Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004 Ravi Sandhu www.list.gmu.edu The Extended Schematic Protection Model (ESPM) Ravi Sandhu Laboratory for Information Security Technology George Mason.

Published byJesse Carter Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2004 Ravi Sandhu www.list.gmu.edu The Extended Schematic Protection Model (ESPM) Ravi Sandhu Laboratory for Information Security Technology George Mason."— Presentation transcript:

1 © 2004 Ravi Sandhu www.list.gmu.edu The Extended Schematic Protection Model (ESPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2 © 2004 Ravi Sandhu www.list.gmu.edu 2 Recap HRU has undecidable safety under very weak assumptions Bi-conditional monotonic Take-Grant and variations Efficiently decidable safety Unexpected aggregate policy Schematic protection model (SPM) Useful demarcation of efficiently decidable safety –Decidable for acyclic attenuating schemes polynomial in size of initial state exponential in number of types (for dense cc relation) open question: acyclic non-attenuating –Undecidable for cyclic schemes Copy flag and demand operation turn out to be redundant SPM can simulate Bell LaPadula multilevel security

3 © 2004 Ravi Sandhu www.list.gmu.edu 3 SPM creation

4 © 2004 Ravi Sandhu www.list.gmu.edu 4 ESPM joint creation

5 © 2004 Ravi Sandhu www.list.gmu.edu 5 Monotonic HRU command

6 © 2004 Ravi Sandhu www.list.gmu.edu 6 ESPM simulation 1.Parameter list generation Marshall parameter set of size Ji 2.Validating the conditional 3.Simulating the HRU command body Simulating creates –Unconditional create with alive right, so X/alive  dom(X) is required for X to participate in any command Simulating enters –straightforward

7 © 2004 Ravi Sandhu www.list.gmu.edu 7 ESPM types p: proxy entity type P x /r  dom(P y ) for P x, P y of type p in ESPM system iff r  [P y,P x ] in HRU system {a j | j=1…J max }: agent types Represent ESPM proxy entity in j th parameter of HRU command {v i | i=1…I}: validator types Represent a collection of J i entities in instance of HRU command i Created by joint creation with agent types as parents {t k i | k=1…K i, i=1…I}: term types Simulate truth value of each term in each HRU command {c m i | m=1…M i, i=1…I}: create types Simulate creates for each HRU command {e n i | n=1…N i, i=1…I}: enter types Simulate enters for each HRU command

8 © 2004 Ravi Sandhu www.list.gmu.edu 8 ESPM creation

9 © 2004 Ravi Sandhu www.list.gmu.edu 9 ESPM attenuating loops If type(u i ) = type(v) Except that one such parent can have attenuating rule cr pj (u 1, u 2, …, u N, v) = p j /R 2 j  c/R 1 j cr c (u 1, u 2, …, u N, v) = p j /R 3 j  c/R 4 j so R 1 j  R 2 j and R 3 j  R 2 j and R 4 j  R 1 j

10 © 2004 Ravi Sandhu www.list.gmu.edu 10 ESPM unfolded state

11 © 2004 Ravi Sandhu www.list.gmu.edu 11 ESPM unfolded state

12 © 2004 Ravi Sandhu www.list.gmu.edu 12 ESPM safety analysis exponential in types (like SPM) exponential in size of initial state (unlike SPM)

13 © 2004 Ravi Sandhu www.list.gmu.edu 13 ESPM safety analysis

14 © 2004 Ravi Sandhu www.list.gmu.edu 14 Expressive power of SPM and ESPM both are monotonic ESPM is equivalent to monotonic HRU HRU can simulate ESPM ESPM can simulate HRU ESPM with double-parent creation is equivalent to ESPM ESPM is at least as expressive as SPM ESPM can simulate SPM trivially it turns out that SPM is less expressive than ESPM (and thereby less expressive than monotonic) HRU

15 © 2004 Ravi Sandhu www.list.gmu.edu 15 Monotonic access graph model nodes are strongly typed type of a node cannot change edges are strongly typed type of an edge cannot change graph operations initial state operations node operations –multi-parent –creates new edges from each parent to child edge operations –cannot create new nodes –must be monotonic (edges cannot be removed)

16 © 2004 Ravi Sandhu www.list.gmu.edu 16 Simulation: scheme B simulates scheme A

17 © 2004 Ravi Sandhu www.list.gmu.edu 17 Scheme A has double-parent creation

18 © 2004 Ravi Sandhu www.list.gmu.edu 18 Double-parent creation in scheme A

19 © 2004 Ravi Sandhu www.list.gmu.edu 19 Double-parent creation in scheme A

20 © 2004 Ravi Sandhu www.list.gmu.edu 20 Failed simulation in scheme B with single-parent creation and identical initial state

21 © 2004 Ravi Sandhu www.list.gmu.edu 21 Failed simulation in scheme B with single-parent creation and arbitrary initial state

22 © 2004 Ravi Sandhu www.list.gmu.edu 22 Failed simulation in scheme B with single-parent creation and arbitrary initial state

23 © 2004 Ravi Sandhu www.list.gmu.edu 23 Failed simulation in scheme B with single-parent creation and arbitrary initial state

24 © 2004 Ravi Sandhu www.list.gmu.edu 24 Multi-parent creation does not add power in non- monotonic systems

25 © 2004 Ravi Sandhu www.list.gmu.edu 25 Multi-parent creation Adds power to monotonic models Perhaps should be viewed as a non-monotonic binding operation

Download ppt "© 2004 Ravi Sandhu www.list.gmu.edu The Extended Schematic Protection Model (ESPM) Ravi Sandhu Laboratory for Information Security Technology George Mason."

Similar presentations

Combinatorial Auction

Combinatorial Auction
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University.

On the Expressive Power of the Unary Transformation Model by Ravi Sandhu Srinivas Ganta Center for Secure Information Systems George Mason University.
ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.

ACCESS CONTROL: THE NEGLECTED FRONTIER Ravi Sandhu George Mason University.
ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

ENGINEERING AUTHORITY AND TRUST IN CYBERSPACE: A ROLE-BASED APPROACH Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University
© 2004 Ravi Sandhu www.list.gmu.edu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.

© 2004 Ravi Sandhu The Typed Access Matrix Model (TAM) and Augmented TAM (ATAM) Ravi Sandhu Laboratory for Information Security Technology.
Safety in Access Control Take-Grant (best viewed in slide-show mode)

Safety in Access Control Take-Grant (best viewed in slide-show mode)
© 2005 Ravi Sandhu www.list.gmu.edu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.

© 2005 Ravi Sandhu Administrative Scope (continued) (best viewed in slide show mode) Ravi Sandhu Laboratory for Information Security Technology.
OM-AM and RBAC Ravi Sandhu * www.list.gmu.edu Laboratory for Information Security Technology (LIST) George Mason University.

OM-AM and RBAC Ravi Sandhu * Laboratory for Information Security Technology (LIST) George Mason University.
CS344 : Introduction to Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 2 - Search.

CS344 : Introduction to Artificial Intelligence Pushpak Bhattacharyya CSE Dept., IIT Bombay Lecture 2 - Search.
Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.

Siddharth Srivastava, Shlomo Zilberstein, Neil Immerman University of Massachusetts Amherst Hector Geffner Universitat Pompeu Fabra.
Siddharth Srivastava, Neil Immerman, Shlomo Zilberstein University of Massachusetts Amherst.

Siddharth Srivastava, Neil Immerman, Shlomo Zilberstein University of Massachusetts Amherst.
JAYASRI JETTI CHINMAYA KRISHNA SURYADEVARA

JAYASRI JETTI CHINMAYA KRISHNA SURYADEVARA
Primal-Dual Algorithms for Connected Facility Location Chaitanya SwamyAmit Kumar Cornell University.

Primal-Dual Algorithms for Connected Facility Location Chaitanya SwamyAmit Kumar Cornell University.
Exact Inference in Bayes Nets

Exact Inference in Bayes Nets
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

Similar presentations

Ads by Google