1 / 23

Policy-Carrying, Policy-Enforcing Digital Objects

Policy-Carrying, Policy-Enforcing Digital Objects . Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000. Access Control Challenge. Enforcement of highly expressive access control policies to support context-specific requirements of digital libraries.

willis
Download Presentation

Policy-Carrying, Policy-Enforcing Digital Objects

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Policy-Carrying, Policy-EnforcingDigital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000

  2. Access Control Challenge Enforcement of highly expressive access control policies to support context-specific requirements of digital libraries.

  3. General-Purpose Policy Enforcement

  4. Context-SpecificPolicy Enforcement

  5. Limitations of traditional access control mechanisms • Fixed set of abstractions • objects are files, directories, etc. • actions are read, write, execute, etc. • Limited expressiveness for policies • Not easily extended for complex or fine-grained policies

  6. Requirements for new contexts • Architecture that supports behavior-centric policy enforcement • Policy definition languages that are flexible • Highly secure enforcement mechanism • Support for mobile code and mobile computing environments

  7. Policy Enforcement Continuum Digital Objects repository-centric object-centric

  8. Generalization • Digital objects can be treated as generic entities, even if they are very specialized in some ways • Generic policies can address the non-specific nature of a digital object or a collection of digital objects “Only repository managers can delete objects from the collection.”

  9. Specialization • Digital objects can have object-specific policies associated with them • Policies may be fine-grained or idiosyncratic • General-purpose enforcement mechanisms will not easily accommodate these policies, if at all

  10. Users can access Lecture Object “A” according to the following rules: Access High Resolution Video Access Low Resolution Video Access Slides 1-20 Access Slides 21-25 Access Descriptive Metadata Cornell student credential Cornell student credential or pay fee No restriction Cornell student credential No restriction Example: Object-specific policy

  11. Policy-Carrying, Policy-Enforcing Digital Objects - motivation • Semantics of policies should parallel the behavioral semantics of real-world entities • Decentralized policy management • Extensibility for policies and mechanisms • Portability and Mobile computing (policies move with the objects)

  12. Experiments: Building on existing work • Fedora - digital object and repository architecture (Payette and Lagoze, 1998, 2000) • Security Automata (Schneider, 1999) • PoET - Policy Enforcement Toolkit (Erlingsson and Schneider, 1999, 2000)

  13. Fedora Digital Object Model Extensible Mechanism Encapsulated service request Typed Disseminator Internal stream Data Stream Data Stream Data Stream Generic interface Primitive Disseminator Disseminations

  14. Dublin Core Fedora - Behaviors GetVideo(quality) GetSlide(seqNum) GetSyncData GetDCRecord GetDCField(name) Lecture Mechanism Video-H (mpeg) slide-2 (gif) slide-1 (gif) Video-L (mpeg) metadata (xml) Content Disseminations Lecture Archive

  15. Security Automata • Theoretical basis for specifying policies that are enforceable, flexible, and fine-grained • Policies are modeled as finite-state machines • Enforcement mechanism simulates automaton, preventing executions that violate policy Source: Schneider, 1999

  16. Example: Simple Security Automata Lesson 1 Video Accessed Descriptive Metadata Accessed Present Cornell ID “After viewing descriptive metadata, ONLY Cornellians can access the Lesson 1 video.”

  17. Policy Enforcement Toolkit (PoET) • Implements In-line Reference Monitors (IRMs) that simulate security automata • Mediates all executions upon a system, application, or object • Modifies bytecode to embed policies (trusted program rewriter) • Converts java applications to secured applications Source: Erlingsson and Schneider, 1999, 2000

  18. PoET - how it works POLICY in PSLang JVM PoET Rewriter PoET Class Loader Modified Bytecode (policy embedded) Program runs (obeys policy) Java Bytecode Source: Erlingsson and Schneider, 1999, 2000

  19. Dublin Core Guarded Lecture Mechanism Fedora and PoET Java bytecode in-lined with policies Video-H Policy-L (psl) Video-L slide-2 (gif) Lecture Archive slide-1 (gif) Default Policy metadata (xml) Content Disseminations

  20. Dublin Core The Overall Result Guarded Lecture Mechanism Lecture Archive Content Disseminations * High resolution video (students only) ** Low Resolution video (students; others with fee) * * Slides (#1-20 all users; #21-25 students only) *

  21. Challenges and Future Work • Ramp up - enforcement of more complex policies, more object types • Examine tension between object-centric vs. repository centric policy enforcement • Mobile computing - trust schemes to support policy enforcement as objects move • “Intentional” policies and dynamic binding • Preservation application of security automata - detect unacceptable transitions

  22. References - Fedora Payette, Sandra and Carl Lagoze, “Flexible and Extensible Digital Object and Repository Architecture,” ECDL98, Heraklion, Crete, September 21-23, 1998, Springer, 1998, (Lecture notes in computer science; Vol. 1513). http://www.cs.cornell.edu/payette/papers/ecdl98/fedora.html Payette, Sandra, Christophe Blanchi, Carl Lagoze, and Edward Overly, “Interoperability for Digital Objects and Repositories: The Cornell/CNRI Experiments,” D-Lib Magazine, May 1999. http://www.dlib.org/dlib/may99/payette/05payette.html Payette, Sandra and Carl Lagoze, Policy-Carrying, Policy-Enforcing Digital Objects, accepted by Fourth European Conference on Research andAdvanced Technology for Digital Libraries, Portugal, Springer, 2000, (Lecture notes in computer science), draft available at http://www.cs.cornell.edu/payette/papers/ecdl2000/pcpe-draft.ps Payette, Sandra and Carl Lagoze, Value Added Surrogates for Distributed Content: Establishing a Virtual Control Zone, D-Lib Magazine, June 2000, http://www.dlib.org/dlib/june00/payette/06payette.html

  23. References:Security Automata and PoET Schneider, Fred B., “Enforceable Security Policies,” Computer Science Technical Report #TR98-1664, Department of Computer Science, Cornell University, July 24, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR98-1664 Erlingsson, Ulfar and Fred B. Schneider, “SASI Enforcement of Security Policies: A Retrospective,” Computer Science Technical Report #TR99-1758, Department of Computer Science, Cornell University, July 19, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR99-1758 Erlingsson, Ulfar and Fred B. Schneider, “IRM Enforcement of Java Stack Inspection,” Computer Science Technical Report #TR2000-1786, Department of Computer Science, Cornell University, February 19, 2000, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR2000-1786

More Related