1 / 19

Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation, USA George Mason University, USA

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007. Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation, USA George Mason University, USA University of Texas, San Antonio, USA. Outline. Introduction Usage Scenario

elmer
Download Presentation

Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation, USA George Mason University, USA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A New Modeling Paradigm for Dynamic Authorization in Multi-Domain SystemsMMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation, USA George Mason University, USA University of Texas, San Antonio, USA

  2. Outline • Introduction • Usage Scenario • Characteristics of Multi-Domain Interactions • Concept of Dynamic Attributes • UCON Background • EUCON Model & Components • Summary

  3. Introduction • Emergence of mobile devices & ubiquitous n/w • Anytime, Anywhere connectivity • Mobility causes users to transcend domains • Traditional ABAC unsuitable for dynamic env • Attributes pre-defined • Extensive a-priori agreement of attribute semantics • New paradigm for modeling access control • Dynamic & Multi-domain interactions

  4. Purchase Alice Usage Scenario • Alice makes a purchase of $100 at Coffee Shop • Coffee Shop provides a $10 ‘credit’ to Alice • Credit usable at multiple stores • Later, Alice uses ‘credit’ to purchase a book at Book Store Coffee Shop (CS) Book Shop (BS) Credit Credit

  5. Characteristics of Multi-Domain Interactions • Subjects/Objects interact with multiple systems • E.g., Alice interacts with Coffee Shop & Book Store • Information is dynamic & transcends systems • E.g., Alice acquired a ‘credit’ at Coffee Shop & used it to buy a book at the Book Store • Prior agreement of semantics not desirable • E.g., Coffee Shop issues ‘credit’ to Alice that has to be interpreted by Book Store at authorization time; next day, Coffee Shop may issue ‘coupon’ Multi-Domain Attributes Dynamic Attributes

  6. Concept of Dynamic Attributes • Not pre-defined attributes • Not attributes whose value is dynamic • New-born attributes with new name-value pairs • E.g., ‘Credit’ was dynamically created by Coffee Shop; Book Store needs to interpret the semantics when Alice uses it to buy a book

  7. Usage Control Model (UCON) Background Proposed extensions to UCON -> EUCON

  8. Classification of EUCON Attributes • Classification based on two factors • Time of attribute definition • Pre-defined Attributes • Dynamic Attributes • Scope of attribute definition • Local Attributes • Multi-Domain Attributes

  9. EUCON Attributes: PLA, PMA, DLA • Pre-Defined Local Attributes (PLA) • Same as current notion of attributes in attribute-based access control models such as UCON • Pre-Defined Multi-Domain Attributes (PMA) • A-priori agreement of attribute semantics across multiple domains • Dynamic Local Attributes (DLA) • Dynamically created but interpretable within same domain • E.g., Coffee Shop could create an attribute ‘discount’ that is usable at a later date at the same store

  10. EUCON Attributes: DMA • Dynamic Multi-Domain Attributes (DMA) • New approach to model emerging usage scenarios • Attributes created on the fly and interpretable in multiple domains at authorization time • Subject & Object Attributes can be DMA • E.g., ‘Credit’ is a new-born subject (Alice) attribute created by the Coffee Shop. Book Store interacts with CS at run time when Alice uses it to purchase a book • E.g., Alice checks in with airport security and the objects she carries gets a DMA “cleared=true”. Alice uses this DMA at the airline system to board

  11. EUCON Authorizations • Rules based on subject and object attributes • Pre-defined Local Authorization • Current UCON authorization • Pre-defined Multi-Domain Authorization • Current authorization methods for multi-domain • Dynamic Local Authorization • Construction of rules based on DLA • Dynamic Multi-Domain Authorization • Construction of dynamic authorization rules by interpreting DMA • E.g., Book Store interprets ‘credit’ at runtime and constructs dynamic authorization rules

  12. EUCON Obligations • Subject pre-req before access can be granted • E.g., Alice agrees to a license before she can access whitepaper • Pre-defined Local & Dynamic Obligations • Obligations on local & dynamic attributes • Pre-defined Multi-Domain Obligations • Obligations interpretable across multiple domains • Dynamic Multi-Domain Obligations • Obligations on DMA • Defined dynamically and interpreted at multiple domains • E.g., Before Alice can use ‘credit’ at Book Store, she is obligated to engage in a transaction with another Coffee Shop within the Book Store

  13. EUCON Conditions • System factors held before access granted • Dynamic Multi-Domain Conditions • Conditions on DMA interpretable at multiple domains • E.g., Book Store could dynamically discover a condition on using ‘credit’ such that current ‘credit’ usage on all Coffee Shop systems is not > $1000

  14. Extended UCON (EUCON)

  15. Summary • Emergence of mobile & dynamic apps • Users transcend domains in mobile env. • Current access control models unsuitable • New paradigm for dynamic, multi-domain • Proposed extensions to UCON - EUCON

  16. Thank You!

  17. BACKUP

  18. Related Work • Damiani, Vimercati & Samarati identify reqs • Similar to our requirements for a mobile env. • Survey extensions proposed for other models; however, our concept of DMA is different • Covington & Sastry have proposed CABAC • Authorization policies based entirely on attributes • Transaction attributes defined in this work is similar to our pre-defined multi-domain attributes

  19. Background: Continuity & Mutability

More Related