Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:

Published byCurtis Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:"— Presentation transcript:

1 Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management: Confidentiality, Privacy and Trust March 20, 2006

2 Outline of the Unit l Background on Knowledge Management l Secure Knowledge Management l Confidentiality: Access Control l Privacy l Trust Management l Integrated System l Secure Knowledge Management Technologies l Directions

3 References l Proceedings Secure Knowledge Management Workshop - Secure Knowledge Management Workshop, Buffalo, NY, September 2004 - http://www.cse.buffalo.edu/caeiae/skm2004/ l Secure Knowledge Management - Bertino, Khan, Sandhu and Thuraisingham - To be published in IEEE Transactions on Systems man and Cybernetics - This lecture is based on the above paper

4 What is Knowledge Management l Knowledge management, or KM, is the process through which organizations generate value from their intellectual property and knowledge-based assets l KM involves the creation, dissemination, and utilization of knowledge l Reference: http://www.commerce-database.com/knowledge- management.htm?source=google

5 Knowledge Management Components Components: Strategies Processes Metrics Cycle: Knowledge, Creation Sharing, Measurement And Improvement Technologies: Expert systems Collaboration Training Web Components of Knowledge Management: Components, Cycle and Technologies

6 IdentificationCreation Diffusion - Tacit, Explicit IntegrationModification Action Organizational Learning Process Metrics Source: Reinhardt and Pawlowsky Incentives

7 Aspects of Secure Knowledge Management (SKM) l Protecting the intellectual property of an organization l Access control including role-based access control l Security for process/activity management and workflow - Users must have certain credentials to carry out an activity l Composing multiple security policies across organizations l Security for knowledge management strategies and processes l Risk management and economic tradeoffs l Digital rights management and trust negotiation

8 SKM: Strategies, Processes, Metrics, Techniques l Security Strategies: - Policies and procedures for sharing data - Protecting intellectual property - Should be tightly integrated with business strategy l Security processes - Secure workflow - Processes for contracting, purchasing, order management, etc. l Metrics - What is impact of security on number of documents published and other metrics gathered l Techniques - Access control, Trust management

9 SKM: Strategies, Processes, Metrics, Techniques

10 IdentificationCreation Diffusion - Tacit, Explicit IntegrationModification Action Security Impact on Organizational Learning Process Metrics What are the restrictions On knowledge sharing By incorporating security Incentives

11 Security Policy Issues for Knowledge Management l Defining Policies during Knowledge Creation l Representing policies during knowledge management l Enforcing policies during knowledge manipulation and dissemination

12 Secure Knowledge Management Architecture

13 SKM for Coalitions l Organizations for federations and coalitions work together to solve a problem - Universities, Commercial corporation, Government agencies l Challenges is to share data/information and at the same time ensure security and autonomy for the individual organizations l How can knowledge be shared across coalitions?

14 SKM Coalition Architecture Export Knowledge Component Knowledge for Agency A Knowledge for Coalition Export Knowledge Component Knowledge for Agency C Component Knowledge for Agency B Export Knowledge

15 RBAC for SKM l Access to information sources including structured and unstructured data both within the organization and external to the organization l Search Engines and tools for identifying relevant pieces of this information for a specific purpose l Knowledge extraction, fusion and discovery programs and services l Controlled dissemination and sharing of newly produced knowledge

16 RBAC for SKM (Sandhu)

17 UCON for SKM l RBAC model is incorporated into UCON and useful for SKM - Authorization component l Obligations - Obligations are actions required to be performed before an access is permitted - Obligations can be used to determine whether an expensive knowledge search is required l Attribute Mutability - Used to control the scope of the knowledge search l Condition - Can be used for resource usage policies to be relaxed or tightened

18 UCON for SKM (Sandhu)

19 Trust Management for SKM l Trust Services - Identify services, authorization services, reputation services l Trust negotiation (TN) - Digital credentials, Disclosure policies l TN Requirements - Language requirements l Semantics, constraints, policies - System requirements l Credential ownership, validity, alternative negotiation strategies, privacy l Example TN systems - KeyNote and Trust-X (U of Milan), TrustBuilder (UIUC)

20 Trust Management for SKM

21 The problem: establishing trust in open systems l Mutual authentication - Assumption on the counterpart honesty no longer holds - Both participants need to authenticate each other  Interactions between strangers - In conventional systems user identity is known in advance and can be used for performing access control - In open systems partecipants may have no pre-existing relationship and may not share a common security domain

22 Trust Negotiation model l A promising approach for open systems where most of the interactions occur between strangers l The goal : establish trust between parties in order to exchange sensitive information and services l The approach : establish trust by verifying properties of the other party

23 Trust negotiation: the approach Interactions between strangers in open systems are different from traditional access control models Policies and mechanisms developed in conventional systems need to be revised USER ID’s VS. SUBJECT PROPERTIES ACCESS CONTROL POLICIES VS. DISCLOSURE POLICIES

24 Subject properties: digital credentials l Assertion about the credential owner issued and certified by a Certification Authority. CA  Each entity has an associated set of credentials, describing properties and attributes of the owner.

25 Use of Credentials Credential Issuer Digital Credentials -Julie -3 kids -Married -American Company A Company B Want to know citizenship Want to know marital status -Julie - American -Julie - Married Alice Check Referenced from http://www.credentica.com/technology/overview.pdfhttp://www.credentica.com/technology/overview.pdf

26 Credentials l Credentials can be expressed through the Security Assertion Mark-up Language (SAML) l SAML allows a party to express security statements about a given subject - Authentication statements - Attribute statements - Authorization decision statements

27 Disclosure policies l Disclosure policies govern: Access to protected resources Access to sensitive information Disclosure of sensitive credentials l Disclosure policies express trust requirements by means of credential combinations that must be disclosed to obtain authorization Disclosure policies

28 Disclosure policies - Example l Suppose NBG Bank offers loans to students l To check the eligibility of the requester, the Bank asks the student to present the following credentials - The student card - The ID card - Social Security Card - Financial information – either a copy of the Federal Income Tax Return or a bank statement

29 Disclosure policies - Example p1= ({}, Student_Loan  Student_Card()); p2= ({p1}), Student_Loan  Social_Security_Card()); p3= ({p2}, Student_Loan  Federal_Income_Tax_Return()); p4= ({p2}, Student_Loan  Bank_Statement()); P5=({p3,p4}, Student_Loan  DELIV); These policies result in two distinct “policy chains” that lead to disclosure [p1, p2, p3, p5][p1, p2, p4, p5]

30 Trust Negotiation - definition The gradual disclosure of credentials and requests for credentials between two strangers, with the goal of establishing sufficient trust so that the parties can exchange sensitive information and/or resources

31 Trust- X system: Joint Research with University of Milan l A comprehensive XML based framework for trust negotiations:  Trust negotiation language ( X -TNL)  System architecture  Algorithms and strategies to carry out the negotiation process

32 Trust- X language : X -TNL  Able to handle mutliple and heterogeneus certificate specifications:  Credentials  Declarations  Able to help the user in customizing the management of his/her own certificates  X -Profile  Data Set  Able to define a wide range of protection requirements by means of disclosure policies

33 X -TNL: Credential type system X -TNL simplifies the task of credential specification by using a set of templates called credential types Uniqueness is ensured by use of XML Namespaces Credential types are defined by using Document Type Definition <!DOCTYPE library_badge[ <!ELEMENT library_badge (name, address, phone_number*, email?, release_date, profession,Issuer)> <!ATTLIST Issuer XML:LINK CDATA #FIXED “SIMPLE” HREF CDATA #REQUIRED TITLECDATA #IMPLIED> ]>

34 Trust- X negotiation phases- basic model 1. Introduction  Send a request for a resource/service  Introductory policy exchanges 2. Policy evaluation phase  Disclosure policy exchange  Evaluation of the exchanged policies in order to determine secure solutions for both the parties. 3. Certificate exchange phase  Exchange of the sequence of certificates determined at step n. 2.

35 Trust- X Architecture Trust- X has been specifically designed for a peer-to-peer environment in that each party is equipped with the same functional modules and thus it can alternatively act as a requester or resource controller during different negotiations.

36 Upon receiving a disclosure policy the compliance checker determines if it can be satisfied by any certificate of the local X - profile. How a policy is processed COMPLIANCE CHECKER TREE MANAGER Policy Base Policy Reply X-Profile Disclosure Policies Then, the module checks in the policy base the protection needs associated with the certificates, if any. The state of the negotiation is anyway updated by the tree manager, which records whether new policies and credentials have been involved or not.

37 SKM Technologies l Data Mining - Mining the information and determine resources without violating security l Secure Semantic Web - Secure knowledge sharing l Secure Annotation Management - Managing annotations about expertise and resources l Secure content management - Markup technologies and related aspects for managing content l Secure multimedia information management

38 Directions l We have identified high level aspects of SKM - Strategies, Processes. Metrics, techniques, Technologies, Architecture l Need to investigate security issues - RBAC, UCON, Trust etc. l CS departments should collaborate with business schools on KM and SKM

Download ppt "Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Secure Knowledge Management:"

Similar presentations

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.

Directory and Trust Services (D&TS) Define an Abstract Model Purpose: Document a common terminology that the group can use between the various tracks Identify.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Secure Knowledge Management Dr. Bhavani Thuraisingham The National Science Foundation September 2004.

Secure Knowledge Management Dr. Bhavani Thuraisingham The National Science Foundation September 2004.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
SLIDE 1 Department of Computer Science A flexible access control model for web services Elisa Bertino, Anna Cinzia Squicciarini Lorenzo Martino, Federica.

SLIDE 1 Department of Computer Science A flexible access control model for web services Elisa Bertino, Anna Cinzia Squicciarini Lorenzo Martino, Federica.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.

Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Secure Knowledge Management: and.
Access Control in Data Management Systems Dr. Bhavani Thuraisingham The University of Texas at Dallas Access Control and Policies in Data Management Systems.

Access Control in Data Management Systems Dr. Bhavani Thuraisingham The University of Texas at Dallas Access Control and Policies in Data Management Systems.
Trustworthy Semantic Web Knowledge Management + E-Business + Semantic Web = Semantic E-Business Dr. Bhavani Thuraisingham March 2010.

Trustworthy Semantic Web Knowledge Management + E-Business + Semantic Web = Semantic E-Business Dr. Bhavani Thuraisingham March 2010.
Trust Negotiation Concepts and Issues Elisa Bertino CS & ECE Departments, CERIAS Purdue University Boston November 9, 2004.

Trust Negotiation Concepts and Issues Elisa Bertino CS & ECE Departments, CERIAS Purdue University Boston November 9, 2004.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.

TRUST NEGOTIATION IN ONLINE BUSINESS TRANSACTIONS BY CHANDRAKANTH REDDY.
MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.

MPEG-21 : Overview MUMT 611 Doug Van Nort. Introduction Rather than audiovisual content, purpose is set of standards to deliver multimedia in secure environment.
Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.

Dr. Bhavani Thuraisingham October 2006 Trustworthy Semantic Webs Lecture #16: Web Services and Security.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.

Data and Applications Security Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #1 Introduction to Data and Applications Security August.
A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

Similar presentations

Ads by Google