Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010.

Slides:

Advertisements

Similar presentations

© 2006 FedEx. All rights reserved. FedEx Ship Manager ® at fedex.com Shipping Administration.

Advertisements

Institute for Cyber Security

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

1 Authorization XACML – a language for expressing policies and rules.

Administrative Policies in XACML Erik Rissanen Swedish Institute of Computer Science.

New Challenges for Access Control April 27, Improving Usability and Expressiveness with Dynamic Policies and Obligations Dennis Kafura Markus Lorch.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

8.2 Discretionary Access Control Models Weiling Li.

Authz work in GGF David Chadwick

Secure Systems Research Group - FAU Patterns for access control E.B. Fernandez.

Wednesday, June 03, 2015 © 2001 TrueTrust Ltd1 PERMIS PMI David Chadwick.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

Lecture 7 Access Control

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Introduction to Software Testing

Combining KMIP and XACML. What is XACML? XML language for access control Coarse or fine-grained Extremely powerful evaluation logic Ability to use any.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

XACML Briefing for PMRM TC Hal Lockhart July 8, 2014.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

WP6: Grid Authorization Service Review meeting in Berlin, March 8 th 2004 Marcin Adamski Michał Chmielewski Sergiusz Fonrobert Jarek Nabrzyski Tomasz Nowocień.

1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.

● Problem statement ● Proposed solution ● Proposed product ● Product Features ● Web Service ● Delegation ● Revocation ● Report Generation ● XACML 3.0.

Methodology and Tools for End-to-End SOA Configurations By: Fumiko satoh, Yuichi nakamura, Nirmal K. Mukhi, Michiaki Tatsubori, Kouichi ono.

Katanosh Morovat.   This concept is a formal approach for identifying the rules that encapsulate the structure, constraint, and control of the operation.

Xusheng Xiao, Tao Xie North Carolina State University Amit Paradkar IBM T.J. Watson Research Center

CatBAC: A Generic Framework for Designing and Validating Hybrid Access Control Models Bernard Stepien, University of Ottawa Hemanth Khambhammettu Kamel.

1 A pattern language for security models Eduardo B. Fernandez and Rouyi Pan Presented by Liping Cai 03/15/2006.

Tom Clarke VP, Research & Technology National Center for State Courts.

RECALL THE MAIN COMPONENTS OF KIM Functional User Interfaces We just looked at these Reference Implementation We will talk about these later Service Interface.

Evaluation and Testbed Development Bhavani Thuraisingham The University of Texas at Dallas Jim Massaro and Ravi Sandhu.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

CSCE 201 Introduction to Information Security Fall 2010 Access Control.

Next-generation databases Active databases: when a particular event occurs and given conditions are satisfied then some actions are executed. An active.

Business Process Driven Framework for defining an Access Control Service based on Roles and Rules by Ramaswamy Chandramouli Computer Security Division,

Policy-based Dynamic Authorization Framework for Sharing Medical Data Apurva Mohan and Douglas M. Blough, Georgia Institute of Technology Andrew Post,

BE-SECBS FISA 2003 November 13th 2003 page 1 DSR/SAMS/BASP IRSN BE SECBS – IRSN assessment Context application of IRSN methodology to the reference case.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

Programme Objectives Analyze the main components of a competency-based qualification system (e.g., Singapore Workforce Skills) Analyze the process and.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

Extensible Access Control Framework for Cloud Applications KTH-SEECS Applied Information Security Lab SEECS NUST Implementation Perspective.

Computer Science Systematic Testing and Verification of Security Policies Tao Xie Department of Computer Science North Carolina State University

Computer Science 1 Mining Likely Properties of Access Control Policies via Association Rule Mining JeeHyun Hwang 1, Tao Xie 1, Vincent Hu 2 and Mine Altunay.

Database Administration

Model Checking Grid Policies JeeHyun Hwang, Mine Altunay, Tao Xie, Vincent Hu Presenter: tanya levshina International Symposium on Grid Computing (ISGC.

CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.

Computer Science Conformance Checking of Access Control Policies Specified in XACML Vincent C. Hu (National Institute of Standards and Technology) Evan.

Access Control Policy Tool (ACPT) Ensure the safety and flexibility in composing access control policies Current features: Allows policy authors to conveniently.

By: Nikhil Bendre Gauri Jape.  What is Identity?  Digital Identity  Attributes  Role  Relationship.

FlexFlow: A Flexible Flow Policy Specification Framework Shipping Chen, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems George.

GridShib and PERMIS Integration: Adding Policy driven Role-Based Access Control to Attribute-Based Authorisation in Grids Globus Toolkit is an open source.

Computer Science 1 Detection of Multiple-Duty-Related Security Leakage in Access Control Policies JeeHyun Hwang 1, Tao Xie 1, and Vincent Hu 2 North Carolina.

1 Access Control Policies: Modeling and Validation Luigi Logrippo & Mahdi Mankai Université du Québec en Outaouais.

Sponsored by the National Science Foundation Establishing Policy-based Resource Quotas at Software-defined Exchanges Marshall Brinn, GPO June 16, 2015.

PolicyMorph: Interactive Policy Model Transformations for a Logical ABAC Framework Michael LeMay Omid Fatemieh Carl A. Gunter.

XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.

Adding Distributed Trust Management to Shibboleth Srinivasan Iyer Sai Chaitanya.

11/18/2003 Smart Card Authentication Mechanism Tim W. Baldridge, CISSP Marshall Space Flight Center Office of the Chief Information Officer.

Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,

Access Control and Audit Indrakshi Ray Computer Science Department Colorado State University Fort Collins CO

UnifiedSec-1 CSE 5810 Integrated Secure Software Engr. Approach for Functional, Collaborative, and Information Concerns J. A. Pavlich-Mariscal, S. Berhe,

SAP GRC(Governance Risk and Compliance)/SECURITY ONLINE TRAINING  Magnific Name : SAP GRC/SECURITY 24*7 Technical support  faculty : Real time Experience.

Institute for Cyber Security

Computer Data Security & Privacy

Institute for Cyber Security

XACML and the Cloud.

CompTIA Security+ Study Guide (SY0-401)

Securing Home IoT Environments with Attribute-Based Access Control

3PL Software Solutions | Global Shipping Software

Presentation transcript:

Policy Evaluation Testbed Vincent Hu Tom Karygiannis Steve Quirolgico NIST ITL PET Report May 4, 2010

2 AC Policy Composing Problems No structure model framework to support policy authoring. No tool to check correct policy rule specifications, which are hand crafted by administrators. No tool for checking the effect (conflicts of rules) when combining more than one polices. No efficient ways to generate exhaust test cases for the correctness of an access control system.

3 Access Control Policy Tool (ACPT) ACPT is a tool for composing access control models (such as RBAC and Multi-Level models) Features: Allows specification of policy combinations, rules and properties through model templates Allows testing and verification of policies against specified properties and reports problems that may lead to security holes Generates efficient test suites (by applying NIST’s combinatorial testing technology) for testing of access control implementation Test suites can be applied to any access control implementation Ensures the safety and flexibility in composing access control policies XACML policy generation

4 ACPT Architecture GUI AC Model Templates Data Acquisition Policy GeneratorModel Checker Test Suite Generator Combinatorial Array Generator Access Control Policy Tool User, attribute, resource, role, etc. data GUI allows specification of users, groups, attributes, roles, rules, policies, and resources Generates encoded policies.xml Generates test suites Validates access control policy models API/mechanism to consume/acquire external data related to policies Generates combinatorial test array Test suite Administrator optional functions XACML

5 ACPT

6

7 ACPT Demo Policy A (excerpt from 28 CFR Part 23 Statutes and Govt. Category) Subject Attributes Resource Attributes Action Rule number 28 CFR Part 23 Training Government Category Privacy Category Read 1CurrentFederalISEYes 2CurrentStateISEYes 3Expired/Non e FederalISEYes 4CurrentFederalSLTYes 5CurrentStateSLTYes 6Expired/Non e StateSLTYes Policy B (excerpt from Govt. Category, Remote Access, and OMB/NIST Assurance) Subject AttributesResource Attributes Action Rule number Government Category Remote Access OMB/NIST Assurance Level Privacy Category Read 7FederalYes2ISEYes 8FederalYes3 or greaterISEYes 9FederalNo2 or greaterISEYes 10StateYes3 or greaterISEYes 11StateNo2ISEYes 12FederalYes3 or greaterSLTYes 13FederalNo2 or greaterSLTYes 14StateYes2SLTYes 15StateYes3 or greaterSLTYes 16StateNo2SLTYes

8 ACPT Demo Property to test: A request with the attributes: * “Current” for 28 CFR Part 23 Training, * “Federal” for Government Category, * “ 1” for Assurance Level, * “True” for Remote Access, to “read” data with * “ISE” Privacy Category attribute should not be allowed. The rules say: Rule number 1 of Policy A grants the request of the property, but no rule in Policy B grants such request.

9 ACPT Demo Property specification in ACPT

10 ACPT Demo Test the property against Policy A, the result return false with counterexample.

11 ACPT Demo Test the property against Policy B, the result return true.

12 ACPT Demo Test the property against Policy A merged with Policy B, the result return false for Policy A but true for Policy B. Note that for merged policies there is no priorities between policies

13 ACPT Demo Test the property against Policy A combined with Policy B. Combined polices has the priorities of the combined rules. This slide shows the combination of policies, where Policy B has higher priority than policy A

14 ACPT Demo Test the property against Policy A combined with Policy B, and we set the “Default Deny” rules for both policies, the verification result return true for the combined policy.

15 ACPT Demo Test cases generation:

16 ACPT Demo XACML generation:

17 Live Demo

18 Compare ACPT with commercial AC tools So far, a commercial AC policy management tool does not have all the following capabilities that NIST ACPT has:  AC (access control) model templates for entering polices: RBAC, Multi- Level, RuBAC (rule based), and Workflow, even some (such as IBM Tivoli) claims provide RuBAC, RBAC, and ABAC templates which are only simulated by using rules, in other words, there is no Role or Attribute relation (hierarchy) building capability,  Combining different AC models into one. (e.g. combine RBAC policy with RuBAC and ABAC policies)  AC Property (described by Boolean predicate) verification (IBM has limited SOD (Separation of Duty) check) to ensure the created policy can satisfy any combination of rule constraints.  Test case (suite) generator for testing in real operation environment to assure there is no privilege leakage caused by faults other than the AC policy.

19 ACPT Future Work  Policy (or rule) priority configuration for combining different models or rules (e.g., combinations of global and local policies)  White-box model/properties verification to verify coverage and confinement of access control rules  Generate XACML policies derived from verified access control model or rules  Additional access control policy templates including dynamic and historical access control models  API or mechanism for acquiring or consuming information about users, attributes, resources, etc.  Web-ACPT allowing convenient web-based policy composition

20 Progress Report  PET State-to-State policy scenarios defined XACML and PEP coding to support new scenario Numerous software enhancements Preparing demo for Fusion Center conference  DHS/JHUAPL Identity Provider Service Privacy Policy Matrix  DoJ and HHS Presentations  Computer Associates CRADA Policy Expression and Automated Extraction  National Security Agency Quarterly Technical Exchanges

21 Progress Report (cont.)  Presentation and Demo, 2010 Fusion Center Technology Workshop, June 8th and 9th, 2010  Decentralized Information Group, Computer Science & Artificial Intelligence Lab, Massachusetts Institute of Technology  Nationwide Health Information Network (NHIN), CONNECT, HHS – ACPT Tool

22 Contact Information  Vincent Hu –  Tom Karygiannis –  Steve Quirolgico –