1 / 38

Secure Context-sensitive Authorization

Secure Context-sensitive Authorization. Kazuhiro Minami and David Kotz Dartmouth College. Request. Guest Speaker. Context-sensitive Authorization. I cannot verify your identity. Projector. Smart Meeting Room. Location Sensor. Location Information. Request.

jatin
Download Presentation

Secure Context-sensitive Authorization

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Context-sensitive Authorization Kazuhiro Minami and David Kotz Dartmouth College

  2. Request Guest Speaker Context-sensitive Authorization I cannot verify your identity. Projector Smart Meeting Room

  3. Location Sensor Location Information Request Context-sensitive Authorization Since you are in the room, I authorize you to control me. Projector Guest Speaker Smart Meeting Room

  4. Request Context Information Authorization Query Granting Decision Integrity (make correct decisions) Confidentiality (not to disclose confidential information) Centralized Approach Requester Information Servers Location Server Authorization Server Role Server Resource

  5. Smart Room Scenario Request Speaker Projector Location Query Location Server Access Point Query GPS Coordinate Query GPS Location Server WIFI Location Server

  6. Authorization Query Sub-Proof Tree Host A Logical Query Sub-Proof Tree Sub-Proof Tree Host B Host C Distributed Rule-based Authorization Authorization Query Proof Tree Central server

  7. Goals • Confidentiality • Preserve each principal’s confidentiality policies • Integrity • Each principal receives a proof that satisfies its integrity policies • Scalability • Offload work from a central server

  8. Outline • Rule-based authorization • Security model • Distributed query processing • Enforcement algorithm • Summary

  9. ?grant(Bob, projector) Proof Tree Rule-based Authorization Inference Engine grant(P, projector)  location(P, room112) location(P,L)  owner(P,D)  location(D,L) Rules owner(Bob, badge15) location(badge15, room112) Facts Knowledge Base Authorization Server

  10. Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

  11. Example Proof Tree ?grant(Bob, projector) grant(Bob)  location(Bob, meeting_room) location(Bob,meeting_room)  owner(Bob, badge15)  location(badge15, room112)) owner(Bob, badge15) location(badge15, room112)

  12. Confidentiality / Integrity Policies Security Model Resource Authorization Policies / Facts

  13. Integrity Policies Confidentiality Policies acl(location(P,L)) = {Alice} acl(owner(P,D)) = {Dave} trust(location(P,L)) = {Dave} ?location (Bob, room112) TRUE Security Model location(P,L)  owner(P,D)location(D,L) owner(Bob, pda15) location(pda15, room112) grant(P, projector)  location(P, room112) Host A (Alice) Host B (Dave)

  14. Assumptions • Policies apply only to facts • Each principal issues a query to a principal that satisfies its integrity policies • Integrity policies are public knowledge • Public key infrastructure is available

  15. Outline • Rule-based authorization • Security model • Distributed query processing • Enforcement algorithm • Summary

  16. Host Host Logical Query Host Host Host Architectural Overview User Request Authorization Query Host Resource

  17. q0 q1 Decomposition of Proof Tree Query Principal p0 • A handler principal only returns a query result (true or false) T0 n0 p1 T1 n1 p2 T2

  18. Decomposition of Proof Tree Query Principal p0 • All the nodes except for the root node are not disclosed. T0 n0 q0 p1 T1 n1 q1 p2 T2

  19. K0 K0 K0 Enforcement of Confidentiality Policies Query Principal p0 • A handler principal chooses a receiver principal from its upstream principals. T0 n0 q0 p1 T1 q1 p2 T2 acl(q1) = {p0 } Confidentiality policy

  20. K0 K0 Enforcement of Confidentiality Policies Query Principal p0 • A handler principal chooses a receiver principal from its upstream principals. T0 n0 q0 p1 T1 q1 p2 T2 acl(q1) = {p0 } Confidentiality policy

  21. Outline • Rule-based authorization • Security model • Distributed query processing • Enforcement algorithm • Summary

  22. q0 q1 q2 Enforcement Algorithm p0 p1 p2 p3

  23. acl(q2) = {p0,p1} Security Policies Enforcement Algorithm q0 q1 q2 p0 p1 p2 p3

  24. acl(q2) = {p0,p1} Security Policies Enforcement Algorithm q0 q1 q2 p0 p1 p2 p3

  25. q3 p0 pf4  (P0, (TRUE)K0) p4 p5 p0 q4 (p0,(pf4)K0) (p1,((pf4)(pf5))K1) (p1, ((pf4)(pf5))K1)) pf5  (P1, (TRUE)K1) Enforcement Algorithm q0 q1 q2 p1 p2 p3 TRUE

  26. q3 pf4  (P0, (TRUE)K0) p1 p4 p5 (p0,(pf3)K0) (p1,(pf3)K1) pf3 (p0, ((pf4)(pf5))K0)) p1 pf5  (P1, (TRUE)K1) Enforcement Algorithm q0 q1 q2 p0 p2 p3 pf5 cannot be decrypted!

  27. p0 p4 p5 p0 p0 Attack by Colluding Principals (q0, [p0]) (q1,[p0,p1]) p1 p2 p3

  28. p0 p4 p5 p0 p0 Attack by Colluding Principals (q0, [p0]) (q1,[p1,p0]) p1 p2 p3

  29. p0 p4 p5 p0 p0 Attack by Colluding Principals (q0, [p0]) (q1,[p1,p0]) (q2,[p1,p0,p2]) p1 p2 p3

  30. q3 p0 pf4  (P0, (TRUE)K0) p5 p4 p0 p0 q4 (p1,((pf4)(pf5))) (p0, ((pf4)(pf5)))) pf5  (P1, (FALSE)K1) Attack by Colluding Principals (q0, [p0]) (q1,[p1,p0]) (q2,[p1,p0,p2]) p1 p2 p3 q2’s result is FALSE acl(q2) = {p0} Security Policies

  31. Related Work • Rule-based Authorization • Cerberus [Al-Muhtadi, Ranganathan, Cambell, Mickunas] PerCom 2003 • [Myles, Friday, Davies] IEEE Pervasive Computing 2003 • Role-based Access Control • Generalized RBAC [Covington, Ahamad, Srinivasan] SACMAT 2001 • OASIS [Bacon, Moody, Yao] SACMAT 2002 • Trust Management System • SD3 [Jim] IEEE S&P 2001

  32. Summary • Distributed authorization system that addresses the issue of confidential rules and facts • Proof decomposition based on integrity policies • Recursive encryption facilitates information sharing among principals • Future work includes the evaluation of the performance and scalability

  33. Questions

  34. Trusted Proof Tree • A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Query Proof Handler

  35. Trusted Proof Tree • A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Query Proof Handler

  36. Trusted Proof Tree • A handler principal only returns a proof subtree that satisfies the querier’s integrity policies Querier Query Proof Handler

  37. Integrity Confidentiality First-Responder Scenario First Responder Situation Monitor Server Request Role Membership Query Role Server of Incident Management System Role membership query Location Query Responder Assistance Location Server Role Server of Fire Department

  38. Current Status and Future Work • Prototype implementation based on XProlog • Evaluation of the performance and scalability • User feedback mechanism

More Related