180 likes | 208 Views
Web Policy Zeitgeist. Panel Presentation The Semantic Web and Policy Workshop (SWPW) Galway Ireland November 7, 2005. Kent Seamons Internet Security Research Lab Brigham Young University. Zeitgeist.
E N D
Web Policy Zeitgeist Panel Presentation The Semantic Web and Policy Workshop (SWPW) Galway Ireland November 7, 2005 Kent Seamons Internet Security Research Lab Brigham Young University
Zeitgeist Some writers and artists assert that the true zeitgeist of an era cannot be known until it is over Opinions, that deviate from the ruling zeitgeist, always aggravate the crowdGermaine de Stael "the spirit (Geist) of the time (Zeit)“
Outline • Policies must be ? • Opinions based on my experience • The future of Policy Zeitgeist • A challenge to the policy community
My Background • Applied research – industry and academia • Database Systems – my roots • Security in Open Systems – trust negotiation - current research
Security in Open Systems • Closed system: the world of passwords and tokens, identity-based • Open system: authentication with unknown entities (strangers), attribute-based • Example: credit cards—nearly universal trust for financial authentication
Trust Negotiation • Iterative exchange of credentials based on policy requirements • Goals • Automated – little or no user intervention • Open – previously unknown parties may authenticate
Fred the Fire Chief City of “Far Away” Server Info Fire Chief Fire Chief 2 1 2 1 Step 1: Fred requests information from Server Step 2: Server returns access control policy for the info Step 3: Fred discloses his access control policy Step 4: Server discloses his Server credential Step 5: Fred discloses his Fire Chief credential Step 6: Server grants access to the information Info Trust Negotiation Example
Trust Negotiation Policies • Attribute-based policies for authentication and authorization in open systems • Part of a much broader notion of policy • Areas of emphasis (A policy must be …) • Policies are declarative • Easy to use • Too often, only the PhD student that designed a policy language or framework can use it effectively • Flexible / adaptive depending on context • TrustBuilder / GAA-API integration • RESCUE project – emergency response • Context-sensitive trust negotiation - policies that play fair • Hidden credentials – protect sensitive policies
GAA-API/TrustBuilder • GAA-API - provides fine-grained access control and application-level intrusion detection capabilities to applications through a simple API. • TrustBuilder – trust negotiation framework • Integration combines the best of both systems • Detection and thwarting of attacks on electronic business transactions • Adaptation of information disclosure and resource access policies according to a suspicion level • Support of cost effective trust negotiation, such that TrustBuilder is invoked only when negotiation is required by access control policies Ryutov, Zhou, Neuman, Leithead, Seamons. Adaptive Trust Negotiation and Access Control, SACMAT 2005 Ryutov, Zhou, Neuman, Foukia, Leithead, Seamons. Adaptive Trust Negotiation and Access Control for Grids, GRID 2005
RESCUE Project • The goal of the RESCUE project is to radically transform the ability of responding organizations to gather, manage, use, and disseminate information within emergency response networks and to the general public • We will design a policy-driven information sharing architecture • Flexible, customizable, dynamic, robust, scalable, policy-driven, highly automated • Policies must support rapid adaptation in the face of unexpected events Funded by National Science Foundation, see www.itr-rescue.org Participant universities: BYU, Colorado, Maryland, UCI, UCSD, UIUC. Industrial partner: ImageCat
Context Sensitive Trust Negotiation • Problem: phishing attacks • Solution: release credentials based on context – “need to know” • Approach: create an ontology to represent a negotiation type to describe relevant credentials • Identify policy errors and malicious phishing attacks • Benefits • Greater protection • Identify policy errors • Efficiency - push relevant credentials Leithead, Challenging Policies that Do Not “Play Fair:” , MS Thesis, BYU, August 2005.
Share 1 Share 2 Share 1 Share 2 Share 1 Hidden Credentials • Hidden credentials encrypt a message so that the recipient can read it iff he has the required credentials • Credentials can be used without disclosing them • Sensitive policies – policy can be hidden FBI Agent SECRET Clearance (symmetric encryption) US Army (IBE Encryption) Bradshaw, Holt, Seamons, Concealing Complex Policies with Hidden Credentials, CCS 2004
Policy Zeitgeist Summary • Policies must be declarative • Policies must flexible • Policies must be easy to configure • Policies must be context sensitive • Policies must adapt to unexpected change • Policies must be easy to diagnose when failure occurs • Policy visibility must be tunable
Future Policy Zeitgeist • We must bridge the gap between industry/government needs and academic research • As an academic, too often I fabricate toy problems in the lab using my imagination • The research process needs more real-world input • My research colleagues and I are taking steps to resolve this • RESCUE project, for instance • Challenge • The policy community must build and maintain a knowledge base to guide the design, development, and analysis of policy-based information systems • I envision something patterned after successful efforts I have observed in the database, parallel computing, networking fields
What it will contain? Requirements suite Ontology of policy types Solutions Frameworks Languages Standards Lessons learned Examples of broken systems Failed approaches Benchmarks Policy language bake-offs Grand challenge applications Policy Knowledge Base Who will contribute? • Government • Industry • Academia • Key sectors • Finance • Health care • Public safety How to evaluate? • Ease of use • Expressiveness • Performance • Scalability • Semantics Who will benefit? • Users • Vendors • Researchers
Policy Knowledge Base - Issues • Policy-based information systems center • Too big for a single organization? • Who will fund? • Will government fund this? • Industry consortium? • Who should lead the effort? • Organizing this effort probably won’t lead to tenure