320 likes | 408 Views
Reasoning about Secure Interoperation using Soft Constraints. Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy. Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland. Speaker: Stefano Bistarelli.
E N D
Reasoning about Secure Interoperation using Soft Constraints Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland Speaker: Stefano Bistarelli
Thanks to my co-authors…. • Barry O’Sullivan • University College Cork, Ireland • Cork Constraint Computation Centre • Constraints • Simon Foley • University College Cork, Ireland • Security, Policy, Formal Methods
Motivations Admin System Sales System
Security Policy Subject Do Operation Security Mechanism Object Basic Security Modeling • Subject: processes, … Objects: memory, files, … • Security policy defines rules that govern access to objects by subjects. • Security mechanism ensures security policy is upheld.
Alice allowed access Bob’s files Clare allowed access Alice’s files connection Secure Composition of Systems • Systems are individually secure. • Is it safe to allow file sharing between Personnel and Sales systems? • Clare not authorized to access Bob’s files, but, • Clare may access Bob’s files via Sales system. • Need to reconfigure connections to close this circuitous access route [COLOPS2003,SAC2004,IAAI2004]. • Need to reconfigure system access configurations! Admin System Sales System
Secure Interoperation • Computation Foundations [Gong&Qian, 1994] • Analyzing the security of interoperating and individually secure systems can be done in polynomial time. • Given a non-secure network configuration, then re-configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.
Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work
C={pairwise-different} x1 {yellow} a} C, PC, con, def, V, D, {red,blue} x2 x3 {blue,yellow} x1 x2 x3 x4 x4 {red,blue,yellow} Crisp toward soft constraints P={ combination projection
5$ C={pairwise-different} x1 3$ {yellow} • C-semiring <A,+,´,0,1>: {red,blue} x2 2$ Weighted x3 {blue,yellow} <+,min,+,+,0> x1 x2 x3 x4 Probabilistic <[0,1],max,,0,1> x4 {red,blue,yellow} Fuzzy <[0,1],max,min,0,1> Classical <{false,true},,,false,true> 15$ 15$ Combination (+) 13$ 13$ 15$ Projection (min) Crisp toward soft constraints
The Semiring Framework • A c-semiring is a tuple <A,+,×,0,1> such that: • A is the set of all consistency values and 0, 1A.0is thelowest consistency value and 1 is the highest consistency value; • +, the additive operator, is a closed, commutative, associativeand idempotent operation such that 1 is its absorbing elementand 0 is its unit element; • ×, the multiplicative operator, is a closed and associative operationsuch that 0is its absorbing element, 1is its unit elementand × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi,Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar1997.
Semiring-based Constraints • Given a semiring<A,+,×, 0, 1>, an ordered set of variablesV over a finite domain D, a constraint is a function which mapsan assignment of the variables in the support of c, supp(c) toan element of A. • Notation c represents the constraint function c evaluated underinstantiation , returning a semiring value. • Given two constraints c1 and c2, their combination is defined as(c1c2) = c1×c2 . • The operation C represents the combination of a set ofconstraints C. • a· b iff a+b=b • c1v c2 iff 8 c1· c2 Stefano Bistarelli, Ugo Montanari and Francesca Rossi,Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.
Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work
{w} a b Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T> CS,O(a,b)={w}
F T a a b b CS,O(a,b)=F CS,O(a,b)=T Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T>
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
C> CS v Secure reconfigurations C? Access Reconfiguration • Existing configuration CS may be safely re-configured to CS’ when CS’v CS CS’
a b c a b rw rw a b a b rw w rw r c r c c Access Reconfiguration: Example
a b a c c d Access Interoperation CS1 CS3 • Has to be a secure reconfiguration of both the sistems S1 and S3
a b a c c d Access Interoperation CS1 CS3
a a a b b a c d c c c d a b a c c d Access Interoperation CS1CS3 CS1 CS3
CS1 CS3 a b a c c d Access Transitivity
a a b c d c Access Transitivity CS1CS3 CS1 CS3
a a a a b b c c d d c c a a b c d c Access Transitivity CS1CS3 CS1 CS3
CS1 CS1 CS1CS3 a b a a b b a c c c c d CS3 a b c Access Transitivity vs non-transitivity
Where to from here? • Real world implementation: • Currently seeking funding to work with a company based in New Hampshire, USA.
Conclusion • We described how constraints provide a natural approach to modelling and solving the secure interoperation problem • Access Configuration • Access Reconfiguration • Access Interoperation • Transitivity entities • All naturally represented with constraint operations
Questions? • Thank you for your attention • You have been listening to: • “Reasoning about Secure Interoperation using Soft Constraints” • Stefano Bistarelli, Simon Foley and Barry O’Sullivan • Proceedings of FAST2004, pag. 183-196