ORCON. Originator Controlled Access Control. André dos Santos Cardoso. Universidade do Porto Faculdade de Engenharia da Universidade do Porto

Transcription

1 ORCON Originator Controlled Access Control André dos Santos Cardoso Universidade do Porto Faculdade de Engenharia da Universidade do Porto November 3, 2009 André dos Santos Cardoso (FEUP) ORCON November 3, / 19

2 Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

3 Overview Of MAC and DAC Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

4 Overview Of MAC and DAC How does MAC work? Controlled by an Administrator Defines levels of access Admin defines the types of access and who has access Owner can t change permissions/level of access of Objects André dos Santos Cardoso (FEUP) ORCON November 3, / 19

5 Overview Of MAC and DAC...and DAC!? Concept of Owner is important can set permissions for others at his own discretion copied objects become owned by the copier. Permissions are given based on Identity André dos Santos Cardoso (FEUP) ORCON November 3, / 19

6 What is ORCON after all...? Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

7 What is ORCON after all...? ORCON - Originator Controlled Access Control Objective Control the dissemination of Objects through several entities, in a decentralized manner. Keep unauthorized recipients from reading the object Prevent re-dissemination from authorized subjects to unauthorized entities or subjects Creator must always give permission Authorized subjects must be able to write to the object, but Not to change Original Permissions André dos Santos Cardoso (FEUP) ORCON November 3, / 19

8 What is ORCON after all...? Controlling Dissemination André dos Santos Cardoso (FEUP) ORCON November 3, / 19

9 Can ORCON be Implemented? Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

10 Can ORCON be Implemented? With DAC? Can DAC realize the requirements? Owner can change permissions! With DAC, the owner(=!creator) can change the permissions at will, without considering the creator (originator) original permissions. DAC fails! André dos Santos Cardoso (FEUP) ORCON November 3, / 19

11 Can ORCON be Implemented? With MAC? Can MAC realize the requirements? Theoretically possible but... a different category is needed for each combination between Object/Document, Owner, and Recipient Category Explosion Problem! it s a centralized solution impossible to implement in real world. MAC fails! André dos Santos Cardoso (FEUP) ORCON November 3, / 19

12 Can ORCON be Implemented? Mixing MAC and DAC? Hybrid Solution with MAC and DAC We can combine MAC and DAC 1 The owner of an object cannot change the access controls of the object 2 When an object is copied, the access control restrictions of that source are copied and bound to the target of the copy At the resemblance of PACL! 3 The creator (originator) can alter the access control restrictions on a per-subject and per-object basis. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

13 OK, let s design a palpable solution! Contents 1 Overview Of MAC and DAC 2 What is ORCON after all...? 3 Can ORCON be Implemented? With DAC? With MAC? Mixing MAC and DAC? 4 OK, let s design a palpable solution! Threats and Countermeasures Authorized User Authentication Attained Solution André dos Santos Cardoso (FEUP) ORCON November 3, / 19

14 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Easy! Use Encryption! Unauthorized access to document storage or document transmission Figure: Symmetric Encryption Key exists only in the ORCON device, and only accessible through hardware. Content can only be decrypted and opened in the device. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

15 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Incorporate a trusted software module into the device. Unauthorized access to document storage or document transmission Copying of the document Figure: Only trusted software module is able to decrypt/encrypt information André dos Santos Cardoso (FEUP) ORCON November 3, / 19

16 OK, let s design a palpable solution! Threats and Countermeasures Threats and Countermeasures Rules are also encrypted. Unauthorized access to document storage or document transmission Copying of the document Tempering of the document dissemination rules Figure: Policies can be encrypted along with the content. Trusted Software Module Enforces the application of the Policies. Software Module also ensures the policy upon copy (PACL!) André dos Santos Cardoso (FEUP) ORCON November 3, / 19

17 OK, let s design a palpable solution! Authorized User Authentication How do we authenticate users against the policy file? Let s make use of users public keys Figure: Software Module grants access based on policy file and public keys, with a protocol of Challenge-Response in which he encrypts a challenge with the user s public key. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

18 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file André dos Santos Cardoso (FEUP) ORCON November 3, / 19

19 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document André dos Santos Cardoso (FEUP) ORCON November 3, / 19

20 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices André dos Santos Cardoso (FEUP) ORCON November 3, / 19

21 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices 4 Receiver device checks policy Receiver device can decrypt document. Trusted hardware and software module enforces policies. Policies can t ever be touched by user. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

22 OK, let s design a palpable solution! 1 Creator adds trusted user s public keys to the policy file 2 Creator encrypts policy and document 3 Creator disseminates the encrypted document to ORCON enabled devices 4 Receiver device checks policy Receiver device can decrypt document. Trusted hardware and software module enforces policies. Policies can t ever be touched by user. 5 Receiver device authenticates users through the public key contained in the policy User can use his private key to respond to the system challenge, decrypting the challenge. User is authenticated if he owns a the correponding private key André dos Santos Cardoso (FEUP) ORCON November 3, / 19

23 OK, let s design a palpable solution! Attained Solution What did we just build? Policy Enforcement Policy is disseminated along users, and enforced even when re-dissemination occurs. Memory locations can remain encrypted thanks to software+hardware solution and no trust is given to the Operating System. Decentralized Solution No central administration, which guarantees that the design works even with a large and distributed number of users. André dos Santos Cardoso (FEUP) ORCON November 3, / 19

24 Thanks Thank You! Thank You Any Questions? André dos Santos Cardoso (FEUP) ORCON November 3, / 19

25 References Consulted Material Computer Security, Art and Science - Matt Bishop Hardware-Assisted Application-Level Access Control - Yu-Yuan Chen and Ruby B. Lee Originator & Role-Based Policies, notes of Computer and Network Security from the University of North Carolina - Kevin Jeffay 6-Originator-RBAC-Policies.pdf André dos Santos Cardoso (FEUP) ORCON November 3, / 19