Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy."— Presentation transcript:

1

2 Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy

3 2 Logistics Please plan to meet with me over this week to discuss project progress and issues Office hours Friday 2-3:30PM

4 3 Overview Last lecture Overview of Trust Management [BFL96] RT syntax and examples [LMW02] Today Translating RT into datalog; algorithmic results [LMW02] Distributed credential chain discovery [LWM01]

5 4 Translating RT 1 to Datalog Type I: A.R  D to isMember(D, A.R) Type II: A.R  B.R1 to isMember(?z, A.R)  isMember(?z, B.R1) Type III: A.R  A.R1.R2 to isMember(?z, A.R)  isMember(?x, A.R1), isMember(?z,?x.R2) Type IV: A.R  B1.R1  B2.R2  …  Bn.Rn to isMember(?z, A.R)  isMember(?z, B.R1),…, isMember(?z,B.Rn)

6 5 Translation (2) isMember(?z, A.r(h1,…,hn)) to member(A, r, h1,…, hn, ?z) Trans(C): Datalog program resulting from translation of RT 1 credentials C Implications of C: Set of membership relations implied by C

7 6 RT 1 is tractable Theorem: Given a set C of RT 1 credentials, the implications of C can be computed in time O(MN v+2 ), where Each credential of C has at most v variables Each role name has at most p arguments N 0 is the number of credentials in C N = max(N 0, pN 0 ) M is the size of C A.r  f 1  f k has size k, other credentials have size 1

8 7 Example RT Credentials A.R i  A.R i+1 for i=1,…,K-1 A.R K  Alice, A.R K  Bob Translation 1. isMember(?z, A. R i )  isMember(?z, A.R i+1 ) for i=1,…,K-1 2. isMember(Alice, A.R K ), isMember(Bob, A.R K ) Start from ground facts; repeatedly apply rule 1 to infer implications in time O((K+1)*2) p = 0, v = 0, N 0 = K + 1, N =K+1, M = K + 1 O(MN v+2 ) = O((K+1)*(K+1) 2 ) Translation only introduces only one dummy variable because no linked roles, so (v+1) instead of (v+2)

9 8 Summary Similar translations into Datalog and tractability results for other languages in the RT family This is an advantage of RT over other formalisms for distributed access control, e.g. Lampson et al logic (for which the implication problem is undecidable)

10 9 Overview Last lecture Overview of Trust Management [BFL96] RT syntax and examples [LMW02] Today Translating RT into datalog; algorithmic results [LMW02] Distributed credential chain discovery [LWM01]

11 10 Goal-directed Chain Discovery Three kinds of queries and algorithms for answering them in RT 0 : 1. Given A.r, determines its members – The backward search algorithm 2. Given D, determines the set of roles that D is a member of – The forward search algorithm 3. Given A.r and D, determines whether D is a member of A.r – The Bi-direction search algorithm

12 11 Why Develop These Algorithms? The queries can be answered using logic programs however, this requires collection of all credentials in the system The backward algorithm is a goal-directed top- down algorithm The forward algorithm is a goal-directed bottom- up algorithm Distributed discovery requires combination of both

13 12 Credential Graph G C Nodes: A.r and e for each credential A.r  e in C Credential edges: e  A.r for each credential A.r  e in C Summary edges: B.r 2  A.r 1.r 2 if there is a path from B to A.r 1 D  A 1.r 1  …  A k.r k if there are paths from D to each A j.r j Reachability in the credential graph is sound and complete wrt. the set-theoretic semantics of RT 0

14 13 An Example Credential Graph StateU.stuID EPub.university ABU.accredited StateU Alice ACM.member EOrg.preferred EPub.university.stuID EPub.student EPub.spdiscount EPub.student  EOrg.preferred Credential Summary Key

15 14 The Backward Search Algorithm (Overview) Goal: Given A.r, determines its members The backward algorithm : each node stores outgoing edges each node stores entities that can reach it new edges are created in the reverse direction solutions are propagated forward

16 15 Backward Search In Action 2: EPub.student 4: EPub.university.stuID 6: EPub.university8: ABU.accredited9: StateU StateU 10: StateU.stuID 0: EPub.spdiscount 1: EPub.student  EOrg.preferred 3: EOrg.preferred5: ACM.member7: Alice Alice

17 16 The Forward Search Algorithm (Overview) Starts with one entity node Constructs a proof graph Each node in the graph stores its solutions: roles that this node can reach (is a member of ) Maintains a work list of nodes need to be processed Algorithm Outline: keep processing nodes in the work list until it is empty

18 17 Forward Search In Action ABU.accredited 0: Alice StateU.stuID EPub.student 3: ABU.accredited 2: StateU 6: EPub.university 1: StateU.stuID ABU.accredited EPub.university EPub.student 7: Epub.university.stuID 9: EPub.student EPub.student 1. StateU.stuID  Alice 2. ABU.accredited  StateU 3. EPub.university  ABU.accredited 4. EPub.student  EPub.university.stuID 5: ABU8: EPub4: ABU.accredited.stuID

19 18 Worst-Case Complexity Backward: time O(N 3 +NM), space O(NM) N is the number of rules M is the sum of the sizes of all rules, A.r  f 1  f k having size k, other credentials have size 1 Forward: time O(N 2 M), space O(NM) However, this is goal oriented, making it much better in practice

20 19 Bidirectional Search The bi-direction search algorithm combines backward search and forward search Bidirectional(e, D) Two queues: Forward processing and backward processing queue Iteratively remove and process node until both queues are empty Each node e stores Backward solutions, backward monitors Full and partial forward solutions, forward monitors

21 20 Distributed Storage of Credentials Example: 1. EOrg.preferred  ACM.member 2. ACM.member  Alice Who should store a credential? either issuer or subject It is not reasonable to require that all credentials are stored by issuers, or, all are stored by subjects.

22 Alice EPub StateU ABU 3. ABU.accredited  StateU 1. COE.stuID  Alice 4. EPub.university  ABU.accredited 5. EPub.student  EPub.university.stuID Who stores these statements? 2. StateU.stuID  COE.stuID COE

23 22 Traversability of Edges and Paths StateU.stuID Alice EPub.university.stuID EPub.student EPub.university ABU.accredited StateU Backward (Issuer stored) Forward (Subject stored) Key Confluent Idea: Confluent paths can be discovered by bidirectional search An edge B.r 2  A.r 1.r 2 has the same traversability as B  A.r 1

24 23 How to Ensure that Every Path is Confluent? Goal: Use constraints local to each credential to ensure that every path is confluent Approach: give each role name a traceability type introduce a notion of well-typed credentials Main idea: by requiring consistent storage strategy at role name level, guarantee chains using well-typed credentials are confluent

25 24 Types of Role Names A role name has two types: Issuer side: issuer-traces-all issuer-traces-def (e.g. A1.r  A2.r  A3.r) issuer-traces-none Subject side: subject-traces-all subject-traces-none

26 25 Well-typedness of Role Names

27 26 Typing role expressions

28 27 Well-typed Credentials

29 28 Example

30 29 Example (contd)

31 30 Properties

32 31 Benefits of the Storage Type System Guarantees that chains of well-typed credentials can be discovered Enables efficient chain discovery by telling the algorithm whether forward or backward search should be used for an intermediate query

33 32 Acknowledgement Slides for the second part of the lecture were based, in part, on slides from Ninghui Li and John Mitchell.

Download ppt "Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy."

Similar presentations

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)
Big Ideas in Cmput366. Search Blind Search State space representation Iterative deepening Heuristic Search A*, f(n)=g(n)+h(n), admissible heuristics Local.

Big Ideas in Cmput366. Search Blind Search State space representation Iterative deepening Heuristic Search A*, f(n)=g(n)+h(n), admissible heuristics Local.
Inference Rules Universal Instantiation Existential Generalization

Inference Rules Universal Instantiation Existential Generalization
CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt 3.0-3.4) Sept, 11, 2013.

CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt ) Sept, 11, 2013.
Evaluating “find a path” reachability queries P. Bouros 1, T. Dalamagas 2, S.Skiadopoulos 3, T. Sellis 1,2 1 National Technical University of Athens 2.

Evaluating “find a path” reachability queries P. Bouros 1, T. Dalamagas 2, S.Skiadopoulos 3, T. Sellis 1,2 1 National Technical University of Athens 2.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Reasoning About Code; Hoare Logic, continued

Reasoning About Code; Hoare Logic, continued
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
Artificial Intelligence Inference in first-order logic Fall 2008 professor: Luigi Ceccaroni.

Artificial Intelligence Inference in first-order logic Fall 2008 professor: Luigi Ceccaroni.
Methods of Proof Chapter 7, second half.. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound)

Methods of Proof Chapter 7, second half.. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound)
Methods of Proof Chapter 7, Part II. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound) generation.

Methods of Proof Chapter 7, Part II. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound) generation.
Propositional Logic Reading: C. 7.4-7.8, C. 8. 2 Logic: Outline Propositional Logic Inference in Propositional Logic First-order logic.

Propositional Logic Reading: C , C Logic: Outline Propositional Logic Inference in Propositional Logic First-order logic.
Rule based Trust management using RT - second lecture Sandro Etalle thanks to Ninghui Li - Purdue William H. Winsborough – University of Texas S. Antonio.

Rule based Trust management using RT - second lecture Sandro Etalle thanks to Ninghui Li - Purdue William H. Winsborough – University of Texas S. Antonio.
1 EE5900 Advanced Embedded System For Smart Infrastructure Static Scheduling.

1 EE5900 Advanced Embedded System For Smart Infrastructure Static Scheduling.
Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt 5.0-5.1) February, 23, 2009.

CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt ) February, 23, 2009.
CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt 3.0-3.3) January, 12, 2009.

CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt ) January, 12, 2009.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

Similar presentations

Ads by Google