Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College.

Published byJaiden Maunder Modified over 10 years ago

Similar presentations

Presentation on theme: "Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College."— Presentation transcript:

1 Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College

2 Context-sensitive Authorization Projector Smart Meeting Room Request Guest Speaker I cannot verify your identity.

3 Context-sensitive Authorization Projector Smart Meeting Room Request Guest Speaker Location Information Since you are in the room, I authorize you to control me. Location Sensor

4 Centralized Approach Resource Authorization Server Information Servers Requester Request Authorization Query Granting Decision Context Information Location Server Integrity (make correct decisions) Confidentiality (not to disclose confidential information) Role Server

5 Smart Room Scenario Speaker Projector Location Server Request Location Query WIFI Location Server GPS Location Server Access Point Query GPS Coordinate Query

6 Distributed Rule-based Authorization Central server Proof Tree Authorization Query Host A Host B Host C Sub-Proof Tree Sub-Proof Tree Sub-Proof Tree Authorization Query Logical Query

7 Goals Confidentiality –Preserve each principal’s confidentiality policies Integrity –Each principal receives a proof that satisfies its integrity policies Scalability –Offload work from a central server

8 Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

9 Rule-based Authorization Inference Engine Knowledge Base grant(P, projector)  location(P, room112) location(P,L)  owner(P,D)  location(D,L) owner(Bob, badge15) location(badge15, room112) Authorization Server ?grant(Bob, projector) Proof Tree Rules Facts

10 Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

11 Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

12 Security Model Resource Authorization Policies / Facts Confidentiality / Integrity Policies

13 Security Model Host A (Alice)Host B (Dave) grant(P, projector)  location(P, room112) owner(Bob, pda15) location(pda15, room112) location(P,L)  owner(P,D)  location(D,L) ?location (Bob, room112) Confidentiality Policies acl(location(P,L)) = {Alice} acl(owner(P,D)) = {Dave} Integrity Policies trust(location(P,L)) = {Dave} TRUE

14 Assumptions Policies apply only to facts –Each principal issues a query to a principal that satisfies its integrity policies Integrity policies are public knowledge Public key infrastructure is available

15 Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

16 Architectural Overview Use r Resource Request Host Authorization Query Host Logical Query

17 Decomposition of Proof Tree Principal p 0 p1p1 p2p2 Query A handler principal only returns a query result (true or false) T0T0 n0n0 T1T1 n1n1 q0q0 T2T2 q1q1

18 Decomposition of Proof Tree Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 n1n1 All the nodes except for the root node are not disclosed. q0q0 q1q1 Query

19 Enforcement of Confidentiality Policies Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 A handler principal chooses a receiver principal from its upstream principals. K0K0 K0K0 K0K0 acl(q 1 ) = {p 0 } Confidentiality policy q0q0 q1q1 Query

20 Enforcement of Confidentiality Policies Principal p 0 p1p1 p2p2 T0T0 T1T1 T2T2 n0n0 A handler principal chooses a receiver principal from its upstream principals. K0K0 K0K0 acl(q 1 ) = {p 0 } Confidentiality policy q0q0 q1q1 Query

21 Outline Rule-based authorization Security model Distributed query processing Enforcement algorithm Summary

22 Enforcement Algorithm p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2

23 p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 acl(q 2 ) = {p 0,p 1 } Security Policies

24 Enforcement Algorithm p0p0 p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 acl(q 2 ) = {p 0,p 1 } Security Policies

25 Enforcement Algorithm p1p1 p2p2 p3p3 q0q0 q1q1 q2q2 p4p4 p5p5 (p 1, ((pf 4 )(pf 5 )) K1 )) (p 1,((pf 4 )(pf 5 )) K1 ) (p 0,(pf 4 ) K0 ) p0p0 p0p0 TRUE pf 4  (P 0, (TRUE) K0 ) pf 5  (P 1, (TRUE) K1 ) q3q3 q4q4

26 p1p1 Enforcement Algorithm p0p0 p2p2 p3p3 q0q0 q1q1 q2q2 p4p4 p5p5 pf 4  (P 0, (TRUE) K0 ) q3q3 pf 5  (P 1, (TRUE) K1 ) pf 3  (p 0, ((pf 4 )(pf 5 )) K0 )) (p 1,(pf 3 ) K1 )(p 0,(pf 3 ) K0 ) p1p1 pf 5 cannot be decrypted!

27 Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 0,p 1 ]) p4p4 p5p5 p0p0 p0p0 p0p0

28 Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 p0p0 p0p0 p0p0

29 Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 p0p0 p0p0 (q 2,[p 1,p 0,p 2 ]) p0p0

30 Attack by Colluding Principals p1p1 p2p2 p3p3 (q 0, [p 0 ]) (q 1,[p 1,p 0 ]) p4p4 p5p5 (p 0, ((pf 4 )(pf 5 ))))(p 1,((pf 4 )(pf 5 ))) p0p0 p0p0 (q 2,[p 1,p 0,p 2 ]) q 2 ’s result is FALSE acl(q 2 ) = {p 0 } Security Policies q3q3 pf 4  (P 0, (TRUE) K0 ) pf 5  (P 1, (FALSE) K1 ) q4q4 p0p0

31 Related Work Rule-based Authorization –Cerberus [Al-Muhtadi, Ranganathan, Cambell, Mickunas] PerCom 2003 –[Myles, Friday, Davies] IEEE Pervasive Computing 2003 Role-based Access Control –Generalized RBAC [Covington, Ahamad, Srinivasan] SACMAT 2001 –OASIS [Bacon, Moody, Yao] SACMAT 2002 Trust Management System –SD3 [Jim] IEEE S&P 2001

32 Summary Distributed authorization system that addresses the issue of confidential rules and facts Proof decomposition based on integrity policies Recursive encryption facilitates information sharing among principals Future work includes the evaluation of the performance and scalability

33 Questions

34 Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

35 Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

36 Trusted Proof Tree A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Handler Query Proof

37 First-Responder Scenario First Responder Situation Monitor Server Role Server of Fire Department Location Server Role Server of Incident Management System Request Role Membership Query Role membership query Location Query Responder Assistance Integrity Confidentiality

38 Current Status and Future Work Prototype implementation based on XProlog Evaluation of the performance and scalability User feedback mechanism

Download ppt "Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Access Control Methodologies

Access Control Methodologies
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Safety in Discretionary Access Control for Logic-based Publish-subscribe Systems Kazuhiro Minami, Nikita Borisov, and Carl A. Gunter University of Illinois.

Safety in Discretionary Access Control for Logic-based Publish-subscribe Systems Kazuhiro Minami, Nikita Borisov, and Carl A. Gunter University of Illinois.
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
1 Secure Context-sensitive Authorization 2005 Author : Kazuhiro Minami, David Kotz Presented by Shih Yu Chen.

1 Secure Context-sensitive Authorization 2005 Author : Kazuhiro Minami, David Kotz Presented by Shih Yu Chen.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.

An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Distributed Computer Security 8.2 Discretionary Access Control Models - Sai Phalgun Tatavarthy.

Similar presentations

Ads by Google