granularity based flow control omar abahmane luigi logrippo université du québec en outaouais pst...
TRANSCRIPT
Granularity Based Flow Control
Omar Abahmane
Luigi Logrippo
Université du Québec en Outaouais
PST 2014
July 23, 2014
Outline
Introduction Information flow control Security models and Flow control (challenges
and limits) Granular computing Granularity Based Flow Control (the model) Advantages of the GBFC model Implementation example Conclusion
Introduction What was my address and phone number in
1997? Hard to recall without mistakes! Found it on a website that also provided more
recent addresses, my age, my email, some possible relatives and other private information … !
How did that site get my information? …. Scary!! The apps on a mobile phone may have
access to much more confidential data and are connected to the Internet all time …
Information flow control challenges Fact: Too much Information … changing
frequently Challenge for : Security Policy management
Fact: Too many security domains Challenge : Information tracking
Fact: Too many objects and forms of flow Challenge : Real time flow control
Fact: Too much changing technologies Challenge : Upgrading and End to end security
Fact: Too many recipients Challenge : Information usage control
Security models and Flow control (the limits)
Too permissive of the flow Permit undesirable flows that compromise
confidentiality Too restrictive of the flow
Prevent legitimate flow causing a problem of information availability
Flow = Access Consider access control mechanisms sufficient for
flow control Manage security through securing subjects
and objects Secure data based on a secondary component
rather than securing data itself.
Granular computing
Introduced in : 1997 Fundamental components : Granules Forms of granules : subsets, classes, objects,
clusters, and elements of a domain or universe
Example of granules : For an image file : forms, textures, pixels, etc. For a text document : Paragraphs, Sentences or
Words Implementation : Database management
systems
Granularity Based Flow Control (the model)
Goal : Enforce flow control and prevent information leakage
Core Component : Access Control Engine (ACE)
Base Implementation criteria : Granularity (Granularity Level ) Flow restriction (VFA, Refresh rate) Availability (References and Noise)
Granularity Based Flow Control (the model)
Granularity criteria: Security managed through the granular
classification of document components (words, sentences, paragraphs … etc.)
Implementation : Granularity Level T. T is set to different values for each component of
the document depending on its level of classification.
Granularity Based Flow Control (the model)
Flow restriction criteria : Intended to limit or prevent information flow from
authorized to non-authorized subjects. Most efficient flow control is obviously “not having
a flow at all” Implementation : Refresh Rate T . T establishes the criteria and/or the frequency
applied to redraw references to classified information granules within the document.
Granularity Based Flow Control (the model)
Availability criteria : Logical availability on a physical support accessible by
a subject. Unavailable information is inaccessible information. Implementation : Availability Rate T and Noise level T T level of availability of granules within the
document, based on the nature of the data to be replaced by references (nouns, verbs, dates, etc. ...) and on the classification level threshold to consider (S or TS …).
T level of noise injection applied to the document to replace the classified unavailable information granules.
Granularity Based Flow Control (the model)
Level of security Lowest Highest Examples
T Document Word Word, sentence …
TData Type All Available None Nouns, Verbs, Dates…
Classification Unclassified Top Secret (TS), (S), (C), (U) …
T Event based None Maximum
Update, Infection, system failure …
Frequency Never High Monthly, daily, …
T No Noise Max noisedata types in T (Nouns, Verbs, …)
Granularity Based Flow Control (the model)
Examples:T=WordT=((Nouns, Verbs), TS)T=(Update, Infection)T=(None)
T=WordT=((Nouns, Verbs, Dates), S)T=(Update, Monthly)T=(All)
Granularity Based Flow Control (the model)
GBFC Algorithm
Proceedings : 33023000S136.pdf Page 5.
1. begin 2. V:=AuthorizeAccess(S, Inf) 3. if V=False then 4. accessDenied()5. else6. initializeInformation(Inf) 7. load T, T , T, T
8. while(not EOF)9. for each gri ∈ Inf 10. if (gri.attr ∈ classified and gri.attr <= S.attr) then 11. addRef (VFA, gri.ref)12. updateVFA()13. else if (gri.attr ∈ classified and gri.attr > S.attr) then 14. addRef (VFA, noise.ref) 15. updateVFA()16. else17. addIndex (FA, gri.idex)18. updateFA()19. end if 20. end for21. buildVFA() 22. buildFA()23. refreshRef(T, T, T)24. regranulate(Inf, T )25. end while26. end if27. end
Advantages of the GBFC model
Adaptability:
Flexible and maneuverable multi-criteria environment for optimal control of information flow.
Level of security Lowest Highest Examples
T Document Word Word, sentence …
TData Type All Available None Nouns, Verbs, Dates…
Classification Unclassified Top Secret (TS), (S), (C), (U) …
T Event based None Maximum
Update, Infection, system failure …
Frequency Never High Monthly, daily, …
T No Noise Max noisedata types in T (Nouns, Verbs, …)
Advantages of the GBFC model
Access restriction and replications:
Efficient granularity based classificationMechanism; Enforcing availability without compromising confidentiality; One information … different views!
Advantages of the GBFC model
Access restriction and replications:
One information … different views! View Based Access Control (redefined) The mirror = The ACE Virtual image (information) viewed through the mirror depends on :
the actions on the mirror, and the status of the window (open, closed or semi-open).
Advantages of the GBFC model
Total control: Centralized access model Permanent systems administrators’ full access
control. Automatic isolation of classified information during security alerts (external attacks, malicious infections,
imminent risk due to voluntary or involuntary
leakage of data, etc.).
Quick recovery after the restoration of the secure state.
Advantages of the GBFC model
Loss of data: Loss of material is the leading cause of information leakage
according to studies in the U.S., Europe and Asia. Source : McAfee, InfoWatch, DataLossDB
GBFC offers : Centralized architecture for classified information; Classified elements protection through references to data; Traceability of lost information; Completely user-transparent framework.
Advantages of the GBFC model
Implementation and compatibility: Platform independent security system Flexibility and adaptation to security environments. Effective in heterogeneous security environments or in extended networks(Internet , Cloud Computing ..) Implement s flow control for security models that don’t implicitly enforce it.
IDENTIFICATION
AUTHENTICATION LEVEL
AUTHORIZATION LEVEL
ACCESS CONTROL ENGINE
(TS) Every individual in a command center responsible for the preparation of emergency action must be familiar with the procedures in the EAP (/TS). (U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).
Advantages of the GBFC model
Noise injection:
Every aspect in a database solution responsible for the system of agent toolkit integrates call familiar with the languages in the GUI. Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.
Implementation(U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).
T=Word T= ((Nouns, Verbs, Abbreviations,
Dates), S) T=(Update, Monthly) T=(Nouns, Verbs, Abbreviations)
Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These 2F08A829 and 2355EA66 2435F450 3D502CE9 to 324AF563 by the 25466F31.
Form of data received by an authorized user
Implementation(U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).
T=Word T= ((Nouns, Verbs, Abbreviations,
Dates), S) T=(Update, Monthly) T=(Nouns, Verbs, Abbreviations)
Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.
Real data received by a non-authorized user