FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George.

Slides:

Advertisements

Similar presentations

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

Advertisements

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Flexible access control policy specification with constraint logic programming Steve Barker, Peter J. Stuckey Presenter: Vijayant Dhankhar.

2 Introduction A central issue in supporting interoperability is achieving type compatibility. Type compatibility allows (a) entities developed by various.

Proceedings of the Conference on Intelligent Text Processing and Computational Linguistics (CICLing-2007) Learning for Semantic Parsing Advisor: Hsin-His.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

RBAC and Usage Control System Security. Role Based Access Control Enterprises organise employees in different roles RBAC maps roles to access rights After.

On Comparing the Expressing Power of Access Control Model Frameworks Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI) A.

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Hybrid Policies Overview Chinese Wall Model Clinical Information Systems Security Policy ORCON RBAC Introduction to Computer Security ©2004 Matt Bishop.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

From Semistructured Data to XML: Migrating The Lore Data Model and Query Language Roy Goldman, Jason McHugh, Jennifer Widom Stanford University

1 Trust Management and Theory Revision Ji Ma School of Computer and Information Science University of South Australia 24th September 2004, presented at.

1 Clark Wilson Implementation Shilpa Venkataramana.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 4: Access Control.

Distributed Computer Security 8.2 Discretionary Access Control Models - Liang Zhao.

Lecture 7 Access Control

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CSC 8310 Programming Languages Meeting 2 September 2/3, 2014.

Architectural Design.

April 27, The Role Graph Model and Tools for Design of Access Control Sylvia Osborn Dept. of Computer Science The University of Western Ontario.

C++ Object Oriented 1. Class and Object The main purpose of C++ programming is to add object orientation to the C programming language and classes are.

WMS systems manage and coordinate several independent subtasks. The coordination problems get even more serious when the subtasks are performed on separate.

CSCE 548 Secure Software Development Security Use Cases.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Distributed computer security 8.2 Discretionary Access Control Models -Ranjitha Shivarudraiah.

Modeling Dynamic Role- based Access Constraints using UML Khaled Alghathbar George Mason University, USA and King Saud University, Riyadh, Saudi Arabia.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

An Algebra for Composing Access Control Policies (2002) Author: PIERO BONATTI, SABRINA DE CAPITANI DI, PIERANGELA SAMARATI Presenter: Siqing Du Date:

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 14: Protection.

1 Dept of Information and Communication Technology Creating Objects in Flexible Authorization Framework ¹ Dep. of Information and Communication Technology,

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Lattice-Based Access Control Models Ravi S. Sandhu Colorado State University CS 681 Spring 2005 John Tesch.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 4 – Access Control.

In-Band Access Control Framework Group Name: WG4 SEC Source: Qualcomm Meeting Date: Agenda Item:

G53SEC 1 Access Control principals, objects and their operations.

Information Security - City College1 Access Control in Collaborative Systems Authors: Emis Simo David Naco.

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

Access Control Policy Tool (ACPT) Ensure the safety and flexibility in composing access control policies Current features: Allows policy authors to conveniently.

XML Access Control Koukis Dimitris Padeleris Pashalis.

Software Security II Karl Lieberherr. What is Security Enforcing a policy that describes rules for accessing resources. Policy may be explicit or implicit.

1 / 48 Formal a Language Theory and Describing Semantics Principles of Programming Languages 4.

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

A Lattice Model of Secure Information Flow By Dorothy E. Denning Presented by Drayton Benner March 22, 2000.

Computer Security: Principles and Practice

CSC 8320 Advanced Operating System Discretionary Access Control Models Presenter: Ke Gao Instructor: Professor Zhang.

© Duminda Wijesekera, 2003 Consistent and Complete Access Control Policies in Use Cases Khaled Alghathbar George Mason University, USA and King Saud University,

Copyright Sushil Jajodia Recent Advances in the Flexible Access Control Models Duminda Wijesekera ise.gmu.edu/~duminda.html.

1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.

Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,

PZ03CX Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ03CX - Language semantics Programming Language Design.

Chapter 14: System Protection

WELCOME TO COSRI IBADAN

Chapter 14: Protection.

OM-AM and RBAC Ravi Sandhu*

OS Access Control Mauricio Sifontes.

Securing Home IoT Environments with Attribute-Based Access Control

Temporal Location-Aware Access Control Model

Chapter 14: Protection.

Chapter 14: Protection.

UNIT V Run Time Environments.

C++ Object Oriented 1.

Presentation transcript:

FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George Mason University

IFIP Introduction Information flow control policies specify under what conditions information may be exchanged. Policies vary on: –System levels at which information transfers, –Types and units of information transfer, –Single/multiple destinations. Objective to model commonalities among policies that govern information flow between abstract entities.

IFIP Previous Work Denning’s lattice model for secure flows. –Flow control based on the security classes of objects. Ferrari et al.’s model for object-oriented systems. –Flow control based on ACL’s of objects. Myers+Liskov’s language based flow control. –Flow control based on decentralized labels of program variables. Bertino et al.’s work on RBAC for work flow systems. Various type theory based systems.

IFIP Issues with Existing Proposals Security labels or access control lists limits for applications. Application/model specificity. No prohibitions. Cannot combine policies across levels.

IFIP What FlexFlow Adds Provide a logic programming based flow control policies specification language. Allow permissions and prohibitions. Does not depend on a specific meta-policy. Not confined to an application domain. Can model policies in other frameworks. Therefore, can mix policies at different system levels.

IFIP FlexFlow System Architecture

IFIP Flow Trees FlexFlow has trees referred to as flow trees build up from nodes and branches. Nodes represent information sources and sinks. Branches represent pathways taken by information flowing between nodes. Information flows from the leaves of a tree via intermediate nodes to its root. o 5 o 4 o 3 o 2 o 1

IFIP Flow Trees (Cont.) A flow tree can have flow sub-trees. Depth one flow trees make up the basic units, called one-step flow trees. Can build larger trees by recursively merging one -step flow trees. o 1 o 2 o 5 o 3 o

IFIP Two Environments Local Data: node environments have data related to a node. –E.g. ACL of an object, execution role of a task. Global Data: Tree environments have data related to a whole tree. –E.g. execution time of a flow tree, execution process. Environments are user definable. –Type and number of variables not specified.

IFIP List Representation of Flow Tree A flow tree is represented as a list. The head of the list = the root (node, node environment) pair. The tail of the list includes the leave (node, node environment) pairs or sub- trees encoded as sub-lists. –E.g. [o 5, o 4, [o 3, o 2, o 1 ]] represents a tree which rooted at o 5 and has leave node o 4 and sub-tree [o 3, o 2, o 1 ].

IFIP An Example Flow Tree

IFIP FlexFlow Syntax Terms: –Terms made up from constants and variables for nodes, environments and actions. –Constants and variables over lists of (node, env) pairs. Predicates. –Application specific predicates. E.g. playRole(x s,x r ), isMember((x n,x e ),X L ).

IFIP Special Predicates safeFlow(x n, x e, X L, action). –Represents grantable/deniable one-step flow. –x n, x e = destination node,destination env. –X L = a finite list of source (node,env) pairs. – = flow permission/prohibition. – x action = name of the one-step flow, e.g. copy, assign.

IFIP Predicates of the Framework safeFlow*(x flowH, x flowEnv, x action ). –Permitted/prohibited flow tree. –x flowH = A flow tree represented as a list. –x flowEnv = flow tree environment. finalSafeFlow(x flowH, x flowEnv, x action ). –With the same arguments as safeFlow*, –Representing decision made by FlexFlow.

IFIP An Example Assumption. –Using nodes x n as object and environment x e as subject, the owner of the object. Base relations specification rules.

IFIP Example Continued One-step flow specification rules Flow tree construction rules From rules (1)—(6) and (7), safeFlow*([(file1,Alice),(file2,Bob)],[ ],+copy) is derivable. From rules (1)—(6) and (9), safeFlow*([(file1,Alice),(file2,Bob)],[ ],-copy) is derivable.

IFIP Example Continued Conflict resolution rules. From rule (10) we can get. Flow [(file1,Alice),(file2,Bob)] should be authorized. Decision rules.

IFIP Express Denning’s Lattice Model

IFIP Express Decentralized Label Model Mayer&Liskov

IFIP Flexible Flow Control of Ferrari et al.

IFIP Express Flexible Flow Control Model Ferrari et al.

IFIP Express Flexible Flow Control of Ferrari et al.

IFIP Ongoing Work Add constraints specification+resolution capability. –Integrity constraints are an essential part of flow control specification. –E.g. Chinese Wall Model. –Static vs. Dynamic constraints. Construct Materializations.