1 / 32

Reasoning about Secure Interoperation using Soft Constraints

Reasoning about Secure Interoperation using Soft Constraints. Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy. Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland. Speaker: Stefano Bistarelli.

orsen
Download Presentation

Reasoning about Secure Interoperation using Soft Constraints

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reasoning about Secure Interoperation using Soft Constraints Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland Speaker: Stefano Bistarelli

  2. Thanks to my co-authors…. • Barry O’Sullivan • University College Cork, Ireland • Cork Constraint Computation Centre • Constraints • Simon Foley • University College Cork, Ireland • Security, Policy, Formal Methods

  3. Motivations Admin System Sales System

  4. Security Policy Subject Do Operation Security Mechanism Object Basic Security Modeling • Subject: processes, … Objects: memory, files, … • Security policy defines rules that govern access to objects by subjects. • Security mechanism ensures security policy is upheld.

  5. Alice allowed access Bob’s files Clare allowed access Alice’s files connection Secure Composition of Systems • Systems are individually secure. • Is it safe to allow file sharing between Personnel and Sales systems? • Clare not authorized to access Bob’s files, but, • Clare may access Bob’s files via Sales system. • Need to reconfigure connections to close this circuitous access route [COLOPS2003,SAC2004,IAAI2004]. • Need to reconfigure system access configurations! Admin System Sales System

  6. Secure Interoperation • Computation Foundations [Gong&Qian, 1994] • Analyzing the security of interoperating and individually secure systems can be done in polynomial time. • Given a non-secure network configuration, then re-configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.

  7. Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work

  8. C={pairwise-different} x1 {yellow} a} C, PC, con, def, V, D, {red,blue} x2 x3 {blue,yellow} x1 x2 x3 x4 x4 {red,blue,yellow} Crisp toward soft constraints P={ combination projection

  9. 5$ C={pairwise-different} x1 3$ {yellow} • C-semiring <A,+,´,0,1>: {red,blue} x2 2$ Weighted x3 {blue,yellow} <+,min,+,+,0> x1 x2 x3 x4 Probabilistic <[0,1],max,,0,1> x4 {red,blue,yellow} Fuzzy <[0,1],max,min,0,1> Classical <{false,true},,,false,true> 15$ 15$ Combination (+) 13$ 13$ 15$ Projection (min) Crisp toward soft constraints

  10. The Semiring Framework • A c-semiring is a tuple <A,+,×,0,1> such that: • A is the set of all consistency values and 0, 1A.0is thelowest consistency value and 1 is the highest consistency value; • +, the additive operator, is a closed, commutative, associativeand idempotent operation such that 1 is its absorbing elementand 0 is its unit element; • ×, the multiplicative operator, is a closed and associative operationsuch that 0is its absorbing element, 1is its unit elementand × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi,Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar1997.

  11. Semiring-based Constraints • Given a semiring<A,+,×, 0, 1>, an ordered set of variablesV over a finite domain D, a constraint is a function which mapsan assignment  of the variables in the support of c, supp(c) toan element of A. • Notation c represents the constraint function c evaluated underinstantiation , returning a semiring value. • Given two constraints c1 and c2, their combination is defined as(c1c2) = c1×c2 . • The operation C represents the combination of a set ofconstraints C. • a· b iff a+b=b • c1v c2 iff 8 c1· c2 Stefano Bistarelli, Ugo Montanari and Francesca Rossi,Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.

  12. Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work

  13. {w} a b Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T> CS,O(a,b)={w}

  14. F T a a b b CS,O(a,b)=F CS,O(a,b)=T Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T>

  15. a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T

  16. a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T

  17. a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T

  18. a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T

  19. a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T

  20. C> CS v Secure reconfigurations C? Access Reconfiguration • Existing configuration CS may be safely re-configured to CS’ when CS’v CS CS’

  21. a b c a b rw rw a b a b rw w rw r c r c c Access Reconfiguration: Example

  22. a b a c c d Access Interoperation CS1 CS3 • Has to be a secure reconfiguration of both the sistems S1 and S3

  23. a b a c c d Access Interoperation CS1 CS3

  24. a a a b b a c d c c c d a b a c c d Access Interoperation CS1­CS3 CS1 CS3

  25. CS1 CS3 a b a c c d Access Transitivity

  26. a a b c d c Access Transitivity CS1­CS3 CS1 CS3

  27. a a a a b b c c d d c c a a b c d c Access Transitivity CS1­CS3 CS1 CS3

  28. CS1 CS1 CS1­CS3 a b a a b b a c c c c d CS3 a b c Access Transitivity vs non-transitivity

  29. Where to from here? • Real world implementation: • Currently seeking funding to work with a company based in New Hampshire, USA.

  30. Conclusion • We described how constraints provide a natural approach to modelling and solving the secure interoperation problem • Access Configuration • Access Reconfiguration • Access Interoperation • Transitivity entities • All naturally represented with constraint operations

  31. Questions? • Thank you for your attention • You have been listening to: • “Reasoning about Secure Interoperation using Soft Constraints” • Stefano Bistarelli, Simon Foley and Barry O’Sullivan • Proceedings of FAST2004, pag. 183-196

More Related