Download presentation
Presentation is loading. Please wait.
Published byClaire McCurdy Modified over 11 years ago
1
4 June 2002© 2001-2 TrueTrust Ltd1 PMI Components Oleksandr Otenko Research Student ISSRG, University of Salford http://sec.isi.salford.ac.uk/
2
4 June 2002© 2001-2 TrueTrust Ltd2 Traditional Applications Authentication and Authorisation are Internal to the Application UserName/ Password Lists Access Control Lists Multiple passwords Multiple usernames Confusion!! Multiple Administrators High cost of administration No overall Security Policy
3
4 June 2002© 2001-2 TrueTrust Ltd3 Enter PKI Authentication is External to the Application Access Control Lists One password or pin to access private key Happy Users! Multiple Administrators High cost of administration No overall Security Policy Digital Signature Public Key Infrastructure Application Gateway
4
4 June 2002© 2001-2 TrueTrust Ltd4 Enter PMI Authentication and Authorisation are External to the Application One password or pin to access private key Happy Users! Fewer Administrators Lower cost of admin Overall Security Policy Digital Signature Public Key Infrastructure Application Gateway Privilege Management Infrastructure
5
4 June 2002© 2001-2 TrueTrust Ltd5 X.812|ISO 10181 Access Control Framework ADF Initiator Target Submit Access Request Present Access Request Decision Request Decision AEF
6
4 June 2002© 2001-2 TrueTrust Ltd6 ADF API Decision Request Decision AEF ADF Examples: OpenGroup AZN API IETF GAA API PERMIS API Application specific Application independent
7
4 June 2002© 2001-2 TrueTrust Ltd7 PERMIS API System Structure ADF The PERMIS PMI API Initiator Target Submit Signed Access Request Present Access Request Decision Request Decision LDAP Directory Retrieve Policy and Role ACs AEF Authentication Service Application Gateway PERMIS API Implementation PKI
8
4 June 2002© 2001-2 TrueTrust Ltd8 PERMIS PMI Components Privilege Policy Schema/DTD –This defines the rules that govern the creation of the Privilege Policy (Access Control Policy) Privilege Allocator –This tool allows an administrator to create and sign Attribute Certificates, including a Policy AC (this is a signed version of the Privilege Policy), and store them in an LDAP directory The PERMIS PMI Implementation –This grants or denies Initiators access to resources, based on the Privilege Policy and the ACs of the Initiator. The ADF is accessed via the PERMIS API
9
4 June 2002© 2001-2 TrueTrust Ltd9 Application Specific Components The Access Enforcement Function –Its task is to ensure the Initiator is authenticated by the PKI, then to call the ADF, and give access to the target if allowed The PKI –Any standard conforming PKI can be used Java PKCS#11-like Interface to the PERMIS PMI The Privilege Policy in XML –This must be written according to the schema/DTD LDAP Directory –To store the Policy and Initiator ACs
10
4 June 2002© 2001-2 TrueTrust Ltd10 Permis RBAC Users Roles Targets/ Actions Subject Policy + SOA Policy Bill Mary Fred Jane Manager Project Leader Team Leader Employee Role Hierarchy Policy Role Assignment Policy + Delegation Policy Target Policy + Action Policy Salary Increases Access Building Delete Files Read Files Sign Orders Role Specification Policy (Target Access Policy )
11
4 June 2002© 2001-2 TrueTrust Ltd11 PERMIS X.509 PMI RBAC Policy Role Based Access Control Policy written in XML Initiators are given Role Assignment ACs A role is loosely defined as any Attribute Type and Attribute Value Role values can form a hierarchy, where superiors inherit the privileges of their subordinates e.g. CTO>PM>TL>TM ACs can be issued by any trusted AA Access is based on the Roles
12
4 June 2002© 2001-2 TrueTrust Ltd12 An Example Set of Roles Chartered Architect ISO 9000 Chief Architect SOA= Royal College of Architects SOA= BSI Architect Junior Architect SOA= Company Managing Director
13
4 June 2002© 2001-2 TrueTrust Ltd13 Role Assignment Policy Components SOA Policy –Specifies who is trusted to issue ACs Subject Policy Role Hierarchy Policy Role Assignment Policy
14
4 June 2002© 2001-2 TrueTrust Ltd14 Subject Policy Users Roles Targets/ Actions Subject Policy + SOA Policy Bill Mary Fred Jane Manager Project Leader Team Leader Employee Role Hierarchy Policy Role Assignment Policy + Delegation Policy Target Policy + Action Policy Salary Increases Access Building Delete Files Read Files Sign Orders Role Specification Policy (Target Access Policy ) –Specifies subject domains based on LDAP subtrees
15
4 June 2002© 2001-2 TrueTrust Ltd15 An Example Subject Policy
16
4 June 2002© 2001-2 TrueTrust Ltd16 Role Hierarchy Policy Users Roles Targets/ Actions Subject Policy + SOA Policy Bill Mary Fred Jane Manager Project Leader Team Leader Employee Role Hierarchy Policy Role Assignment Policy + Delegation Policy Target Policy + Action Policy Salary Increases Access Building Delete Files Read Files Sign Orders Role Specification Policy (Target Access Policy ) –Specifies hierarchy of role values
17
4 June 2002© 2001-2 TrueTrust Ltd17 An Example Role Hierarchy Policy TenderOfficer TenderClerk Tenderer
18
4 June 2002© 2001-2 TrueTrust Ltd18 Role Assignment Policy Users Roles Targets/ Actions Subject Policy + SOA Policy Bill Mary Fred Jane Manager Project Leader Team Leader Employee Role Hierarchy Policy Role Assignment Policy + Delegation Policy Target Policy + Action Policy Salary Increases Access Building Delete Files Read Files Sign Orders Role Specification Policy (Target Access Policy ) –Says which roles can be given to which subjects by which SOAs, with which validity times and whether delegation is allowed
19
4 June 2002© 2001-2 TrueTrust Ltd19 An Example Role Assignment Policy
20
4 June 2002© 2001-2 TrueTrust Ltd20 Target Access Policy Components Target Policy –Specifies the target domains covered by this policy, using LDAP subtrees Action Policy –Specifies the actions (operations) supported by the targets, along with their allowed operands Target Access Policy
21
4 June 2002© 2001-2 TrueTrust Ltd21 Target Access Conditions A condition comprises: –a comparison operator –the LHS operand(variable), described by its source, name and type, and variable source is the action or the environment Eg. Source Read action, Name filename, Type string Eg. Source environment, Name time of day, Type time –a series of one or more variables or constant values against which the LHS operand is to be compared Conditions may be combined using AND, OR, NOT
22
4 June 2002© 2001-2 TrueTrust Ltd22 Target Access Policy Users Roles Targets/ Actions Subject Policy + SOA Policy Bill Mary Fred Jane Manager Project Leader Team Leader Employee Role Hierarchy Policy Role Assignment Policy + Delegation Policy Target Policy + Action Policy Salary Increases Access Building Delete Files Read Files Sign Orders Role Specification Policy (Target Access Policy ) –Specifies which roles are needed to access which targets for which actions, and under what conditions
23
4 June 2002© 2001-2 TrueTrust Ltd23 An Example Target Access Policy
24
4 June 2002© 2001-2 TrueTrust Ltd24 An Example Condition Statement <Constant Type="TimePeriod" Value= "DaysOfWeek=0111110 End=2001-10-01 LocalOrUTC=local Start=2001-06-01 TimeOfDay=T090000/T170000"/>
25
4 June 2002© 2001-2 TrueTrust Ltd25 Creating Your Own Policy If an XML expert, simply use your favourite text editor Or use an XML tool such as Xeena from IBM Alphaworks
26
4 June 2002© 2001-2 TrueTrust Ltd26 The Privilege Allocator A tool for creating Attribute Certificates
27
4 June 2002© 2001-2 TrueTrust Ltd27 The PERMIS API Three Simple Methods: getCreds, decision, finalize and a Constructor Written in Java and based on the OpenGroups AZN API Constructing the API object –Pass the name of the administrator, the OID of the policy and the URLs of the LDAP repositories –During construction, the API reads in the Policy AC and verifies its signature and OID
28
4 June 2002© 2001-2 TrueTrust Ltd28 The PERMIS API (cont) GetCreds –Pass the authenticated name (LDAP DN) of the subject –Pull mode, GetCreds retrieves the subjects ACs –Push mode, ACs are passed to GetCreds –ACs are validated and roles extracted Decision –Pass the target name, the action, and the parameters of the subjects request –Decision checks the request against the policy and returns Granted or Denied Finalize –Terminates the use of this policy
29
4 June 2002© 2001-2 TrueTrust Ltd29 Privilege Allocator LDAP directory Attribute Certificates + ACRLs SOA Remote Application User Privilege Policy INTERNET INTRANET PKI Certifies PK Certs+ PKCRLs Authorises Putting it altogether - Allocating Privileges LDAP directory
30
4 June 2002© 2001-2 TrueTrust Ltd30 Privilege Creation Steps SOA defines Privilege Policy using Privilege Allocator Privilege Policy is stored in LDAP directory as self signed Attribute Certificate SOA allocates privileges to user, in accordance with the Privilege Policy SOA can revoke user privileges SOA can update Privilege Policy
31
4 June 2002© 2001-2 TrueTrust Ltd31 E- Commerce Application Server LDAP directory Privilege Policy ACs + ACRLs + PK CRLs Remote Application User Digitally Signed Request (SSL or S/MIME) Privilege Verifier INTERNET INTRANET Granting User Access Application Gateway Accesses using privileges granted the user LDAP directory
32
4 June 2002© 2001-2 TrueTrust Ltd32 Example Applications Salford City Council - Electronic Tendering Barcelona Municipality - Car Parking Fines Bologna Comune - architects submitting building plans Electronic Prescription Processing
33
4 June 2002© 2001-2 TrueTrust Ltd33 Thank you! Alex Otenko Our site: http://sec.isi.salford.ac.uk/ PERMIS project: http://sec.isi.salford.ac.uk/permis/
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.