Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000.

Slides:



Advertisements
Similar presentations
Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Advertisements

Fujitsu Laboratories of Europe © 2004 What is a (Grid) Resource? Dr. David Snelling Fujitsu Laboratories of Europe W3C TAG - Edinburgh September 20, 2005.
Putting together a METS profile. Questions to ask when setting down the METS path Should you design your own profile? Should you use someone elses off.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
DuraSpace: Digital Information All Ways, Always Pretoria, South Africa May 14 th, 2009.
An Introduction to Repositories Thornton Staples Director of Community Strategy and Alliances Director of the Fedora Project.
Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.
MIDESS Management of Images in a Distributed Environment using Shared Services. Dr Stephen Charles MIDESS Project Manager.
Planning for Flexible Integration via Service-Oriented Architecture (SOA) APSR Forum – The Well-Integrated Repository Sydney, Australia February 2006 Sandy.
Project Prism Virtual Remote Control: Preservation Risk Management for Web Resources Nancy Y. McGovern, ECURE 2002.
R.Jantz, August 31, Two-day forum on PREMIS Preservation Metadata and the Trusted Digital Repositories August 31, September 1 National Library of.
Fedora Commons: Introduction and Update Swedish National Library June 24, 2008.
Building a Digital Library with Fedora International Conference on Developing Digital Institutional Repositories Hong Kong December 9, 2004.
On the Effective Manipulation of Digital Objects Libraries Computer Center Department of Informatics & Telecommunications University of Athens A Prototype-based.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University CS 502 Computing Methods.
The Fedora Project April 28-29, 2003 CNI, Washington DC Thornton Staples University of Virginia Sandy Payette Cornell Information Science.
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Cornell Digital Library Research Group.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
The Fedora Project March 19, 2003 ISTEC Symposium, Brazil Sandy Payette Cornell Information Science.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University June 29, 1999 Harvard.
1 CS 502: Computing Methods for Digital Libraries Lecture 22 Repositories.
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette and Carl Lagoze Cornell Digital Library Research Group ECDL2000 Lisbon, Portugal September.
PAWN: A Novel Ingestion Workflow Technology for Digital Preservation
William Y. Arms Corporation for National Research Initiatives March 22, 1999 Object models, overlay journals, and virtual collections.
Cornell/CNRI Repository Interoperability Project Interoperability Meeting February 24, 1999.
More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Six –
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University MOA2/Cornell Architecture.
Digital Object: A Virtual Online Storage Solution 598C Course Project Huajing Li.
Dienst Distributed Networked Publishing Carl Lagoze Digital Library Scientist Cornell University.
Java Security. Topics Intro to the Java Sandbox Language Level Security Run Time Security Evolution of Security Sandbox Models The Security Manager.
CONTI’2008, 5-6 June 2008, TIMISOARA 1 Towards a digital content management system Gheorghe Sebestyen-Pal, Tünde Bálint, Bogdan Moscaliuc, Agnes Sebestyen-Pal.
Indo-US Workshop, June23-25, 2003 Building Digital Libraries for Communities using Kepler Framework M. Zubair Old Dominion University.
Fedora Content Models for the National Science Digital Library Data Repository Fedora User’s Group Meeting Copenhagen, September 28, 2005 Carl Lagoze Cornell.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
Digital Object Repositories (Example of FEDORA).What-Is- In-It-For-PAWS? PAWS Meeting Series, Spring 2007 Michael Yudelson.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University CS 502 Computing Methods.
Module 9 Configuring Messaging Policy and Compliance.
The Mellon-Funded Fedora Project A Briefing for the Cornell University Library January 24, 2002 Sandy Payette Thorny Staples Ross Wayland.
Containment and Integrity for Mobile Code End-to-end security, untrusted hosts Andrew Myers Fred Schneider Department of Computer Science Cornell University.
Modularization and Interoperability: Dublin Core and the Warwick Framework Sandra D. Payette Digital Library Research Group Cornell University November.
Silberschatz, Galvin and Gagne  Operating System Concepts Chapter 18: Protection Goals of Protection Objects and Domains Access Matrix Implementation.
The Fedora Project April 28-29, 2003 CNI, Washington DC Thornton Staples University of Virginia Sandy Payette Cornell Information Science NOTE: CSG
Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]
SASI Enforcement of Security Policies : A Retrospective* PSLab 오민경.
The library is open Digital Assets Management & Institutional Repository Russian-IUG November 2015 Tomsk, Russia Nabil Saadallah Manager Business.
Containment and Integrity for Mobile Code Fred Schneider Andrew Myers Computer Science Department Cornell University.
Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University
Gaia An Infrastructure for Active Spaces Prof. Klara Nahrstedt Prof. David Kriegman Prof. Dennis Mickunas
Identifiers and Repositories hussein suleman uct cs honours 2006.
The Mellon-Funded Fedora Project A Presentation to the European Digital Library Conference September 17, 2002 Sandy Payette and Thornton Staples.
An Introduction to Data Modeling with Fedora Thorny Staples Fedora Commons, Inc.
3/24/051 Value-Added Surrogates for Distributed Content Establishing a Virtual Control Zone By: Sandra Payette & Carl Lagoze Presented By: Mohamed Elmiligui.
The Fedora Project March 10, 2003
Chapter 14: System Protection
The Fedora Project March 19, 2003 ISTEC Symposium, Brazil
Operating System Structure
Flexible Extensible Digital Object Repository Architecture
Flexible Extensible Digital Object Repository Architecture
An Architecture for Complex Objects and their Relationships
Chapter 14: Protection.
Chapter 14: Protection.
ECDL ‘98 September 21, 1998 Carl Lagoze Cornell University
Chapter 14: Protection.
Chapter 14: Protection.
CS 791/891 - Preservation of Digital Objects and Collections
Chapter 14: Protection.
Chapter 14: Protection.
The Fedora Project April 28-29, 2003 CNI, Washington DC
Presentation transcript:

Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000

Access Control Challenge Enforcement of highly expressive access control policies to support context-specific requirements of digital libraries.

General-Purpose Policy Enforcement

Context-Specific Policy Enforcement

Limitations of traditional access control mechanisms Fixed set of abstractions –objects are files, directories, etc. –actions are read, write, execute, etc. Limited expressiveness for policies Not easily extended for complex or fine- grained policies

Requirements for new contexts Architecture that supports behavior-centric policy enforcement Policy definition languages that are flexible Highly secure enforcement mechanism Support for mobile code and mobile computing environments

Policy Enforcement Continuum repository-centric object-centric Digital Objects

Generalization Digital objects can be treated as generic entities, even if they are very specialized in some ways Generic policies can address the non-specific nature of a digital object or a collection of digital objects “Only repository managers can delete objects from the collection.”

Specialization Digital objects can have object-specific policies associated with them Policies may be fine-grained or idiosyncratic General-purpose enforcement mechanisms will not easily accommodate these policies, if at all

Example: Object-specific policy Users can access Lecture Object “A” according to the following rules : Access High Resolution Video Access Low Resolution Video Access Slides 1-20 Access Slides Access Descriptive Metadata Cornell student credential Cornell student credential or pay fee No restriction Cornell student credential No restriction

Policy-Carrying, Policy-Enforcing Digital Objects - motivation Semantics of policies should parallel the behavioral semantics of real-world entities Decentralized policy management Extensibility for policies and mechanisms Portability and Mobile computing (policies move with the objects)

Experiments: Building on existing work Fedora - digital object and repository architecture (Payette and Lagoze, 1998, 2000) Security Automata (Schneider, 1999) PoET - Policy Enforcement Toolkit (Erlingsson and Schneider, 1999, 2000)

Fedora Digital Object Model Disseminations Generic interface Data Stream Data Stream Data Stream Extensible Mechanism Encapsulated service request Primitive Disseminator Typed Disseminator Internal stream

Fedora - Behaviors Lecture Archive Content Disseminations Video-H (mpeg) metadata (xml) Lecture Mechanism slide-2 (gif) slide-1 (gif) Video-L (mpeg) Dublin Core GetVideo(quality) GetSlide(seqNum) GetSyncData GetDCRecord GetDCField(name)

Security Automata Theoretical basis for specifying policies that are enforceable, flexible, and fine-grained Policies are modeled as finite-state machines Enforcement mechanism simulates automaton, preventing executions that violate policy Source: Schneider, 1999

Example: Simple Security Automata Descriptive Metadata Accessed Lesson 1 Video Accessed Present Cornell ID “After viewing descriptive metadata, ONLY Cornellians can access the Lesson 1 video.”

Policy Enforcement Toolkit (PoET) Implements In-line Reference Monitors (IRMs) that simulate security automata Mediates all executions upon a system, application, or object Modifies bytecode to embed policies (trusted program rewriter) Converts java applications to secured applications Source: Erlingsson and Schneider, 1999, 2000

PoET - how it works POLICY in PSLang POLICY in PSLang PoET Rewriter PoET Class Loader Modified Bytecode (policy embedded) JVM Program runs (obeys policy) Java Bytecode Source: Erlingsson and Schneider, 1999, 2000

Fedora and PoET Content Disseminations Video-H Policy-L (psl) Guarded Lecture Mechanism Lecture Archive Video-L Default Policy Dublin Core Java bytecode in-lined with policies slide-2 (gif) slide-1 (gif) metadata (xml)

The Overall Result * High resolution video (students only) * * Low Resolution video (students; others with fee) * * Slides (#1-20 all users; #21-25 students only) * Content Disseminations Guarded Lecture Mechanism Lecture Archive Dublin Core

Challenges and Future Work Ramp up - enforcement of more complex policies, more object types Examine tension between object-centric vs. repository centric policy enforcement Mobile computing - trust schemes to support policy enforcement as objects move “Intentional” policies and dynamic binding Preservation application of security automata - detect unacceptable transitions

References - Fedora Payette, Sandra and Carl Lagoze, “Flexible and Extensible Digital Object and Repository Architecture,” ECDL98, Heraklion, Crete, September 21-23, 1998, Springer, 1998, (Lecture notes in computer science; Vol. 1513). Payette, Sandra, Christophe Blanchi, Carl Lagoze, and Edward Overly, “Interoperability for Digital Objects and Repositories: The Cornell/CNRI Experiments,” D-Lib Magazine, May Payette, Sandra and Carl Lagoze, Policy-Carrying, Policy-Enforcing Digital Objects, accepted by Fourth European Conference on Research andAdvanced Technology for Digital Libraries, Portugal, Springer, 2000, (Lecture notes in computer science), draft available at Payette, Sandra and Carl Lagoze, Value Added Surrogates for Distributed Content: Establishing a Virtual Control Zone, D-Lib Magazine, June 2000,

References: Security Automata and PoET Schneider, Fred B., “Enforceable Security Policies,” Computer Science Technical Report #TR , Department of Computer Science, Cornell University, July 24, 1999, Erlingsson, Ulfar and Fred B. Schneider, “SASI Enforcement of Security Policies: A Retrospective,” Computer Science Technical Report #TR , Department of Computer Science, Cornell University, July 19, 1999, Erlingsson, Ulfar and Fred B. Schneider, “IRM Enforcement of Java Stack Inspection,” Computer Science Technical Report #TR , Department of Computer Science, Cornell University, February 19, 2000,