150 likes | 269 Views
ACI_Dispo :. Réunion de travail du 10-05-2005. Frédéric Cuppens Ahmed Bouabdallah. Nora Cuppens-Boulahia. État d’avancement et perspective. Finalisé, Nomad : No n ato m ic a ctions and d eadlines Enrichissement futur envisagé En cours, Modélisation de la disponibilité
E N D
ACI_Dispo : Réunion de travail du 10-05-2005 Frédéric Cuppens Ahmed Bouabdallah Nora Cuppens-Boulahia
État d’avancement et perspective • Finalisé, • Nomad : Non atomic actions and deadlines • Enrichissement futur envisagé • En cours, • Modélisation de la disponibilité • Protocole TCP/IP avec techniques de Syn Cookies • Avec Nomad • Identification des aspects pertinents (au sens AOP) • Expression de la disponibilité • Réseaux Ad-hoc
Nomad • Provides means to specify a security policy • Conditional privileges • F(A|C) • P(A|C) • O(A|C) • Effective privileges • Expressed in a language of privileges with deadlines • Extends a logic of temporized actions with request • req, waiting • Extends a logic of temporized actions • start, doing, done, , , d and d • Provides means to specify non atomic privileges
The axioms of classical propositional logic (A → B) → (A → B) (A → B) → (A → B) ¬ ¬A ↔ A ¬ ¬A ↔ A A ↔ A A ↔ A start() ↔ ||||done() start(; ) ↔ (start() ||||done()) start( & ) ↔ (start() start ()) start( & ) ↔ ||||done( & ) if |||| ≥ |||| doing() ↔ (start() (doing() ¬done())) (doing() ¬done()) → ¬start() Axiomatics of the logic of temporized actions
Axiomatics of the logic of temporized actions with request • Axiomatics of logic of temporized actions • waiting() ↔ (req() (waiting() ¬ start()))
Obligations with deadlines • Violation of obligations occurs usually after a deadline elapsed • Obligation modality • OdA = OdA • OA is an immediate obligation (d0) • Where dis defined • 0A = 0A = A • d0 : d+1A = dA • (d+1)A = dA (d+1)A • d0 : d1A = dA • (d−1)A = dA (d−1)A
Conditional privileges • Most of privileges are only active in specific contexts • Diadic operators • O(A|C) (C OA) • Od(A|C) (C OdA) • F(A|C) (C FA) • Fd(A|C) (C FdA) • P(A|C) (C PA) • Pd(A|C) (C PdA) • Constraints • F(A|C ) ↔ O(¬A|C ) • (P(A|C ) C ) → ¬ F(A|C )
Effective privileges • Conditional privileges and conditions satisfied effective privileges • FeA= (F(A|C) C) • PeA= (P(A|C) C) • OedA= (Od(A|C) C) (Oe(d+1)A ¬A) • Oe0A=OeA
Expression of security properties in Nomad • Access Control requirement • Starting an action should be accepted Closed policy : d , d(start() Pe(start()) Open policy : d , d(start() Fe(start()) • Abiding with prohibition requirement • Generalizing access control properties d(A FeA) • And obviously the absence of conflicts
Violation condition • Fulfillment modality • fullfill(A) OedA A • Violation modality • violation(A) OedA A • Security property associated with obligation fulfillment • d(violation (A))
Simple Nomad examples • Availability requirement O1D(start(open_account)|(exist_accountreq(open_account))) • User contract requirement O1H(done(open_account)|start(open_account)) • Repeated violation specification repeated_violation (violation(start(change_pwd) O2D violation(start(change_pwd)))
Decomposition of non atomic privileges • Example O(start(block_account; notify_repeated_violation)| repeated_violation) • Decomposition of immediate obligations • Decomposition of non atomic permissions • Decomposition of non atomic prohibitions • Decomposition of obligations with deadlines
Decomposition of immediate obligations • Theorem of decomposition O(A B|C) O(A|C) O(B|C) • The semantics of temporized actions says • start(&) start() start() • start(;) start() ||||start() • O(start(&)|C) O(start() |C) O(start() |C) • O(start(;)|C) O(start() |C) O(||||start()|C) • Exemple of blocking account O(start(block_account) | repeated_violation) O(||block_account||start(notify_repeated_violation) | repeated_violation)
Decomposition of non atomic permissions • Theorems of decomposition P(A B|C) P(A|C)P(B|C) P(A|C)O(B|C) P(A B|C) • From the semantics of temporized actions and the weaknessess of its direct application • P(start( ; )|C) P(start() |C) O(||||start() | (C start())) • P(start( & )|C) P(start() |C) P(start() |C) O(start() |(C start())) O(start() |(C start())) • P(start(open_account ; change_pwd)|exist_account) P(start(open_account) |exist_account) O(||open_account||start(change_pwd) |(exist_accountstart(open_account)))