150 likes | 264 Views
USC CSci599 Trusted Computing Lecture Six – Policy February 16, 2007. Dr. Clifford Neuman University of Southern California Information Sciences Institute. Announcements. Mid-term Next week 1 hour – at start of lecture Closed book Essay question Perhaps list as a question Today
E N D
USC CSci599Trusted ComputingLecture Six – PolicyFebruary 16, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute
Announcements • Mid-term Next week • 1 hour – at start of lecture • Closed book • Essay question • Perhaps list as a question • Today • Two student presentations • Xen -Arun Viswanathan • HIPAA – Sunil Raga • Discussion of policy
The Importance of Policy • Basic building blocks of security well understood, but problem persist because: • Vulnerabilities in implementation, configuration and complexity of interactions. • Building blocks deployed without “glue” • Security demands flexible and adaptable ways to tell parts of the system what access to allow: • Systems can only enforce rules that are specified • Today’s applications take myopic view andare unable to adapt to attack
The hard problems remain • How to manage dynamic policies in a federated environment. • How to simplify policy specification. • What kinds of policies work best. • Can standard policy templates be created that correspond to the intrinsic policies that people expect, corresponding to common business, personal, government, or national security interactions.
Security for Weakly Managed Systems • Security in federated environments • Assets managed by different organizations • Resolution of conflict in security policies • Support for dynamic management of policy across organizations • Assessment of trustworthiness based on observationand shared reputation
Security for Weakly Managed Systems • Managing the unmanageable • Desktops, Laptops, Employee home machines • Sensors and actuators in the field • May be under multiple management domains • Employer, school, sensors on links between organizations • Need to support joint management • Need to prevent cross-domain connection through shared asset. • Need assurance of provenance of peer.
Policy Sources • Sources of Policy • Application implementers • Service providers • Content providers • Legislation • Employers • Individuals
Policy Storage • Where are policies stored • Carried with objects • Included in credentials • Stored with the entities that enforce it • Retrieved remotely
Policy Enforcement • Places where policy enforced • Network admission / routers • Servers providing information • Mail servers other infrastrcture • End devices
Policy Effects • What Policy Says to Do • Protect data in the hands of others • Determine when to release data • Decide when to allow changes to data • Determine peer relationships
When Policy Enforced • When Policies are Enforced • When data requested • When data subsequently used • Pre-computed when connection established
Focus of Trusted Computing • To date, the better understood parts of trusted computing is the mechanism. • Policy is understood in support of the mechanism. • But mechanism must support policy, and that policy is the part that is not well understood. • What do we want TC to do.
Suggested Policy Model • Separate policy into: • Basic policies enforced through trusted computing. • Fine-grained policies enforced by the trusted components. • Precomputed policies that say how pieces fit together.
Authorization in TVSA • First level provides coarse-grained authorization • Almost capability like • Based on being in the right virtual system. • Fine grained mediated within VS • The apps running in the VS must enforce fine-grained policies if needed. • Some policy pre-computed • Negotiation of access and obligation takes place when components join a virtual system.
Discuss Policy using TVSA • Rings represent Precomputed policy • Virtual System identifiers used to enforce simple policies. • Fine grained policies enforced by the individual components embedded within the rings to the right. BNK WEB DRM Qkn Brs OS PRV