1 / 20

Secure Information Sharing Using Attribute Certificates and Role Based Access Control

International Conference of Security and Management 2005. Secure Information Sharing Using Attribute Certificates and Role Based Access Control. Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado at Colorado Springs. Introduction to Information Sharing.

Download Presentation

Secure Information Sharing Using Attribute Certificates and Role Based Access Control

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. International Conference of Security and Management 2005 Secure Information Sharing UsingAttribute Certificates and Role Based Access Control Ganesh Godavari, C. Edward Chow 06/22/2005 University of Colorado at Colorado Springs

  2. Introduction to Information Sharing • Information Sharing relates to the sharing of information between two or more entities. • Synchronous Information Sharing • real-time communication • collaboration in "same time-different place” • Tools -- Instant messaging, Video conferencing ... • Asynchronous Information Sharing • Collaboration in “different time-different place” • Tools -- Discussion boards, E-mail …

  3. Introduction to Information Sharing • Steps for secure Information sharing • Authentication • Username/password, pin #, X509 Certificates, • Authorization • Group based authorization, role based authorization etc • Access • Secure storage of Authorization policy is critical • Attribute Certificates (AC)

  4. Secure Information Sharing • Motivation • Paradigm Shift “Need to Know” to “Need to Share” • Incidents like 9/11, natural disasters relief. • Organizations are intertwined more so now then ever. • Rapid deployment of a secure information sharing system for a multi-agency taskforce has become critical issue for homeland security and defense • Information Sharing relates to the sharing of information between multiple agencies or organization.

  5. Role Based Access Control NIST study shows user’s role less likely to change and roles are tightly related to access rights to information.File system operations: read, write and execute DBMS operations: Insert, delete, append and update Permission Assignment (PA) User Assignment (UA) USERS ROLES operation objects PRMS user_session session_roles SESSIONS Gives roles activated by the session User is associated with a session many-to-many relationship one-to-many relationship

  6. Attribute Certificates • AC’s • Standardized in RFC-3281, “An Internet Attribute Certificate for Authorization” • no public key like Public Key Certificate (PKC) • used for storing short duration attributes • Role, resource allocation, security clearance… • AC in security • Strong identity of the holder is not required • access control specification • Non-repudiation of the attributes by the issuer • Privilege delegation, role allocation ….

  7. Privilege Management Infrastructure (PMI) • Privilege Management Infrastructure • Similar to Public Key Infrastructure • Function is to specify the policy for the attribute certificate issuance and management Comparison of PKIs and PMIs [chad2-02]

  8. Issues with large multi-agency Information System • Issues • How can we authenticate users belonging to multiple organization? • Authorization policy specification encompassing multiple organizations • Solutions • X509 certificates for identification of users • Authorization based on RBAC[] model • Security Administration can be a management nightmare

  9. Context Free Grammar of Authorization Policy Specification sisprivilegeset <role name> <privilegeset name> { <privilege> := if ( <expression> ) do <action> <expression> := <term> | <term> && <expression> | ( <expression> ) | ! ( <expression> ) <term> := <factor> | <factor> || <term> | ( <term> ) <factor> := <variable operator value> <operator> := > | >= | < | <= | == | != | # <action> := grantAccess | rejectAccess | acquirePrivileges <privilegeset Name> | contact <authorization server> } #: regular expression string matching operator

  10. RBAC specification format <?xml version="1.0" encoding="utf-8" standalone="yes"?> <!--===== SIS request example =====--> <sis> <Role>administrator</Role> <Group>Info Share</Group> <OU>UCCS</OU> </sis>

  11. Example – File Access Specification • Privilege specification for administrator • File access control specification sisprivilegeset administrator filematch { if ( ( url # “/etc/passwd” ) && ( requestAction # “get” ) ) do grantAccess # user accounts protection from get and post requests by administrator if ( ( url # “*~*/private/” ) && ( requestAction # “get” ) ) do rejectAccess if ( ( url # “*~*/private/” ) && ( requestAction # “post” ) ) do rejectAccess : } #: matching operator (A # B: if A contains B)

  12. RBAC Policy file User Role Specification AC Administration Server Tool Mail Server Database Access Control PKC Instant Msg Decision and User Server Enforcement Authenticate Engine Web Server SIS system overview Create/Change/Revoke Attribute Certificates authorize (ACDE)

  13. Access Control and Decision Enforcement

  14. Setup CA • The coordinator of the task force from multiple agencies set up a rootCA-MA (root CA for Multiple Agencies). • Each agency requests a certificate to be signed by rootCA-MA. • Each agency issues a new PKC to each user in its organization involved in the task force. • At each server which providing secure information sharing service for this task force, add the rootCA-MA information into CABundle (file containing list of valid CA's). • Each client/user installs the certificate in the local browser or application's.

  15. Choices for storing AC’s • A user's AC can be stored • central repository of the taskforce • with the agency's local administrator have control only over the AC's of the users belonging to that agency • locally at each agency that defines his role within that agency • user's privileges are the result of the association of the user with a particular agency • user's privileges are revoked • all the agencies must be notified • Prevent unauthorized access • Trust relationship between organizations determines where the AC's are stored

  16. Setup PMI • Our approach • Store all the user privileges in the organization the user originally belongs to • Check user's privileges on every attempt to access the resources • Setup PMI • The coordinator of the task force signs the AC’s of the members. • Agency members AC’s are distributed and installed on the LDAP server of the agency. • web servers and shared applications query the PMI for authorization and access control

  17. Implementation • Apache (v 1.3.31) + Mod_SSL(v 2.8.18-1.3.31) + openSSL (v 0.9.7d) • We modified mod_auth_ldap with AC based ACDE • OpenLDAP (v 2.0.27-8) • Attribute Certificate's attribute definitions was added to inetorg-person.schema • OpenSSL libraries used for generating X509 certificates • we created AC generation utility using OpenSSL • For validation we use Markus Lorch’s code • We created PKC generation utility based on EXPECT

  18. SIS Test-bed • All Machines • Pentium-III, 500 MHz • 256 MB RAM • Redhat Linux-2.4.20-6 PerformanceAccess Time from a client at sis-canada

  19. Conclusions • Developed efficient procedures and tools to set up Public Key Infrastructure for authentication and Privilege Management Infrastructure for authorization. • Created a multi-agency SIS test bed based on LDAP and web servers. • OpenLDAP servers were enhanced to accept attribute certificates. • LDAP module of the apache web server was extended to achieve secure web access.

  20. Version Version Serial Number Serial Number Signature ID Signature ID e e r r Subject Holder u u t t a a n n Issuer Issuer g g i i S S Validity Period Validity Period Subject Public Key Info Attributes Extension’s Extensions Public Key Certificate Attribute Certificate ( PKC ) ( AC ) PKC vs. AC • PKC binds a subject (DN) to a public key • AC's binds permission (attributes) to an entity

More Related