170 likes | 271 Views
Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian ). Overview. Role Based Trust by Example Proposed Framework Discussion References. Role Based Trust by Example.
E N D
Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. QiTian)
Overview • Role Based Trust by Example • Proposed Framework • Discussion • References
Role Based Trust by Example • Two principals involved in transaction – can they trust each other? Alice Mortgage Alice wants to see if she is eligible for a mortgage before she wastes time with the application process.
Role Based Trust by Example • Two principals involved in transaction – can they trust each other? Alice Bank The bank is willing to reveal that its loan-approval policy uses one’s Date of Birth (DoB), current salary, and length of current employment.Further details, though, are a trade secret and confidential. Alice does not wish to disclose DoB nor salary level – considers it sensitive.
Role Based Trust by Example • Two principals involved in transaction – can they trust each other? Alice Bank Winsborough, among others, have developed cryptographic credential schemes to address this. Imagine if both principals in communication had trust capabilities, and mechanism for exchanging information according to desired privacy? For example, Bank is certified by Better Business Bureau and FDIC, so Alice can trust it. Alice, on the other hand, is certified by DMV, or DoD, or similar.
Role Based Trust by Example 2 • Bookstore that discounts for approved students. Andy Amazon.com offers discount to students under the age of 21 who attend UTSA. Role-based trust policies can be used to implement this.
Role Based Trust by Example 2 • Bookstore that discounts for approved students. Andy The credentials and policies of Amazon.com (image from [2])
Role Based Trust by Example 3 • Hostile / Friendly Identification. “Alan” “Sgt. Sam” Can “Alan” trust “Sgt. Sam”? Can “Sgt. Sam” trust “Alan”?
Formalizing Access Control Policies • Policies must be written and maintained for access-controlled services. • Policies are subject to change(consider last example – employees change frequently, as do roles and responsibilities, relationships, etc.) • Change introduces risk …
Proposal : Policy Analysis & Correction Framework “When access control policies are subject to change, analyzing them for security properties such as safety (e.g., access to the database is limited to employees) and liveness (e.g., managers will always have access to the database) requires significant tool support” [1] • RT-SPACE* is introduced as a tool for authoring, verifying, and correcting RT (Role-based Trust) policies. * Role-based Trust Management Security Policy Analysis and Correction Environment
RT-SPACE Process • Policy author builds or changes policy, then submits. • Tool performs conservative conversion into one or more policy models. • Each model automatically verified • For model that fails to satisfy desired properties, the checker produces set of counterexamples. • Policy Correction component analyses counterexamples to generate set of suggested corrections, from which policy author may select appropriate one. • Modified policy serves as input to next iteration (to ensure other properties not invalidated).
Policy Analysis Framework Components • Graph Construction • Optimization • Translation • Model Checking • Correction • Visualization
Summary • Role-based trust is important field for security and privacy in Access Control. • Policies can be tedious (and error-prone) to create and manage • RT-SPACE facilitates the creation and management process in order to achieve security and liveness efficiently and effectively.
Questions and Discussion • Any questions or comments?
References [1] Mark Reith, JianweiNiu, and William H. Winsborough. 2008. Role-based trust management security policy analysis and correction environment (RT-SPACE). In Companion of the 30th international conference on Software engineering (ICSE Companion '08). ACM, New York, NY, USA, 929-930. DOI=10.1145/1370175.1370192 http://doi.acm.org/10.1145/1370175.1370192. [2] M. Reith, J. Niu, and W. H. Winsborough. Policy analysis framework for verification and correction. Technical Report CS-TR-2007-006, UTSA, 2007. [3] Jiangtao Li, Ninghui Li, and William H. Winsborough. 2009. Automated trust negotiation using cryptographic credentials. ACM Trans. Inf. Syst. Secur. 13, 1, Article 2 (November 2009), 35 pages. DOI=10.1145/1609956.1609958 http://doi.acm.org/10.1145/1609956.1609958 [4] Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.