Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computational Issues in Secure Interoperation

Published byEmilia Heino Modified over 6 years ago

Similar presentations

Presentation on theme: "Computational Issues in Secure Interoperation"— Presentation transcript:

1 Computational Issues in Secure Interoperation
Li gong & Xiaolei Qian Presented by: Saubhagya Joshi

2 focus Principles of Secure Interoperation This paper: Autonomy
Any access permitted within an individual system must also be permitted under secure interoperation Security Any access NOT permitted within individual system must also be denied under secure interoperation This paper: General secure interoperation problem is undecidable Optimal solutions for secure interoperation is NP-complete Complexity is reduced by composability in secure local interoperation

3 Background From HRU model, given two systems G1, G2, interoperation F and access right r in G1 Actions on objects: create, delete, enter right, remove right Can access right r be added to G1 where it did not previously exist? General Secure Interoperation is Undecidable

4 Definitions Secure System Permitted Access
A secure system is an access control list in the form of G = <V, A> where V is a set of entities and A is a binary relation “access” on V that is reflexive, transitive and antisymmetric. Permitted Access Permitted Access is a binary relation F on  in=1 Vi where  (u, v)  F, u  Vi, v  Vj, and i  j.

5 Restricted Access Permitted Access is a binary relation R on  in=1 Vi where  (u, v)  R, u  Vi, v  Vj, and i  j. In a federated system Q = <V’, A’> consisting of n subsystems where, V = in=1 Vi and A’ = (in=1 Ai  F) - R Autonomy Principle Ai remains legal in A’, ie (u,v)==Ai and (u,v)==A’ Security Principle Illegal access (u,v)=/=Ai and (u,v)=/=A’

6 Secure Interoperation
Given Gi =<Vi, Ai>, n = 1, …, n. Q = <  in=1 Vi, B> is a secure interoperation if B  R = , and  u, v  Vi, (u, v)==Ai if and only if (u, v)==B.

7 Problem: Security Evaluation
Given Gi =<Vi, Ai>, I=1, …, n, permitted access F, and restricted access R. Is < in=1 Vi (in=1 Ai  F) – R> a secure interoperation? Security Evaluation is polynomial time.

8 If insecure, it can be made secure by:
Removing security violations by reducing F until interoperation is secure Look for S  F such that C = in=1 Ai  S) – R is secure Trivial Look for a secure solution that includes all other secure solutions Find S  F such that C = in=1 Ai  S) – R is secure, and, for any secure solution T, T  S. Not possible all the time

9 Look for solutions that cannot be expanded further a1
F = {(b3, a2),(a3, b2)} S1 = (a3, b2) S2 = (b3, a2) F = S1  S2 Look for solutions that cannot be expanded further Find secure solution S  F such that, for any secure solution T, S  T. a1 a3 a2 b1 b3 b2

10 Maximize data sharing Natural optimality measure
Arcs that cause problems a and d c and d Solution Remove d Retain a and c E B A D F C a b c d

11 Problem: Maximum Secure Interoperation
Maximum secure interoperation is NP complete Non-deterministic machine can guess solution at random and verify security and autonomy properties Maximum access secure interoperation is NP complete Simplified maximum-access secure interoperation is in polynomial-time Graph is acyclic

12 Composability Given secure local interoperation, is global interoperation secure? Given system Gi = <Vi, Ai>, i = 0, 1, …, n, where Go is the master system, let Go-i = <Go, Gi, Fi> denote the local interoperation between Go and Gi with permitted Access set Fi, i = 1, …, n. The global system is given by: G’ = < in=1 Vi, (in=1 Ai )  (in=1 Fi )>.

13 G’ is secure if and only if Go-i is secure, I = 1, …, n.
b d Gi Go b a c CASE 1 CASE 2

14 Conclusion Security of general interoperation is undecidable
Finding secure solution with optimality is NP-complete Composability reduces complexity

Download ppt "Computational Issues in Secure Interoperation"

Similar presentations

Problems and Their Classes

Problems and Their Classes
Minimum Clique Partition Problem with Constrained Weight for Interval Graphs Jianping Li Department of Mathematics Yunnan University Jointed by M.X. Chen.

Minimum Clique Partition Problem with Constrained Weight for Interval Graphs Jianping Li Department of Mathematics Yunnan University Jointed by M.X. Chen.
Multi-objective Optimization Using Particle Swarm Optimization Satchidananda Dehuri, Ph.D.(CS), Department of Information and Communication Technology,

Multi-objective Optimization Using Particle Swarm Optimization Satchidananda Dehuri, Ph.D.(CS), Department of Information and Communication Technology,
Relations Relations on a Set. Properties of Relations.

Relations Relations on a Set. Properties of Relations.
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.

1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
Approximation, Chance and Networks Lecture Notes BISS 2005, Bertinoro March 7-13 2005 Alessandro Panconesi University La Sapienza of Rome.

Approximation, Chance and Networks Lecture Notes BISS 2005, Bertinoro March Alessandro Panconesi University La Sapienza of Rome.
 2004 SDU Lecture17-P,NP, NPC.  2004 SDU 2 1.Decision problem and language decision problem decision problem and language 2.P and NP Definitions of.

 2004 SDU Lecture17-P,NP, NPC.  2004 SDU 2 1.Decision problem and language decision problem decision problem and language 2.P and NP Definitions of.
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
CPSC 322, Lecture 35Slide 1 Finish VE for Sequential Decisions & Value of Information and Control Computer Science cpsc322, Lecture 35 (Textbook Chpt 9.4)

CPSC 322, Lecture 35Slide 1 Finish VE for Sequential Decisions & Value of Information and Control Computer Science cpsc322, Lecture 35 (Textbook Chpt 9.4)
P and NP Sipser 7.2-7.3 (pages 256-270). CS 311 Fall 2008 2 Polynomial time P = ∪ k TIME(n k ) … P = ∪ k TIME(n k ) … TIME(n 3 ) TIME(n 2 ) TIME(n)

P and NP Sipser (pages ). CS 311 Fall Polynomial time P = ∪ k TIME(n k ) … P = ∪ k TIME(n k ) … TIME(n 3 ) TIME(n 2 ) TIME(n)
Date:2011/06/08 吳昕澧 BOA: The Bayesian Optimization Algorithm.

Date:2011/06/08 吳昕澧 BOA: The Bayesian Optimization Algorithm.
Relations & Their Properties. Copyright © Peter Cappello2 Introduction Let A & B be sets. A binary relation from A to B is a subset of A x B. Let R be.

Relations & Their Properties. Copyright © Peter Cappello2 Introduction Let A & B be sets. A binary relation from A to B is a subset of A x B. Let R be.
CPSC 689: Discrete Algorithms for Mobile and Wireless Systems Spring 2009 Prof. Jennifer Welch.

CPSC 689: Discrete Algorithms for Mobile and Wireless Systems Spring 2009 Prof. Jennifer Welch.
Halting Problem. Background - Halting Problem Common error: Program goes into an infinite loop. Wouldn’t it be nice to have a tool that would warn us.

Halting Problem. Background - Halting Problem Common error: Program goes into an infinite loop. Wouldn’t it be nice to have a tool that would warn us.
1 Section 7.1 Relations and their properties. 2 Binary relation A binary relation is a set of ordered pairs that expresses a relationship between elements.

1 Section 7.1 Relations and their properties. 2 Binary relation A binary relation is a set of ordered pairs that expresses a relationship between elements.
CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.

CH14 – Protection / Security. Basics Potential Violations – Unauthorized release, modification, DoS External vs Internal Security Policy vs Mechanism.
Programming & Data Structures

Programming & Data Structures
Properties of Relations In many applications to computer science and applied mathematics, we deal with relations on a set A rather than relations from.

Properties of Relations In many applications to computer science and applied mathematics, we deal with relations on a set A rather than relations from.
EXAMPLE 3 Find the inverse of a 3 × 3 matrix Use a graphing calculator to find the inverse of A. Then use the calculator to verify your result. 2 1 – 2.

EXAMPLE 3 Find the inverse of a 3 × 3 matrix Use a graphing calculator to find the inverse of A. Then use the calculator to verify your result. 2 1 – 2.
NP Complexity By Mussie Araya. What is NP Complexity? Formal Definition: NP is the set of decision problems solvable in polynomial time by a non- deterministic.

NP Complexity By Mussie Araya. What is NP Complexity? Formal Definition: NP is the set of decision problems solvable in polynomial time by a non- deterministic.

Similar presentations

Ads by Google