Presentation is loading. Please wait.

Presentation is loading. Please wait.

Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo.

Published byChristopher Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo."— Presentation transcript:

1 Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo

2 Introduction Electronic business transactions Parties in transaction don’t know each other Attacks can be launched to the transaction (negotiation) infrastructure Trust is required for transaction For buyers: Trust that sellers will provide services No disclosure of private buyer info For Sellers: Trust that buyers will pay for services Meet conditions for buying certain goods (age)

3 Introduction In an electronic business transaction, participants interact beyond their local security domain. Proposed framework: Adaptive Trust Negotiation and Access Control (ATNAC) Combination of two systems into an access control architecture for electronic business services TrustBuilder: Determines how sensitive information is disclosed GAA-API: For adaptive access control

4 GAA-API : Generic Authorization and Access-control API Middleware API Fine-grained access control Application level intrusion detection and response Can interact with Intrusion Detection Systems (IDS) to adapt network threat conditions It does not support trust negotiation and protection of sensitive policies.

5 GAA-API

6 TrustBuilder Trust negotiation system developed by BYU and UIUC Vulnerable to DoS attacks. Large number of TN sessions sent to server Having the server evaluate a very complex policy Having the server evaluate invalid or irrelevant credentials Attacks aimed at collecting sensitive information

7 ATNAC Combines an access control and a TN system to avoid the problems that each has on its own. Supports fine-grained adaptive policies Protection based on perceived suspicion level Uses feedback from IDS systems Reduces computational overhead Associates less restrictive policies with lower suspicion levels.

8 ATNAC (2) GAA-API Access control policies for resources, services and operations Policies are expressed in EACL format TrustBuilder Enforces sensitive security policies Uses X.509v3 digital certificates Uses TPL policies

9 ATNAC Framework

10 Suspicion Level Indicates how likely it is that the requester is acting improperly. A separate SL is maintained for each requester of a service. Has three components: S DOS : Indicates probability of a DoS attack from the requester S IL : For sensitive information leakage attempts S o : Indicates other suspicious behavior SL is increased as suspicious events occur and decreased as “positive” events occur.

11 ATNAC operation The Analyzer identifies requesters that generate unusually high numbers of similar requests and increment S DoS In a trust negotiotion process, credentials sent by client must match credentials requested by the system otherwise S DoS set to 1. If either S DoS, S IL or S o > 0.9, the system will block the requester at the firewall If S Il > threshold. Trust Builder will impose stricter sensitive credential release policies. As S IL increases, GAA-API uses tighter access control policies

12 ATNAC operation - example

13

14 Conclusions ATNAC = framework for protecting sensitive resources in e-commerce Trust negotiation useful for access control and authentication. ATNAC dynamically adjusts security policies based on suspicion level System protects against DoS attacks on the service provider Guards against sensitive information leaks.

Download ppt "Adaptive Trust Negotiation and Access Control Tatyana Ryutov, et.al. Presented by: Carlos Caicedo."

Similar presentations

Internet of Things Security Architecture

Internet of Things Security Architecture
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Cryptography and Network Security

Cryptography and Network Security
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)
Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.

Responding to Policies at Runtime in TrustBuilder Bryan Smith, Kent E. Seamons, and Michael D. Jones Computer Science Department Brigham Young University.
Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements.

Agenda Trust negotiation frameworks Introduction TrustBuilder Trust-X Laboratory assignment #2 IPSec review IPSec connections and configuration requirements.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authorization.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authorization.
The Traust Authorization Service A. Lee, M. Winslett, J. Basney, and V. Welch University of Illinois at Urbana-Champaign www.iti.uiuc.edu Goal: A scalable.

The Traust Authorization Service A. Lee, M. Winslett, J. Basney, and V. Welch University of Illinois at Urbana-Champaign Goal: A scalable.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
1 Clark Wilson Implementation Shilpa Venkataramana.

1 Clark Wilson Implementation Shilpa Venkataramana.

Similar presentations

Ads by Google