a credential-based approach for facilitating automatic, secure resource sharing among ad-hoc dynamic...
Post on 21-Dec-2015
222 views
TRANSCRIPT
A Credential-Based Approach for Facilitating Automatic, Secure Resource Sharing Among
Ad-hoc Dynamic Coalitions
Janice Warner and Vijayalakshmi Atluri
Rutgers University
Ravi Mukkamala
Old Dominion University
August 2005
August 2005 IFIP05-Warner, Atluri and Mukkamala
2
Coalition Resource Sharing• Dynamic and Ad-hoc – members may leave and new
members may join• Examples:
• Natural Disaster: government agencies, non-government organizations and private organizations may share data about victims, supplies and logistics.
• Homeland Security: Information collected by various governmental agencies shared for comprehensive data mining
• Virtual Enterprises: Collaboration between companies
August 2005 IFIP05-Warner, Atluri and Mukkamala
3
Current Approaches to Resource Sharing• Form teams (workgroups) comprising of users from all coalition
entities Problems: not viable and scalable - may result in delays• User ids given to each external member of the coalition and
access control is provisioned on these ids.Problem: administratively burdensome; requires explicit revocation upon coalition or user termination
• Single access id provided to each external coalition entityProblem: Fine-grained access control is not possible
• Resources are copied to external coalition memberProblem: Updates are difficult and may result in uncontrolled sharing
August 2005 IFIP05-Warner, Atluri and Mukkamala
4
Outline
• Motivation
• What is needed
• CBAC Model
• DCBAC Model
• Conclusions and Future Work
August 2005 IFIP05-Warner, Atluri and Mukkamala
5
Resource Sharing among Coalitions
• Typically, the policies for sharing are stated at the coalition level
• Example – The Red Cross and Doctors without Borders will work together to investigate the spread of infectious diseases in the wake of a natural disaster.
• Enforcing coalition-level security policies requires transforming them to implementation level
• Example - Dr. Roberts of Doctors without Borders can access reports on the spread of infectious diseases in Turkey.
August 2005 IFIP05-Warner, Atluri and Mukkamala
6
Our Preliminary Solution (presented at ICDCIT04)
• A formal model comprising of three levels (user-object, role, coalition levels)
• Enables handshaking of relevant information by appropriate levels of the agencies
• Allows distributed access control – control remains in the hands of the resource owner
August 2005 IFIP05-Warner, Atluri and Mukkamala
7
role segment user-object request
Layered CBAC Model
User-Object Level
RoleLevel
CoalitionLevel
user-object request
role segment user-object request
Entity ADrs-w/o-Borders
Entity BRed Cross
User-Object Level
RoleLevel
CoalitionLevel
user-object request
coalition segment role segment user-object request
=roberts, concept:disease, type: data
= doctor (location: Turkey, specialty: immunology) concept:disease, type: data
= 555444555, DB99, RC11, doctor (location: Turkey, specialty: immunology) concept: disease, type: data
= doctor (location: Turkey, specialty: immunology) concept:disease, type: data
=RID799, RID223
August 2005 IFIP05-Warner, Atluri and Mukkamala
8
Limitations of CBAC Model
• Coalitions need to have high level agreements in place before there is a flow of information:
• Coalition entities know what is available and how to find it.
• Coalition entity ids are pre-assigned.
• Credentials requirements are union of all associated with role that has access to requested object.
August 2005 IFIP05-Warner, Atluri and Mukkamala
9
Dynamic Coalition-Based Access Control Model (DCBAC)
• Dynamic because:• Employs a Coalition Service Registry (CSR) where
shared resources and coalition level policies are publicized
Agreements do not need to established between coalition partners beforehand
• Computes credentials needed by external user from local access control policies through Mapper layer.
Coalition access control policy determined through transformation of local access control policy
August 2005 IFIP05-Warner, Atluri and Mukkamala
10
Principals of DCBAC
• Existing access control mechanisms within each coalition entity remain intact.
• Access rights are granted to subjects only if they belong to an organization recognized by the coalition.
• Subjects of a coalition entity must have credentials with attribute values comparable to those of local subjects.
August 2005 IFIP05-Warner, Atluri and Mukkamala
11
Network (e.g., Internet)Network (e.g., Internet)
DCBAC Architecture
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level Coalition Level
Local Services(shared and private)
Local Services(shared and private)
CoalitionService Registry
(CSR)
CoalitionAccess Point
(CAP)
August 2005 IFIP05-Warner, Atluri and Mukkamala
12
Example Emergency Management Scenario
International Red Cross makes available its Emergency Response IS subject to:
Organization Level Policy:Must be member of a non-profit, certified, relief organization.
Individual Policy: Access is restricted to information concerning the emergency site in which they are currently working.
Policy Based on LAC Mapping:Credentials must be comparable with those of internal users.
August 2005 IFIP05-Warner, Atluri and Mukkamala
13
Coalition Service Registry
• Similar to UDDI Web Service Registry• Advertises resources that coalition entities make
available• Describes interface to resources• Describes credentials needed to access resources
• Verifies organizational-level credentials• Issues a “ticket” which can be submitted by
individuals in authenticated organization with request to access a specific resource.
CoalitionService Registry
(CSR)
August 2005 IFIP05-Warner, Atluri and Mukkamala
14
CSR is a UDDI-like Registry CoalitionService Registry
(CSR)
businessEntity
businessService
bindingTemplate
UDDI:name
UDDI:discovery URL
UDDI:contacts
UDDI:description
UDDI:name
UDDI:category bag
UDDI:description
UDDI:accessPoint
UDDI:category bag
UDDI:description
UDDI:tModelInstanceDetails
August 2005 IFIP05-Warner, Atluri and Mukkamala
15
CSR is a UDDI-like Registry CoalitionService Registry
(CSR)
businessEntity
businessService
bindingTemplate
UDDI:name
UDDI:discovery URL
UDDI:contacts
UDDI:description
UDDI:name
UDDI:category bag
UDDI:description
UDDI:accessPoint
UDDI:category bag
UDDI:description
UDDI:tModelInstanceDetails
Resources listed in the CSRare searchable based on resource identifiers, name,keywords or category.
August 2005 IFIP05-Warner, Atluri and Mukkamala
16
CSR is a UDDI-like Registry CoalitionService Registry
(CSR)
businessEntity
businessService
bindingTemplate
UDDI:name
UDDI:discovery URL
UDDI:contacts
UDDI:description
UDDI:name
UDDI:category bag
UDDI:description
UDDI:accessPoint
UDDI:category bag
UDDI:description
UDDI:tModelInstanceDetails
Provides network addressof Coalition Access Pointfrom which resource canbe requested.
Provides credential info and other access requirements
August 2005 IFIP05-Warner, Atluri and Mukkamala
17
Network (e.g., Internet)Network (e.g., Internet)
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition LevelCoalition
Service Registry(CSR)
Example – Resource request is made
〈 744, roberts, concept: disease type: data 〉
〈 744, (degree:MD, gender:M, location:Turkey, specialty: infectious disease), concept: disease type: data 〉
〈 744, (location:Turkey, specialty: infectious disease), Red_Cross_RID_730〉
August 2005 IFIP05-Warner, Atluri and Mukkamala
18
Network (e.g., Internet)Network (e.g., Internet)
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition LevelCoalition
Service Registry(CSR)
Example – Obtain organizational assertion
Doctors-Without-Borders CAP consults the CSR:• to find the resource(s) (if it has not been located before)• to obtain a valid organizational assertion (if it does not currently have one)
August 2005 IFIP05-Warner, Atluri and Mukkamala
19
Tickets are SAML assertions
• Assertions are declarations of facts:• Issuer ID and issuance timestamp• Assertion ID• Subject• “Conditions” under which assertion is valid (e.g.,
validity period)
• CSR declares that organizational credentials were submitted and validated.
• Assertions can be digitally signed (and should be)
CoalitionService Registry
(CSR)
August 2005 IFIP05-Warner, Atluri and Mukkamala
20
Example – Request send to provider’s CAP
Network (e.g., Internet)Network (e.g., Internet)
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level
Coalition Level
Local Services(shared and private)
〈 744, Doctors Without Borders, Red Cross, SAML Assertion, Red_Cross_RID_730, (location:Turkey, specialty: infectious disease) 〉
August 2005 IFIP05-Warner, Atluri and Mukkamala
21
Example – Provider evaluates request
Network (e.g., Internet)Network (e.g., Internet)
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level Coalition Level
Local Services(shared and private)
〈 744, Red_Cross_RID_730, (location:Turkey, specialty: infectious disease) 〉
Validates organizational credentials
〈 744, Red_Cross_RID_730〉
August 2005 IFIP05-Warner, Atluri and Mukkamala
22
Conclusions• DCBAC automates translation of coalition level
policies into subject-resource level.• Depends upon credentials – both organizational level and
user.• Maps roles to credentials commonly held by members of
the role.
• Uses a Coalition Service Registry so that ad-hoc coalitions can be formed simply by discovering resources that are needed.
• Can be built using currently available standard protocols – XACML, UDDI and SAML.
August 2005 IFIP05-Warner, Atluri and Mukkamala
23
Ongoing Work• Mapper – Details on mapping local policies to
credentials submitted to ICISS 2005• Graph-based approach• Strategies for inclusion of similar credentials
• Data mining of logs, local policies, and other security related data to obtain:
• Groupings of users with similar data requirements and attributes
• Groupings of resources
• Resolving semantic heterogeneity between policies and credential attributes.
August 2005 IFIP05-Warner, Atluri and Mukkamala
24
DCBAC – Coalition Level
• Interacts with the coalition level at other coalition entities through the Coalition Access Point (CAP).
• Incoming: Processes requests by validating CSR ticket.
• Outgoing: Obtains ticket, appends to user request and forwards it to appropriate CAP.
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level
August 2005 IFIP05-Warner, Atluri and Mukkamala
25
DCBAC – Credential Filter
• Incoming Requests:• Determines whether user credentials sent
with request are adequate.• Optionally, can downgrade or upgrade the
credentials of users from specific entities.
• Outgoing Requests:• Filters user credentials such that only
those necessary to obtain access are sent.
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level
August 2005 IFIP05-Warner, Atluri and Mukkamala
26
DCBAC - Mapper
• Assumes RBAC local access control although this is not essential.
• Incoming – Compares user credentials to internal roles that have rights to requested resource.
• Outgoing – Determines role played by requester and retrieves credentials common to users playing that role.
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level
August 2005 IFIP05-Warner, Atluri and Mukkamala
27
DCBAC – LAC
• Enforces control on local services for both local and non-local requests.
• Local requests are received through the local user interface.
• External requests are received through the mapper.
Local User Interface
Local AccessControl (LAC)
Credential toLAC Mapper
Credential Filter
Coalition Level