Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San.

Published byJuniper Jackson Modified over 8 years ago

Similar presentations

Presentation on theme: "Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San."— Presentation transcript:

1 Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San Antonio

2 Problem 2 phases in access control system design How do we know 1 and 2 are consistent? – That is, that they have the same behavior wrt authorization state Policy Specification Policy Enforcement Concerned about precise conditions for authorization to hold Concerned about how to enforce the policy

3 Goal Investigate a methodology to show consistency Approach – Pick a specific application domain – Design a “stateless” policy specification – Develop a “stateful” enforcement specification – Show authorization equivalence

4 Stateless Policy Specification Focus on conditions under which authorization should hold History of actions that can lead to access – E.g. Alice can access an object if in the past she had paid membership dues up to current time Linear Temporal Logic (LTL) – Excellent fit to specify stateless policies

5 First-Order Linear Temporal Logic Extends familiar first-order logic with temporal operators Consider “Henceforth” and “Since” operators Join (u,g) ¬Leave (u,g) ¬Leave (u,g) S Join (u,g) s0s1s2s3s4s5 s0s1s2s3s4s5 p pppp

6 Application Domain Group-centric secure information sharing (g-SIS)

7 Group-centric Secure Information Sharing (g-SIS) GROUP Authz(U,O,R)? Join Leave Add Remove Users Objects Strict Join Strict Leave Liberal Add Liberal Remove Liberal Join Liberal Leave Strict Add Strict Remove Users Objects GROUP Authz(U,O,R)?

8 Group Operation Semantics Strict Vs Liberal operations – User operations (SJ, LJ, SL, LL) – Object operations (SA, LA, SR, LR) SJ (u) u not authorized to access objects added prior to join time SA (o) Users joining after add time not authorized to access o LL (u) u retains access to objects authorized at leave time LR (o) Users authorized to access o at remove time retain access

9 π -system g-SIS Specification: Add after Join Add before Join Well-formed traces The π-System g-SIS Specification (contd) Well-formedness constraints rule out invalid traces Examples:1. user joining and leaving in the same state 2. leaving before joining

10 Stateful Specification Consists of three modules state 0 state 1 phase 1 phase 2 2.12.2 Capture action+authz requests (Module 1) Process action requests (Module 2) Process authz requests (Module 3) interval 0 Module 2 maintains and manages data structures  Keeps track of historical joins and leaves and adds and removes for users and objects Module 3 consults with that data structure

11 Mapping Stateless and Stateful state 0 state 1 SJ(u,g) SA(o,g) Authz(u,o,g) SL(u,g) ¬ Authz(u,o,g) A sample stateless trace state 0 state 1 phase 1 phase 2 phase 1 phase 2 SJReq(u,g) SAReq(o,g) isAuthz(u,o,g) 1. Process user & object events & update data structure 2. Check for authz SLReq(u,g) isAuthz(u,o,g) 1. Process user & object events & update data structure 2. Check for authz Corresponding stateful trace below α-mapping β-mapping

12 Authz stateful ↔ Authz stateless Lemma 3 – for every trace in stateless, an alpha-mapped action trace exists in stateful Lemma 4 – for every trace in stateful, a beta-mapped action trace exists in stateless Lemmas 3 and 4 together prove authorization equivalence

13 Future Work We assumed a centralized, ideal situation Distributed enforcement model (PIPs, PDPs, PEPs, etc.) – Next step towards real policy enforcement – Proving equivalence is very difficult E.g. staleness of authorization info due to network delay Stale-safe equivalence with respect to centralized specification feasible – E.g. in the presence of stale information, a user should be authorized for an action only if it was authorized using accurate information in the recent past Currently investigating for g-SIS application

Download ppt "Authorization Policy Specification and Enforcement for Group-Centric Secure Information Sharing Ram Krishnan and Ravi Sandhu University of Texas at San."

Similar presentations

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.

INSTITUTE FOR CYBER SECURITY 1 Trusted Computing Models Prof. Ravi Sandhu Executive Director and Endowed Chair Institute for Cyber Security University.
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010

1 Trust Evidence in Heterogeneous Environments: Towards a Research Agenda Ravi Sandhu Executive Director and Endowed Professor May 2010
Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.

Towards Secure Information Sharing Models for Community Cyber Security Ravi Sandhu, Ram Krishnan and Gregory B. White Institute for Cyber Security University.
Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.

Stale-Safe Security Properties for Secure Information Sharing Ram Krishnan (GMU) Jianwei Niu (UT San Antonio) Ravi Sandhu (UT San Antonio) William Winsborough.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.

11 World-Leading Research with Real-World Impact! A Lattice Interpretation of Group-Centric Collaboration with Expedient Insiders Khalid Zaman Bijon, Tahmina.
Chapter 1 Overview of Databases and Transaction Processing.

Chapter 1 Overview of Databases and Transaction Processing.
CS3771 Today: deadlock detection and election algorithms  Previous class Event ordering in distributed systems Various approaches for Mutual Exclusion.

CS3771 Today: deadlock detection and election algorithms  Previous class Event ordering in distributed systems Various approaches for Mutual Exclusion.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.

Ram Krishnan PhD Candidate Dissertation Directors: Dr. Ravi Sandhu and Dr. Daniel Menascé Group-Centric Secure Information Sharing Models Dissertation.
Secure Operating Systems Lesson 0x11h: Systems Assurance.

Secure Operating Systems Lesson 0x11h: Systems Assurance.
Overview of Databases and Transaction Processing Chapter 1.

Overview of Databases and Transaction Processing Chapter 1.
CS603 Data Replication: Advanced March 1, 2002. Data Replication: What haven’t we Covered? Transparent replication possible –Maintain serializability,

CS603 Data Replication: Advanced March 1, Data Replication: What haven’t we Covered? Transparent replication possible –Maintain serializability,
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
1 Introduction Introduction to database systems Database Management Systems (DBMS) Type of Databases Database Design Database Design Considerations.

1 Introduction Introduction to database systems Database Management Systems (DBMS) Type of Databases Database Design Database Design Considerations.
Monté Carlo Simulation MGS 3100 – Chapter 9. Simulation Defined A computer-based model used to run experiments on a real system.  Typically done on a.

Monté Carlo Simulation MGS 3100 – Chapter 9. Simulation Defined A computer-based model used to run experiments on a real system.  Typically done on a.
11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.

11 World-Leading Research with Real-World Impact! A Formal Model for Isolation Management in Cloud Infrastructure-as-a-Service Khalid Zaman Bijon, Ram.
Chapter 1 Overview of Databases and Transaction Processing.

Chapter 1 Overview of Databases and Transaction Processing.

Similar presentations

Ads by Google