570 likes | 841 Views
463.0.2 Attribute-Based Security and Messaging. Fariba Khan UIUC CS 463. Outline. Attributes Attribute-Based Security Case Studies Attribute-Based Messaging Shibboleth Secure RSS Project Schedule. Resources. Attribute-Based Messaging XACML XACML Sun Implementation SAML Demo videos
E N D
463.0.2 Attribute-Based Security and Messaging Fariba Khan UIUC CS 463
Outline • Attributes • Attribute-Based Security • Case Studies • Attribute-Based Messaging • Shibboleth • Secure RSS • Project Schedule
Resources • Attribute-Based Messaging • XACML • XACML Sun Implementation • SAML • Demo videos • ABM • PolicyMorph
Attributes • Person • ID’s • Driver’s license, student id, library card • Student • year, department, courses, grades • Employee • Rank, division, projects • Resources • ID’s • PID, machine serial, room no. • File • Size, type, owner • Office space • Floor, window, corridor, size, officemates (room)
Attribute-Based Security • Attribute-based systems include • Access Control, Encryption, Signature • Messaging • Identity, role and attribute • Identity-Based • “Alice” can read the file • “Trudy” cannot open the door • “Bob” will get the email • Role-Based • Any “Agent” can read the file • No “Doctor” can view the patient bill • Attribute-Based • “Alice” can drink if her age > 18 • “Bob” can watch CS463 class videos if he registered student. • Anybody can read the CS463 class webpage.
To: faculty going on sabbatical Introduction to ABM Attribute-Based Messaging (ABM): Targeting messages based on attributes. BobbaFKGK06
Why ABM? • Attribute-based systems have desirable properties • flexibility, privacy and intuitiveness • Attribute-Based Messaging (ABM) brings these advantages to e-mail messaging • enhances confidentiality by supporting targeted messaging • via dynamic and transient groups • enhances relevance of messages • by reducing unwanted messages
Challenges • Access Control • access to such a system should be carefully controlled • potential for spam • privacy of attributes • Deployability • system should be compatible with existing infrastructure • Efficiency • system should have comparable performance to regular e-mail
Policy Decision ABM Server E-mail MTA To: Managers Enterprise Architecture • Ensuing Issues • ABM Address Format, Client I/F • Access Control - policy specification and enforcement • Attribute Database creation and maintenance Attr. DB
OR AND AND AND OR Rank = Rank = Rank = Course = 463 Course = 463 Course = 591RHC Course = 591RHC ABM Address Format • Logical expressions of attribute value pairs • Disjunctive normal form • Example • All students taking CS463 and CS591RHC
OR AND AND Rank = Rank = Course = 463 Course = 591RHC ABM Address Format • Logical expressions of attribute value pairs • Disjunctive normal form • Example • All students taking CS463 and CS591RHC
Attribute Database • Attribute database • all enterprises have attribute data about their users • data spread over multiple, possibly disparate databases • assume that this attribute data is available to ABM system • Microsoft SQL Server • Native XML database support • eXtensible Markup Language • Easy to generate ‘dialects’, Human-legible • Accommodates easier data sharing and understanding in a flexible architecture.
Access Control • Attribute-Based Access Control (ABAC) • uses same attributes used to target messages • Example • Alice wants send an email to “All faculty going on sabbatical” • Prof Eve is on that list. • Prof Eve has policy that only students taking his course and other faculty can send him email.
Access Policy Language • XACML is used to specify access policies • Sun’s XACML engine is used for policy decision • XACML policy structure • Subject • Resource • Eve • Rule • Her students and all faculty OR Rank= AND Rank= Course = 463
OR AND Rank= Rank= Rank= Course = 463 Access Policy Language • Problem • need policy per logical expression • policy explosion • Solution • one policy per <attribute,value> • XACML policy structure • Subject • Resource – • faculty • Rule • Her students, TA’s and faculties
Deployability • Use existing e-mail infrastructure (SMTP) • address ABM messages to the ABM server (MUA) and add ABM address as a MIME attachment • No modification to client • use a web server to aid the sender in composing the ABM address via a thin client (web browser) • E-mail like semantics • policy specialization
AR1 Policy xml AR2 Web Server Windows IIS MTA AR4 AR3 PS7 Attribute DB MS SQL Server PS2 ABM Server PS8 Sender PS1 MS2 MS1 Putting It All Together PDP Sun’s XACML Engine Legend PS: Policy Specialization MS: Messaging AR: Address Resolution
Experimental Setup • Measured • latency over regular e-mail • with and without access control • latency of Policy Specialization • Setup • up to 60K users • 100 attributes in the system • 20% of attributes common to most users • 80% of attributes sparsely distributed
Experimental Setup • Measured • latency over regular e-mail • with and without access control • latency of Policy Specialization • Setup • up to 60K users • 100 attributes in the system • 20% of attributes common to most users • 80% of attributes sparsely distributed
Other Considerations • Policy Administration • one policy per <attribute ,value> • further be reduced to one policy per attribute • incremental deployment • Privacy • of sender and receivers • of ABM address • Usability • user interfaces • Email Exploits • MTA configured with SMTP authentication
Future Work • Inter-domain ABM • e.g., address doctors in the tri-state area who have expertise in a specific kind of surgical procedure • challenge – “attribute mapping” • application in ‘emergency communications’ • Encrypted ABM
Shibboleth Nori, Shankesi
Shibboleth • An Internet2/MACE initiative to develop a standards-based architecture and policy framework supporting the sharing of secured web resources and services • A software project delivering an open source implementation of the architecture and framework • Based on the OASIS SAML standard
Shibboleth Properties • Enables inter-institutional collaboration • Leverages existing infrastructure • Access control based on attributes • A standard but extensible AttributeValue vocabulary • Promotes secure web application interoperability
User Shibboleth Login * Shibboleth vs. Athens “What the user sees during login”, MIMAS Team
User 1 Service Provider Shibboleth Login 1. User wants a given resource
User 1 2 Service Provider Shibboleth Login 2. User is prompted to login
User 1 2 Service Provider Shibboleth Login User presses login button
User 1 2 Service Provider Shibboleth Login User presses login button
User WAYF 3 2 1 Service Provider Shibboleth Login 3. “Where Are You From?” service is contacted
User WAYF 4 3 2 1 Service Provider Shibboleth Login 4. User is prompted for their “home” institution
User WAYF 4 3 2 1 Service Provider Shibboleth Login User selects their “home” institution from drop-down list
User WAYF 4 3 2 1 Service Provider Shibboleth Login User selects their “home” institution from drop-down list
User WAYF 5 4 3 2 1 Service Provider Shibboleth Login 5. Selected institution is returned to WAYF
User WAYF 5 4 3 6 2 1 Home Institution Service Provider Shibboleth Login 6. “Home” institution is contacted
User WAYF 5 4 3 6 2 7 1 Home Institution Service Provider Shibboleth Login 7. User is prompted for “home” credentials
User WAYF 5 4 3 6 2 7 1 Home Institution Service Provider Shibboleth Login User enters credentials at “home” institution
User WAYF 5 4 3 6 2 7 1 Home Institution Service Provider Shibboleth Login User enters credentials at “home” institution
User WAYF 5 4 3 6 2 7 1 8 Home Institution Service Provider Shibboleth Login 8. Credentials sent to “home” institution
User WAYF 5 4 3 6 2 7 1 8 9 Home Institution Service Provider Shibboleth Login 9. Shibboleth handle sent to Service Provider
User WAYF 5 4 3 6 2 7 1 8 9 Home Institution Service Provider Shibboleth Login 9. Shibboleth handle sent to Service Provider
User WAYF 5 4 3 6 2 7 1 8 9 Home Institution Service Provider Shibboleth Login 9. Shibboleth handle sent to Service Provider
User WAYF 5 4 3 6 2 7 1 8 9 10 Home Institution Service Provider Shibboleth Login 10. Attributes are requested from “home” institution
User WAYF 5 4 3 6 2 7 1 8 9 10 11 Home Institution Service Provider Shibboleth Login 11. Attributes are returned to the Service Provider
User WAYF 5 4 3 6 2 7 1 8 9 10 11 Home Institution Service Provider Shibboleth Login An authorisation decision is made based on attributes received
User WAYF 5 4 3 6 2 7 1 8 12 9 10 11 Home Institution Service Provider Shibboleth Login 12. User is given access to the resource
User WAYF 5 4 3 6 2 7 1 8 12 9 10 11 Home Institution Service Provider Shibboleth Login 12. User is given access to the resource
Shibboleth® Enabled Applications and Services • Napster • Twiki • WebCT • ProQuest SEAS