New Approaches in Software Security: Composition of Privileges

Similar documents
Access Control Intro, DAC and MAC. System Security

CS 665: Computer System Security. Designing Trusted Operating Systems. Trusted? What Makes System Trusted. Information Assurance Module

Lecture 14 Towards Trusted Systems Security Policies and Models

Chapter 23. Database Security. Security Issues. Database Security

Marianne Winslett, (fax)

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

Role Based Access Control (RBAC) Nicola Zannone

An Object Oriented Role-based Access Control Model for Secure Domain Environments

Access Control Models Part I. Murat Kantarcioglu UT Dallas

SEA PRE SCREENING REPORT (COVER NOTE ) PART 1. An SEA Pre Screening Report is attached for the plan, programme or strategy (PPS) entitled:

Access Control Basics. Murat Kantarcioglu

Security Enhanced Linux and the Path Forward

Chapter 23. Database Security. Security Issues. Database Security

SECURITY MODELS FOR OBJECT-ORIENTED DATA BASES

INF3510 Information Security University of Oslo Spring Lecture 8 Identity and Access Management. Audun Jøsang

SIXTH GRADE PLATE TECTONICS 1 WEEK LESSON PLANS AND ACTIVITIES

1.6. Piecewise Functions. LEARN ABOUT the Math. Representing the problem using a graphical model

0 0 such that f x L whenever x a

Access Control Matrix

Reference Guide for Security in Networks

Draft Martin Doerr ICS-FORTH, Heraklion, Crete Oct 4, 2001

Secure Document Circulation Using Web Services Technologies

Mandatory Access Control

Security Architecture and Design

Security and Cryptography 1. Stefan Köpsell, Thorsten Strufe. Module 8:Access Control and Authentication

Completeness, Versatility, and Practicality in Role Based Administration

Resources, process calculi and Godel-Dummett logics

Semantic Description of Distributed Business Processes

Role-based Authorization Constraints Specification Using Object Constraint Language

GMP and QMS Regulation in Japan

Support Vector Machine. Tutorial. (and Statistical Learning Theory)

The fairy tale Hansel and Gretel tells the story of a brother and sister who

How To Model Access Control Models In Cse543

Role Based Access Control: Adoption and Implementation in the Developing World

Security Models: Past, Present and Future

Material and some slide content from: - Software Architecture: Foundations, Theory, and Practice NFPs Reid Holmes Lecture 5 - Tuesday, Sept

A methodology for secure software design

Database Security and Authorization

CSE543 - Introduction to Computer and Network Security. Module: Access Control

Constructing Trusted Code Base XIV

Foundations Applications Technologies

Analysis of Different Access Control Mechanism in Cloud

Identity Management Basics. OWASP May 9, The OWASP Foundation. Derek Browne, CISSP, ISSAP

Implementing XML-based Role and Schema Migration Scheme for Clouds

RBAC and HIPAA Security

Linear Equations in Linear Algebra

STRAND: ALGEBRA Unit 3 Solving Equations

APIs The Next Hacker Target Or a Business and Security Opportunity?

Administration of Access Control in Information Systems Using URBAC Model

CS377: Database Systems Data Security and Privacy. Li Xiong Department of Mathematics and Computer Science Emory University

White Paper. Authentication and Access Control - The Cornerstone of Information Security. Vinay Purohit September Trianz 2008 White Paper Page 1

Introduction to Computer Security

Chapter 3: Distributed Database Design

Information Flows and Covert Channels

1.6. Piecewise Functions. LEARN ABOUT the Math. Representing the problem using a graphical model

Service-Oriented Architecture and Software Engineering

OpenHRE Security Architecture. (DRAFT v0.5)

Assuring Privacy of Medical Records in an Open Collaborative Environment A Case Study of Walloon region's ehealth Platform

How To Understand And Solve Algebraic Equations

Role Based Access Control

Verifying Semantic of System Composition for an Aspect-Oriented Approach

Role-based access control. RBAC: Motivations

INTEROPERABILITY IN DATA WAREHOUSES

BM482E Introduction to Computer Security

Agenda. Overview. Federation Requirements. Panlab IST Teagle for Partners

MATH 10550, EXAM 2 SOLUTIONS. x 2 + 2xy y 2 + x = 2

The Future of Access Control: Attributes, Automation and Adaptation

IDENTITY MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Solution Park Support for Visual Dashboards

SPL: An access control language for security policies with complex constraints

Chapter 2 Taxonomy and Classification of Access Control Models for Cloud Environments

IAntarcticaI. IArctic Ocean I. Where in the World? Arctic Ocean. Pacific Ocean. Pacific Ocean. Atlantic Ocean. North America.

JOURNAL OF OBJECT TECHNOLOGY

IT2304: Database Systems 1 (DBS 1)

CompTIA Security+ Certification SY0-301

Outline. INF3510 Information Security University of Oslo Spring Lecture 9 Identity Management and Access Control. The concept of identity

Introduction to IT Security

Risk-Aware Role-Based Access Control

The XACML Enabled Gateway The Entrance to a New SOA Ecosystem

IT2305 Database Systems I (Compulsory)

White Paper The Identity & Access Management (R)evolution

UIMA and WebContent: Complementary Frameworks for Building Semantic Web Applications

An Extended Role-based Access Control Model for. Enterprise Systems and Web Services

MEMORANDUM. All students taking the CLC Math Placement Exam PLACEMENT INTO CALCULUS AND ANALYTIC GEOMETRY I, MTH 145:

Identity Management and Access Control

SELinux. Security Enhanced Linux

Components- Based Access Control Architecture

Oracle SOA Suite Then and Now:

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 7 Access Control Fundamentals

Rewrite-Based Access Control Policies in Distributed Environments

International Journal on Recent and Innovation Trends in Computing and Communication ISSN Volume: 1 Issue: DATABASE SECURITY

BPCMont: Business Process Change Management Ontology

NCSU SSO. Case Study

Extending XACML for Open Web-based Scenarios

Exercises in Mathematical Analysis I

Access Control of Cloud Service Based on UCON

A Model for Secure Multimedia Document Database System in a Distributed Environment

Secure Database Development

Data-centric Security

ITM661 Database Systems. Database Security and Administration

Transcription:

New Approaches in Software Security: Composition of Privileges Dr. Michael Hoche, Martin Kortwinkel EADS Deutschland GmbH Michael.Hoche@eads.com, Martin.Kortwinkel@eads.com SET Congress 2009, Zürich Outline Problem Description Eisting solutions and models Formalization / Abstraction Conceptual Solution Practical Application Conclusion This talk consists of a gentle introduction in the security domain followed by a formal description of the proposed method. Advantageousness is illustrated by providing some application eamples. 2

Problem Description Security is usually a build in property of software Application integration of heterogeneous access rights management is hard work. Usually integrated things comprise their own individual full featured and different a access rights management. There is a strong need to unify them. We introduce a new formal verifiable technique by looking at the well known concept of authorization. We impose a new embedding in a quasi ordering on rights as a natural result of a stronger notion of composition. 3 Problem Description General Subject Object Access Relation The compleity of implicit dependencies in a net of objects Object / Subject Has right 4

Eisting Solutions & Models Part 1 Discretionary Access Control (DAC) Access control only by user identity and his right on resource Mandatory Access Control (MAC) DAC plus additional rules & properties (e.g. label, code word) Role Based Access Control (RBAC) Fi role resource access rights Multi-Level-Security Systems (MLS) Access control by access (vertical) level (e.g. free, restricted,..) Bell-LaPadula-Model MAC combined with security levels Biba-Model / Low-Watermark Mandatory Access Control MAC with policies March 2009 Composition of Rights 5 Eisting Solutions & Models Part 2 Policy based access control Multi-lateral Security Systems MLS (vertical) plus code words (horizontal) Compartment-Model - Lattice-Model Combination of security level and categories by policy based access control for information flow Chinese Wall Brewer-Nash Model Access control cluster (e.g. company), granted access if recent accesses into cluster Clark-Wilson-Model Access by valid transactions (mainly used by host systems), defines enforcement rules and certification rules BMA-Model (British Medical Association) Combination of Clark-Wilson Model and Bell-LaPadula-Model decentralized model, access rights defined by data owner March 2009 Composition of Rights 6

Formalization Restriction on Transitions State Transition Clark-Wilson-Model Objects Invariant 7 Formalization Complete Subject/Object Right Relation Objects Subjects MAC model Right 8

Conclusion eisting models Models are specialized on solving specific problems. The compleity augments not linear with increasing number of objects, subjects, and access right definitions. All models to simple for heterogeneous multi-lateral systems. No model realizes need-to-know access control sufficient, especially not in multi-lateral systems. All models are not very fleible to reorganize access rights. 9 Concept Composition of Privileges Rules Ordering set of right definitions Assigning of rights to objects to perform an operation which defines a mapping of objects to ordered rights. (1st Function) Assigning of rights to subject to perform an operation which defines a mapping of subjects to ordered rights. (2nd Function) Validating right of subject to perform operation by comparing order of results of 1st Function and 2nd Function. 10

Conceptual Solution Subject/Object Right Relation 1 0 Objects / Subjects Rights 11 Conceptual Solution Rights hierarchy & ordering Objects (Rights, ) Object aggregation ma 2 Objects (Rights, ) Permission granted!!! 2 Subjects (Rights, ) Subject aggregation min Subjects (Rights, ) 12

Conceptual Solution Multilateral Subject/Object Right Management Component A Component B Objects a 1 b 1 Objects b c r1 r2 r3 y 0 0 y z Subjects Subjects 13 Conceptual Solution Composition Rights 1,1 1,r3 1,0 r1,1 r2,1 r1,r3 r2,r3 r1,0 r2,0 0,1 0,r3 0,0 14

Conceptual Solution Composition Credentials a c 1,0 b 1,r3 1,1 r1,1 r2,1 r1,r3 r2,r3 r1,0 r2,0 0,1 y 0,r3 0,0 z y 15 Practical Application Right vectors Right vectors (labels) are sets of right definitions with specific semantics. Definition: (What should define a right vector) Mapping of different aspects which defines information access. Each aspect should be independent to others. For each aspect there is an ordering of rights. Each aspect forms his own semantic contet for information access. Eample for right vector: Level of security (free, restricted, confidential, secret, top secret) Geo-localization Time range Role Etendible 16

Right Vector Eample Confidentiality & Time Range Function: higher confidential Function: time interval within 17 Right Vector Eample Geo-localization No Region Function: is complete contained in Frauenfeld Paris Thurgau Corsica Congo New York Melbourne Swiss France Corsica & Medit. Sea Mediterranean Sea Atlantic Ocean Oceania Antarctic Arctic Europe Asia Africa Sea America Australia World 18

ESB implementation For each object type (e.g. Services, data within specific DB) it can be defined access right aspects which are shared for a domain. Result: Definition of right vectors For each element of the vector there is a function which calculates the ordering of the values and can add new elements. Heterogeneous domains can compose their right vectors. 19 Conclusion Advantages of ordered rights method On-the-fly and dynamic at run-time evaluation of access rights Right definitions always consistent Semantics of interpretation is definable by application (no domain specific semantic) Can be used to decide access by contet (need-to-know) Compatible for integration of ontologies. Heterogeneous right definitions of foreign systems has not to be harmonized. They are combinable. Works for aggregated sets of subjects and objects, too. Hom_S(s) Hom_O(o) Construction creates partial or complete Boolean Algebra or lattice which can be efficiently and compactly presented and implemented. The right ordering method can be embedded into each of the eisting access right systems and models. Eisting standards and components like SAML, LDAP, PEP can be used. 20

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information