190 likes | 195 Views
This paper presents a new modeling paradigm, EUCON, for dynamic authorization in multi-domain systems. The paradigm addresses the challenges posed by mobile devices and ubiquitous networks, where users transcend domains and interact with multiple systems. It introduces the concept of dynamic attributes and proposes extensions to the UCON access control model to handle dynamic and multi-domain interactions.
E N D
A New Modeling Paradigm for Dynamic Authorization in Multi-Domain SystemsMMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation, USA George Mason University, USA University of Texas, San Antonio, USA
Outline • Introduction • Usage Scenario • Characteristics of Multi-Domain Interactions • Concept of Dynamic Attributes • UCON Background • EUCON Model & Components • Summary
Introduction • Emergence of mobile devices & ubiquitous n/w • Anytime, Anywhere connectivity • Mobility causes users to transcend domains • Traditional ABAC unsuitable for dynamic env • Attributes pre-defined • Extensive a-priori agreement of attribute semantics • New paradigm for modeling access control • Dynamic & Multi-domain interactions
Purchase Alice Usage Scenario • Alice makes a purchase of $100 at Coffee Shop • Coffee Shop provides a $10 ‘credit’ to Alice • Credit usable at multiple stores • Later, Alice uses ‘credit’ to purchase a book at Book Store Coffee Shop (CS) Book Shop (BS) Credit Credit
Characteristics of Multi-Domain Interactions • Subjects/Objects interact with multiple systems • E.g., Alice interacts with Coffee Shop & Book Store • Information is dynamic & transcends systems • E.g., Alice acquired a ‘credit’ at Coffee Shop & used it to buy a book at the Book Store • Prior agreement of semantics not desirable • E.g., Coffee Shop issues ‘credit’ to Alice that has to be interpreted by Book Store at authorization time; next day, Coffee Shop may issue ‘coupon’ Multi-Domain Attributes Dynamic Attributes
Concept of Dynamic Attributes • Not pre-defined attributes • Not attributes whose value is dynamic • New-born attributes with new name-value pairs • E.g., ‘Credit’ was dynamically created by Coffee Shop; Book Store needs to interpret the semantics when Alice uses it to buy a book
Usage Control Model (UCON) Background Proposed extensions to UCON -> EUCON
Classification of EUCON Attributes • Classification based on two factors • Time of attribute definition • Pre-defined Attributes • Dynamic Attributes • Scope of attribute definition • Local Attributes • Multi-Domain Attributes
EUCON Attributes: PLA, PMA, DLA • Pre-Defined Local Attributes (PLA) • Same as current notion of attributes in attribute-based access control models such as UCON • Pre-Defined Multi-Domain Attributes (PMA) • A-priori agreement of attribute semantics across multiple domains • Dynamic Local Attributes (DLA) • Dynamically created but interpretable within same domain • E.g., Coffee Shop could create an attribute ‘discount’ that is usable at a later date at the same store
EUCON Attributes: DMA • Dynamic Multi-Domain Attributes (DMA) • New approach to model emerging usage scenarios • Attributes created on the fly and interpretable in multiple domains at authorization time • Subject & Object Attributes can be DMA • E.g., ‘Credit’ is a new-born subject (Alice) attribute created by the Coffee Shop. Book Store interacts with CS at run time when Alice uses it to purchase a book • E.g., Alice checks in with airport security and the objects she carries gets a DMA “cleared=true”. Alice uses this DMA at the airline system to board
EUCON Authorizations • Rules based on subject and object attributes • Pre-defined Local Authorization • Current UCON authorization • Pre-defined Multi-Domain Authorization • Current authorization methods for multi-domain • Dynamic Local Authorization • Construction of rules based on DLA • Dynamic Multi-Domain Authorization • Construction of dynamic authorization rules by interpreting DMA • E.g., Book Store interprets ‘credit’ at runtime and constructs dynamic authorization rules
EUCON Obligations • Subject pre-req before access can be granted • E.g., Alice agrees to a license before she can access whitepaper • Pre-defined Local & Dynamic Obligations • Obligations on local & dynamic attributes • Pre-defined Multi-Domain Obligations • Obligations interpretable across multiple domains • Dynamic Multi-Domain Obligations • Obligations on DMA • Defined dynamically and interpreted at multiple domains • E.g., Before Alice can use ‘credit’ at Book Store, she is obligated to engage in a transaction with another Coffee Shop within the Book Store
EUCON Conditions • System factors held before access granted • Dynamic Multi-Domain Conditions • Conditions on DMA interpretable at multiple domains • E.g., Book Store could dynamically discover a condition on using ‘credit’ such that current ‘credit’ usage on all Coffee Shop systems is not > $1000
Summary • Emergence of mobile & dynamic apps • Users transcend domains in mobile env. • Current access control models unsuitable • New paradigm for dynamic, multi-domain • Proposed extensions to UCON - EUCON
Related Work • Damiani, Vimercati & Samarati identify reqs • Similar to our requirements for a mobile env. • Survey extensions proposed for other models; however, our concept of DMA is different • Covington & Sastry have proposed CABAC • Authorization policies based entirely on attributes • Transaction attributes defined in this work is similar to our pre-defined multi-domain attributes