1 / 28

Policy Management

Policy Management. Elisa Bertino , Ninghui Li (Purdue U.) Anupam Joshi (UMBC) Ravi Sandhu (UTSA). Research Goals. Identify the types of policy relevant to AISL Develop corresponding languages and formal models Implement policy languages

fritz-hood
Download Presentation

Policy Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Policy Management Elisa Bertino, Ninghui Li(Purdue U.) Anupam Joshi (UMBC) Ravi Sandhu (UTSA)

  2. Research Goals • Identify the types of policy relevant to AISL • Develop corresponding languages and formal models • Implement policy languages • Develop relevant policy tools to support the policy lifecycle • Develop policy scenarios

  3. Types of Policy • Access control policies • Controlling who is accessing which data • Accountability policies • Controlling how data is used and modified • Trust policies • Specifying criteria to determine which party to trust for what data/resource

  4. Policy Lifecycle Diagram • Develop new policy languages • Extend current policy languages • Develop formal models • Policy refinement • Policy integration • Policy versioning • Identify analysis types • Develop tools Specification Analysis • Collaborative enforcement (possibly privacy-preserving) • Safe approximation • Enforcement in information group-based sharing • Enforcement in information dissemination-centric sharing Deployment& Enforcement

  5. Policy Refinement Each refinement step must meet the following criteria [Karat08]: • Correct — The set of refined policies correctly implements the higher-level policy. • Consistent — The refinement must not lead to conflicts between the derived policies or the other policies existing in the system. • Valid — The policies must be able to be enforced in the system context to which they will be applied. • Minimal — All policies in the derived policy set must be required for the correctness of the refinement. J. Karat, C.M. Karat, E. Bertino, N. Li, Q. Ni, C. Brodie, J. Lobo, S.B. Calo, L. F. Cranor, P. Kamaraguru, P. Reerder, “Policy Framework for Security and Privacy Management”, To appear in IBM Systems Journal, 2008.

  6. Current Results EXAM Environment for Xacml policy Analysis & Management EXAM is a comprehensive environment for analyzing and managing access control policies. It supports acquisition, editing and retrieval of policies in addition to policy property analysis, policy similarity analysis and policy integration.

  7. Proliferationof Policies !! Motivation Need for tools for managing and analyzing policies !

  8. XACML • EXtensible Access Control Markup Language. • XML based • OASIS standard language for specification of access control policies. • Express many policies of interest to real world application

  9. User User User User Interface Policy Annotation PolicyRepository EXAM Overview: Architecture … Query Dispatcher PolicySimilarity Filter Policy Integration Framework Policy Similarity Analyzer

  10. EXAM Overview : Queries Policy Analysis Query <Policy ID=“Pol1”> <Rule ID=“R11” Effect=“Permit”> <Target> <Subject> domain  {“.edu”} </Subject> <Resource> FileA </Resource> <Action> Read </Action> </Target> <Condition>8:00<=Time<=22:00</Condition> Metadata Query Content Query Effect Query Multiple-Policy Query Single-Policy Query Discrimination Query Common Property Query Property Verification Query <Policy ID=“Pol2”> <Rule ID=“R11” Effect=“Permit”> <Target> <Subject> domain  {“.edu”} OR affiliation = “IBM” </Subject> <Resource> FileA </Resource> <Action> Read </Action> </Target> <Condition>6:00<=Time<=20:00</Condition> Does Policy Pol2 deny read access on FileA between 10pm and 12am ? Find all requests permitted by both policies Pol1 and Pol2. Find all requests which are permitted by Pol1 but denied by Pol2.

  11. Policy Similarity Analysis • Goal • Characterize the relationships among the sets of requests respectively authorized by a set of policies. • Two techniques • Policy Similarity Filter • Less precise, faster. • Policy Similarity Analyzer • Precise, slower.

  12. User User User User Interface Policy Annotation PolicyRepository EXAM Overview: Architecture … Query Dispatcher PolicySimilarity Filter Policy Integration Framework Policy Similarity Analyzer

  13. Policy Similarity Filter • Quick and less precise. • Inspired by Information Retrieval (IR) techniques. • Policy similarity measure • Assign a similarity score between two policies. • Typical applications • A quick filter phase to prune the set of policies to be analyzed by the precise policy similarity technique. • A distance function for clustering policies.

  14. DATA OWNER POLICY 2 Example DATA OWNER POLICY 1 0 0.71

  15. RESOURCE OWNER POLICY 3 Example DATA OWNER POLICY 1 0.4

  16. User User User User Interface Policy Annotation PolicyRepository EXAM Overview: Architecture … Query Dispatcher PolicySimilarity Filter Policy Integration Framework Policy Similarity Analyzer

  17. Policy Similarity Analyzer(PSA) • Uses Multi-Terminal Binary Decision Diagram (MTBDD) based representation of a policy. • Combines model-checking and satisfiability checking to perform similarity analysis on policies with different types of constraints on attributes • One variable equality constraints • Affiliation = “IBM”, Role != “Student” • One variable inequality constraints • Age < 50, 8<=Time<=22 • Linear constraints • Bonus + 2 * Salary <= 250000 • Compound Boolean constraints • (Nationality = “US”  Clearance = “High)

  18. f t a NA Y MTBDD - Multi-Terminal Binary Decision Diagram • Rooted, directed acyclic graph. • Represent functions of the form f : Bn -> R • In a policy MTBDD internal nodes represent the predicates on attributes and the terminals denote the policy decisions Permit, Deny or NotApplicable. <Policy ID = Pol1> <Rule Effect = Permit> <Target> <Resource>(fileName = fileA) </Resource> <Condition> (time < 17:00  age > 18) </Condition> </Target> </Rule> </Policy> Pol1 Permit : (fileName = fileA)  (time < 17:00  age > 18)

  19. NA N-CP N-N Y-N Y-Y NA NA N N Y CP Y Query: What requests are permitted by both policies? Policy Comparison P2 Auxiliary Rule P1 MTBDD MTBDD MTBDD CMTBDD ….. …..

  20. User User User User Interface Policy Annotation PolicyRepository EXAM Overview : Architecture … Query Dispatcher PolicySimilarity Filter Policy Integration Framework Policy Similarity Analyzer

  21. Policy Integration • A Fine-grained Integration Algebra (FIA) • 3-valued (Permit, Deny, NotApplicable) • Specify behavior at the granularity of requests and effects • Restrict domain of applicability • Support expressive policy languages like XACML • Framework for specifying integration constraints and generating integrated policies. • MTBDD based implementation of FIA • Generation of integrated policy in XACML syntax.

  22. Fine-grained Integration Algebra (FIA) Vocabulary of attribute names and domains Unary operators Negation Domain Projection Policy constants Permit policyDeny policy Binary operators Addition Intersection

  23. FIA - Theoretical Results • Expressivity • FIA can express all XACML policy combining algorithms • FIA can express policy “jumps” • FIA can model closed policies and open policies • Completeness • A completeness notion has been developed, based on the concept of policy combination matrix, and FIA is complete with respect to such notion • Minimality • Identification of the minimal complete subsets of the FIA operators

  24. A B NA XACML Policy Generation PolicyID = Example <RuleID=R1 Effect=Permit> <Target> <Subject pos=manager \> <Action act=read \> <\Target> <\Rule> pos=manager 1 0 act=read 0 1 Y

  25. Next Steps • Develop visualization techniques for policy analysis results • Extend EXAM with a tool for synonym dictionary management, ontologies

  26. request decision obligations PEP Obligation Service global policy request decision global policy Global Policy Repository global Policy abstract … … decision request decision request Subject Resource Environment Subject Resource Environment attribute Context Handler attribute Context Handler attribute decision attribute decision policy policy Novel Reference XACML Architecture for Multi-party collaborative Enforcement Decomposition Constraint Policy Authoring constraint Policy Decomposition Request Dispatcher/ Decision Coordinator … … PDP PDP Local Policy Repository Local Policy Repository

  27. Extending XACML for Multi-party collaborative Enforcement • Combining policies is necessary in AISL • XACML has several fixed Policy Combining Algorithms (PCAs) for combining policies • deny-overrides, permit-overrides, first-applicable, only-one-applicable • We propose the Policy Combining Language (PCL) • allows expression of useful new PCAs • e.g., weak consensus, strong consensus, weak majority, and strong majority • elegantly handles policy evaluation errors • is fully backward compatible with XACML • enables optimized evaluation using automata theory

  28. Next Steps • Develop an implementation of the extended XACML algorithms and of the policy distribution and enforcement algorithms • Investigate cryptographic approaches

More Related