Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access control in heterogeneous, decentralized, distributed systems.

Published byJodie Hodge Modified over 6 years ago

Similar presentations

Presentation on theme: "Access control in heterogeneous, decentralized, distributed systems."— Presentation transcript:

1 Access control in heterogeneous, decentralized, distributed systems.
Trust Management Give yourself a brief Introduction before leaving this slide. My Name is Scot Anderson and… Mention: Master Thesis in the area of Policy Languages Ph.D. Student – my area is in constraint databases Current Job System Administrator for the division of business and computer science at Union College, Ex Teacher from Texas. Access control in heterogeneous, decentralized, distributed systems. By Scot Anderson

2 Introduction What is Trust Management (TM) History of Trust Management
Requirements Public Key Cryptography Policy Discovery Policy Languages Research vs Commercial Trust Management Systems Quickly go through these.

3 What is Trust Management (TM)
Definition: Trust Management is an approach to access control in a decentralized, distributed environment with access control decisions based on policy statements made by multiple principals. Decentralized means different locations Distributed means across different organizations Access control is both authentication, authorization to perform some process (it may actually be access to a resource, but may also include permission to perform an action). Policy statements are statements of authorization in some specific policy language. We’ll talk more about the importance of this specific topic in a little bit. Principals are entities: e.g. human, corporate, computer systems or even processes on systems. HISTORY OF TM What is Trust Management

4 History of Trust Management
It is nice to have an example to go along with a definition so lets take a look at … History of Trust Management

5 Areas of Active Research
There are three areas of active research that coincide with the three basis’ for TM Chain discovery Policy Discovery. The semantic analysis of Policy languages The complexity of the algorithms. The three areas of active research coincide with the three items that we listed as the basis of security in TM Most of the research in Chain discovery centers around tractability and reducing the search space. We note the search space in TM is your partners on the Internet, and the search time is going to be dominated by network traffic in most cases. The major issues have to do with the expressiveness of the policy specification language. Tractability relates directly to scalability and this relates to both semantics and chain discovery. History of Trust Management

6 ATM Example of Trust Management
Every Bank controls and services their own ATM Banks enter into a coalition with with other banks through Cirrus, INTERLINK, Pulse… In this way a bank can authorize an ATM card holder to withdraw cash even though the card holder does not have an account ATM’s have policies about what a user can do. These policies are stated in a policy language AFTER: Let’s consider a specific policy that we may wish to have a trust management system enforce. What is Trust Management

7 Trust Management Policies Example
Accountant Company Amount Transactions/Day “Alice” “Any” Amt <= $100,000 <=5 “Bob” “Suzuki” Amt <= $10,000 <=2 “Alice” & ”Bob” 100k < Amt <= 500k We may also want to limit the number of transactions in one day to no more than $300,000 without both accountants digitally signing the transactions. These are examples of policies limiting the companies trust in it’s employees, but it also protects the company from mistakes. Suppose that a company has a couple accountants responsible for making electronic funds transfers. The accountants routinely make transfers to other companies for 10’s of thousands of dollars. However we wish to enforce the following policies. ALL THIS LEADS US TO THE REQUIREMENTS DEFINED FOR TRUST MANAGEMENT.

8 Requirements Local control of resources
Grant full or partial access & authorization Delegate authority to grant access & authorization Operate regardless of the domains in use Enter into multiple coalitions Delegate the right to delegate authorizations An organization should have localized control of its resources. This entails granting access and authority to entities known to the organization, e.g., owners, employees, service personnel and contractors. An organization should be able to grant either full or partial access and delegate authority to other members of a coalition to which it belongs. Let me be clear: An organization does NOT grant authorizations to entities residing in the coalition. Think back to the ATM example. Union Bank does not keep track if Wells Fargo depositors are authorized to with draw money from ATMs. They trust someone else to keep track of that information. An organization should be able to have delegation of either full or partial access and authority to the resources belonging to other members of a coalition to which it belongs. The Trust Management system should be able to operate regardless of the security domains in place among members of a coalition such as hierarchical or group based domains. Domains also pertain to the way security is administrated at any location. For example, whether a user is provided with a smart card or must use a password system, the Trust Management system should be able to operate as a back-end system to the applications or systems needing to verify authorization. An organization should be able to enter into multiple coalitions independent of each other but as interlaced as desired. An organization should be able to delegate, not only the authorization but also the right to delegate authorization. We call this nested trust delegation. THESE REQUIREMENTS (4 AND 6 ESPECIALLY) ARE OPEN ENDED IN A WAY THAT CAN CAUSE EXPRESSSIVENESS PROBLEMS FOR THE CURRENT TL LANGUAGES. What is Trust Management

9 The Basis of Security in TM
Three areas form the basis for Trust Management Public-Key Cryptography and Certificates Policy Discovery Policy specification Language Lets take a look at each one of these What is Trust Management

10 Public-Key Cryptography
Discuss how public keys can be used for both secrecy and authentication.

11 Certificates: X.509 v3 digsigtrust Version Serial Number Algorithm ID
Issuer Validity Not Before Not After Subject Subject Public Key Info Public Key Algorithm Subject Public Key Issuer Unique Identifier (Optional) Subject Unique Identifier (Optional) Extensions (Optional) Certificate Signature Algorithm Certificate Signature Certificates are based on Public Key / Private Key infrastructure. I am not going to talk about the details of PKI. Talk about the role of each element of a certificate Traditionally certificates are used for authentication. As we shall see in TM, authorizations are added to a certificate. This allows authorization to be distributed. Take a look at a real certificate (I switch to looking at a Verisign Certificate. digsigtrust What is Trust Management

12 Additional Information for TM
In order to use Certificates for Policy statements we can include Policies on the Certificates Prior to the Certificate Signature. Policies may be encrypted, or in plain text. The certificate is included with a request If the certificate authorizes the request and the TM system can authenticate the requestor, the request is granted. What is Trust Management

13 Authorization Process
Trust Management System ETMP(EAU(Request,Authorization|Rejection) ETMU(Request) Alice is using an application that needs access to a resource controlled by the trust management system. The application uses the credentials Alice provided (i.e. possibly through a smart card) makes a connection to the TM system and sends the request and a random piece of data called a nounce. The system Uses Alice’s public key to encrypt the Nounce, with Symmetric key and sends it back to the application. Using the smart card (or other means available to the application), WHAT ISN”T CLEAR FROM THIS PICTURE IS HOW THE TM SYSTEM AUTHORIZES THE REQUEST! This requires the system to discover through some means if the certificate directly or indirectly authorizes Alice’s request. What is Trust Management

14 The Basis of Security in TM
Three areas form the basis for Trust Management Certificates (PKI) Policy Discovery Policy specification Lets take a look at each one of these What is Trust Management

15 Policy Discovery Policy discovery is not trivial because authorization is included on the certificate. The key issue is who do I trust. So, given a certificate and a request, does this certificate authorize the request and is it issued by someone I trust. Most of the research in Chain discovery centers around tractability and reducing the search space. We note the search space in TM is your partners on the Internet, and the search time is going to be dominated by network traffic in most cases. What is Trust Management

16 Policy Discovery via Chains
Consider a fourth level delegation. PA  PB  Pc  E This is a delegation chain to some entity E. If E makes a request to PA, how can PA authorize E with out knowing the chain of authorization PA  PB  Pc? This process is called chain discovery and is largely solved using graph theory. SPEAK: This has largely been solved, but is very important. If algorithms to discover the chain in every domain are not fast, then the system can not scale. If we were to allow every conceivable method of discovery we may run into a discovery model that requires an NP-Complete/Hard algorithm. This of course would be fatal to scalability. This is a fundamental problem in CS and we do not allow domains (and in fact we don’t need domains) that cause NP-Complete problems. What is Trust Management

17 The Basis of Security in TM
Three areas form the basis for Trust Management Certificates (PKI) Policy Discovery Policy specification Lets take a look at each one of these What is Trust Management

18 Policy Specification The ground breaking work of certificates for authentication in a hierarchical environment such as SSL certificates used to secure web pages has been extended to include policies for authorization. Authorizations on the certificates are specified in a policy language that is often based on logic (e.g. First Order Predicate Logic). Explain why a language must be closed. Again state that the language must have semantics that can be derived quickly. What is Trust Management

19 Policy Languages Expression is limited
The policy languages must be closed. The consequences of a closed language: Expression is limited Every Expression can be proven true or false. Approximation techniques exist in Logics that lend themselves to expanding the expressive capabilities of policy languages. First describe what it means to be closed. What is Trust Management

20 Research vs. Commercial Systems
Research in Trust Management spans a time period from 1996 when PolicyMaker was introduced to the present time. Research has made most if not all of the theoretical breakthroughs necessary to make TM a viable commercial technology. Commercial systems approximate the capabilities of research systems. LAST POINT: research system are NOT viable for commercial use – but they set the stage for commercial products. Current Trust Management

21 Commercial Systems IBM provides Federated Identity Management System Microsoft has an Identity and Access Management Series that talks about their systems. RSA Security has a suite of applications to provide TM including: ClearTrust and Federated Identity Manager. You will notice that these systems concentrate on IDENTITY. But buried underneath this familiar concept, so near and dear to the hearts of system administrators, is the possibility of distributed access control. MIIS = Microsoft Identity and Integration Server. Current Trust Management

22 Conclusions Trust Management is a system that provides access control in a decentralized distributed environment. Research on TM provides a sound theoretical basis. Commercial Systems are now providing most if not all of the components of Trust Management.

23 References S. Anderson. Constraint datalog in trust management. Master's thesis, University of Nebraska, Lincoln, 2003. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized trust management. Technical Report 96-17, AT and T Research, 1996. Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. REFEREE: Trust management for Web applications. Computer Networks and ISDN Systems, 29(8-13): , 1997. T. Grandison and M. Sloman. A survey of trust in internet application. IEEE Communications Surveys and Tutorials, 3(Fourth Quarter), 2000. Herzberg, Mass, Mihaeli, Naor, and Ravid. Access control meets public key infrastructure, or: Assigning roles to strangers. In RSP: 21th IEEE Computer Society Symposium on Research in Security and Privacy, 2000. N. Li and J. C. Mitchell. Datalog with constraints: A foundation for trust management languages. In Proceedings of the Fifth International Symposium on Practical Aspects of Declarative Languages, To appear. N. Li and J. Mitchell. Understanding SPKI/SDSI using first-order logic. In To Appear in IEEE Computer Security Foundations Workshop, 2003. Y. Tao, D. Papadias, and J. Sun. The TPR*-tree: An optimized spatio-temporal access method for predictive queries. In Proceedings of the Twenty-ninth International Conference on Very Large Data Bases, 2003.

24 Questions

Download ppt "Access control in heterogeneous, decentralized, distributed systems."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.

Digital Signatures Dan Fleck CS 469: Security Engineering These slides are modified with permission from Bill Young (Univ of Texas) Coming up: Digital.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
14 May 2002© 2000-02 TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.
Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.

Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.
IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.

IDENTITY MANAGEMENT Hoang Huu Hanh (PhD), OST – Hue University hanh-at-hueuni.edu.vn.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.

Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
Overview of Access and Information Protection

Overview of Access and Information Protection
1 Role-Based Cascaded Delegation: A Decentralized Delegation Model for Roles Roberto Tamassia Danfeng Yao William H. Winsborough Brown University Brown.

1 Role-Based Cascaded Delegation: A Decentralized Delegation Model for Roles Roberto Tamassia Danfeng Yao William H. Winsborough Brown University Brown.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Storage & Revoking.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

Similar presentations

Ads by Google