Download presentation
Presentation is loading. Please wait.
1
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000
2
Access Control Challenge Enforcement of highly expressive access control policies to support context-specific requirements of digital libraries.
3
General-Purpose Policy Enforcement
4
Context-Specific Policy Enforcement
5
Limitations of traditional access control mechanisms Fixed set of abstractions –objects are files, directories, etc. –actions are read, write, execute, etc. Limited expressiveness for policies Not easily extended for complex or fine- grained policies
6
Requirements for new contexts Architecture that supports behavior-centric policy enforcement Policy definition languages that are flexible Highly secure enforcement mechanism Support for mobile code and mobile computing environments
7
Policy Enforcement Continuum repository-centric object-centric Digital Objects
8
Generalization Digital objects can be treated as generic entities, even if they are very specialized in some ways Generic policies can address the non-specific nature of a digital object or a collection of digital objects “Only repository managers can delete objects from the collection.”
9
Specialization Digital objects can have object-specific policies associated with them Policies may be fine-grained or idiosyncratic General-purpose enforcement mechanisms will not easily accommodate these policies, if at all
10
Example: Object-specific policy Users can access Lecture Object “A” according to the following rules : Access High Resolution Video Access Low Resolution Video Access Slides 1-20 Access Slides 21-25 Access Descriptive Metadata Cornell student credential Cornell student credential or pay fee No restriction Cornell student credential No restriction
11
Policy-Carrying, Policy-Enforcing Digital Objects - motivation Semantics of policies should parallel the behavioral semantics of real-world entities Decentralized policy management Extensibility for policies and mechanisms Portability and Mobile computing (policies move with the objects)
12
Experiments: Building on existing work Fedora - digital object and repository architecture (Payette and Lagoze, 1998, 2000) Security Automata (Schneider, 1999) PoET - Policy Enforcement Toolkit (Erlingsson and Schneider, 1999, 2000)
13
Fedora Digital Object Model Disseminations Generic interface Data Stream Data Stream Data Stream Extensible Mechanism Encapsulated service request Primitive Disseminator Typed Disseminator Internal stream
14
Fedora - Behaviors Lecture Archive Content Disseminations Video-H (mpeg) metadata (xml) Lecture Mechanism slide-2 (gif) slide-1 (gif) Video-L (mpeg) Dublin Core GetVideo(quality) GetSlide(seqNum) GetSyncData GetDCRecord GetDCField(name)
15
Security Automata Theoretical basis for specifying policies that are enforceable, flexible, and fine-grained Policies are modeled as finite-state machines Enforcement mechanism simulates automaton, preventing executions that violate policy Source: Schneider, 1999
16
Example: Simple Security Automata Descriptive Metadata Accessed Lesson 1 Video Accessed Present Cornell ID “After viewing descriptive metadata, ONLY Cornellians can access the Lesson 1 video.”
17
Policy Enforcement Toolkit (PoET) Implements In-line Reference Monitors (IRMs) that simulate security automata Mediates all executions upon a system, application, or object Modifies bytecode to embed policies (trusted program rewriter) Converts java applications to secured applications Source: Erlingsson and Schneider, 1999, 2000
18
PoET - how it works POLICY in PSLang POLICY in PSLang PoET Rewriter PoET Class Loader Modified Bytecode (policy embedded) JVM Program runs (obeys policy) Java Bytecode Source: Erlingsson and Schneider, 1999, 2000
19
Fedora and PoET Content Disseminations Video-H Policy-L (psl) Guarded Lecture Mechanism Lecture Archive Video-L Default Policy Dublin Core Java bytecode in-lined with policies slide-2 (gif) slide-1 (gif) metadata (xml)
20
The Overall Result * High resolution video (students only) * * Low Resolution video (students; others with fee) * * Slides (#1-20 all users; #21-25 students only) * Content Disseminations Guarded Lecture Mechanism Lecture Archive Dublin Core
21
Challenges and Future Work Ramp up - enforcement of more complex policies, more object types Examine tension between object-centric vs. repository centric policy enforcement Mobile computing - trust schemes to support policy enforcement as objects move “Intentional” policies and dynamic binding Preservation application of security automata - detect unacceptable transitions
22
References - Fedora Payette, Sandra and Carl Lagoze, “Flexible and Extensible Digital Object and Repository Architecture,” ECDL98, Heraklion, Crete, September 21-23, 1998, Springer, 1998, (Lecture notes in computer science; Vol. 1513). http://www.cs.cornell.edu/payette/papers/ecdl98/fedora.html Payette, Sandra, Christophe Blanchi, Carl Lagoze, and Edward Overly, “Interoperability for Digital Objects and Repositories: The Cornell/CNRI Experiments,” D-Lib Magazine, May 1999. http://www.dlib.org/dlib/may99/payette/05payette.html Payette, Sandra and Carl Lagoze, Policy-Carrying, Policy-Enforcing Digital Objects, accepted by Fourth European Conference on Research andAdvanced Technology for Digital Libraries, Portugal, Springer, 2000, (Lecture notes in computer science), draft available at http://www.cs.cornell.edu/payette/papers/ecdl2000/pcpe-draft.ps Payette, Sandra and Carl Lagoze, Value Added Surrogates for Distributed Content: Establishing a Virtual Control Zone, D-Lib Magazine, June 2000, http://www.dlib.org/dlib/june00/payette/06payette.html
23
References: Security Automata and PoET Schneider, Fred B., “Enforceable Security Policies,” Computer Science Technical Report #TR98-1664, Department of Computer Science, Cornell University, July 24, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR98-1664 Erlingsson, Ulfar and Fred B. Schneider, “SASI Enforcement of Security Policies: A Retrospective,” Computer Science Technical Report #TR99-1758, Department of Computer Science, Cornell University, July 19, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR99-1758 Erlingsson, Ulfar and Fred B. Schneider, “IRM Enforcement of Java Stack Inspection,” Computer Science Technical Report #TR2000-1786, Department of Computer Science, Cornell University, February 19, 2000, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR2000-1786
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.