1. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Six – Policy February 16, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Announcements Mid-term Next week –1 hour – at start of lecture –Closed book –Essay question –Perhaps list as a question Today –Two student presentations ▪Xen -Arun Viswanathan ▪HIPAA – Sunil Raga –Discussion of policy

3. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE The Importance of Policy Basic building blocks of security well understood, but problem persist because: –Vulnerabilities in implementation, configuration and complexity of interactions. –Building blocks deployed without “glue” Security demands flexible and adaptable ways to tell parts of the system what access to allow: –Systems can only enforce rules that are specified –Today’s applications take myopic view and are unable to adapt to attack

4. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE The hard problems remain How to manage dynamic policies in a federated environment. How to simplify policy specification. What kinds of policies work best. –Can standard policy templates be created that correspond to the intrinsic policies that people expect, corresponding to common business, personal, government, or national security interactions.

5. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security for Weakly Managed Systems Security in federated environments –Assets managed by different organizations –Resolution of conflict in security policies –Support for dynamic management of policy across organizations –Assessment of trustworthiness based on observation and shared reputation

6. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security for Weakly Managed Systems Managing the unmanageable –Desktops, Laptops, Employee home machines –Sensors and actuators in the field –May be under multiple management domains ▪Employer, school, sensors on links between organizations –Need to support joint management –Need to prevent cross-domain connection through shared asset. –Need assurance of provenance of peer.

7. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Policy Sources Sources of Policy –Application implementers –Service providers –Content providers –Legislation –Employers –Individuals

8. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Policy Storage Where are policies stored –Carried with objects –Included in credentials –Stored with the entities that enforce it –Retrieved remotely

9. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Policy Enforcement Places where policy enforced –Network admission / routers –Servers providing information –Mail servers other infrastrcture –End devices

10. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Policy Effects What Policy Says to Do –Protect data in the hands of others –Determine when to release data –Decide when to allow changes to data –Determine peer relationships

11. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE When Policy Enforced When Policies are Enforced –When data requested –When data subsequently used –Pre-computed when connection established

12. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Focus of Trusted Computing To date, the better understood parts of trusted computing is the mechanism. –Policy is understood in support of the mechanism. But mechanism must support policy, and that policy is the part that is not well understood. –What do we want TC to do.

13. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Suggested Policy Model Separate policy into: –Basic policies enforced through trusted computing. –Fine-grained policies enforced by the trusted components. –Precomputed policies that say how pieces fit together.

14. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Authorization in TVSA First level provides coarse-grained authorization –Almost capability like –Based on being in the right virtual system. Fine grained mediated within VS –The apps running in the VS must enforce fine- grained policies if needed. Some policy pre-computed –Negotiation of access and obligation takes place when components join a virtual system.

15. Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Discuss Policy using TVSA Rings represent Precomputed policy Virtual System identifiers used to enforce simple policies. Fine grained policies enforced by the individual components embedded within the rings to the right. BNKBNK Qk n Br s WEBWEB OSOS DRMDRM PRVPRV