Download presentation
Presentation is loading. Please wait.
Published byAvis Ryan Modified over 9 years ago
1
CSIIR Workshop March 14-15, 20051 Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth Security Information Center Fermi National Accelerator Laboratory IBM
2
CSIIR Workshop March 14-15, 2004 2 Organization Grand Challenges –Problems –Requirements PRIMA – a privilege-based approach –Models –Architecture/Mechanisms Research challenges –Policy –Obligations –Enforcement –Usability Relationship to I3P and Workshop Themes
3
CSIIR Workshop March 14-15, 2004 3 Grand Challenge Problems Societal infrastructures “Develop tools and principles that allow construction of large-scale systems for important societal applications that are highly trustworthy despite being attractive targets.” Dynamic, pervasive computing environments “For the dynamic, pervasive computing environments of the future, give computing end-users security they can understand and privacy they can control. From: CRA Workshop on “Grand Research Challenges in Information Security and Assurance,” November 2003.
4
CSIIR Workshop March 14-15, 2004 4 Cyber Infrastructure Requirements Grand ChallengeAttributeRequirement Societal infrastructures large scale distributed authority distributed trust establishment trustworthy predictable responsive to environment Dynamic, pervasive computing environments understandable familiar paradigm unified principle controllable restricted rights assignment differential confidence
5
CSIIR Workshop March 14-15, 2004 5 PRIMA Models
6
CSIIR Workshop March 14-15, 2004 6 PRIMA Properties Grand Challenge AttributeRequirementPRIMA Model Property Societal infrastructure large scale distributed authority PM: privilege creation and delegation distributed trust establishment TM: user-centric trust PM: direct privilege management trustworthy predictableAM/PM: dynamic policy responsive to environment AM: adaptive policy Dynamic, pervasive computing environments understandable familiar paradigmPM: privilege concept unified principlePM: privilege concept controllable restricted rights assignment PM: least privilege access differential confidence TM: incremental trust PM: selective control of privileges
7
CSIIR Workshop March 14-15, 2004 7 Privilege Structure Privilege Properties Fully associated Directly applicable Time limited Externalized Secure Non-repudiation Implementation Container: X.509 Attribute Certificate Privilege: XACML rule construct
8
CSIIR Workshop March 14-15, 2004 8 Enforcement Concepts Policy Enforcement Point (PEP) checks privileges for: –Applicability (to resource and requestor) –Validity (of time frame and signature) –Authority (with respect to privilege management policy) All permissible privilege constitute a dynamic policy for a request Policy Decision Point (PDP): –Makes coarse decision –Adds obligations for PEP
9
CSIIR Workshop March 14-15, 2004 9 Dynamic Policy
10
CSIIR Workshop March 14-15, 2004 10 Obligations Additional constraints to an authorization decision If PEP cannot fulfill an obligation then it disallows access Obligation address the mismatch in level of detail between request and policies Obligations help in maintaining system state
11
CSIIR Workshop March 14-15, 2004 11 Research Challenges: Policy What can be adapted from software engineering research for policy: –Testing –Debugging –Formal Analysis –Requirements engineering Policy extensions –Threat/environment aware
12
CSIIR Workshop March 14-15, 2004 12 Research Challenges: Obligations Granularity mismatch –Too many rights to be externalized –Partially addressed by dynamic policy With respect to the request –Need to add restrictions finer-grained than request
13
CSIIR Workshop March 14-15, 2004 13 Research Challenges: Enforcement Evaluation of mechanisms –Dynamic user accounts –Virtual machine/sandboxing –Service containers Model –Distributing privileges to dynamically provision an execution environment, vs. –Pre-provisioning an execution environment and distributing a privilege for it
14
CSIIR Workshop March 14-15, 2004 14 Research Challenges: Usability What are the right conceptual models? –Privileges –Roles –Others? Several? Combinations? How can users manage their rights? –P3P –Shibboleth release policies –Least-privilege control
15
CSIIR Workshop March 14-15, 2004 15 Addressing I3P and Workshop Themes Enterprise Security Management Policy definition and management Trust among Distributed Autonomous Parties PRIMA trust model Least privilege access Fully decentralized mechanisms Discovery/Analysis of Security Properties and Vulnerabilities Policy testing Policy analysis using formal methods Secure System and Network Response and Recovery Threat-aware policies Traceback, Identification, and Forensics Privilege validation (signing, non-repudiation) Obligations Insider ThreatsSeparation of duties through privilege restrictions Life-cycle ThreatsPolicy requirements engineering Distributed Ad Hoc Trust/Multi-Level Trust Privilege management Secure execution environments I3P Agenda Workshop Themes
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.