] SACMAT 2002 Trust Management System –SD3 [Jim] IEEE S&P 2001

Summary Distributed authorization system that addresses the issue of confidential rules and facts Proof decomposition based on integrity policies Recursive encryption facilitates information sharing among principals Future work includes the evaluation of the performance and scalability

Questions

Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

First-Responder Scenario First Responder Situation Monitor Server Role Server of Fire Department Location Server Role Server of Incident Management System Request Role Membership Query Role membership query Location Query Responder Assistance Integrity Confidentiality

Current Status and Future Work Prototype implementation based on XProlog Evaluation of the performance and scalability User feedback mechanism

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.