self-adaptive federated authorisation infrastructures
TRANSCRIPT
Self-Adaptive Federated Authorisation
InfrastructuresLionel Montrieux
C. Bailey, D. Chadwick, R. de Lemos, Self-adaptive federated authorization
infrastructures. JCSS, 2014
C. Bailey, L. Montrieux, R. de Lemos, Y. Yu, M. Wermelinger, Run-time generation, transformation, and
verification of access control models for self-protection.
SEAMS’14
L. Montrieux, C. Bailey, R. de Lemos, A. Bandara,
Engineering self-adaptive authorisation
infrastructures. Draft.
Part 1
I am Arthur, king of the Britons
None shall pass.
It’s just a scratch.
Just a flesh wound.
I’m invincible!!!
Let’s just call it a draw then.
Come on, Patsy.
–Sinclair et al, 2007
“We have been cited examples in which 50-90% of the
individuals with access to particular data store also
have legacy access to information that they no
longer need.”
Self-Adaptive Authorisation
–Cheng et al., 2009
“Self-adaptive systems are systems that are able to
modify their behaviour and/or structure in response changes that occur to the
system itself, its environment, or even its
goals.”
–Montrieux et al, draft
“Self-adaptive authorisation infrastructures refer to the run-time adaptation of the collection of authorisation
policies and their enforcement.”
–Bailey et al, 2014
“Federated authorisation infrastructures […] build
upon existing authorisation models […]. [They] provide the method through which large scale distributed access can be granted.”
Part 2
Overview
Target System
Target System
Identity Provider
Credential Issuing Policy
User Attribute Repository
Attributes
Identity Provider
Credential Validation Service
Credential Validation
Policy
Credentials
Service Provider
Policy Decision Point
Access Control Policy
ValidAttributes
Adaptive Layer
Adaptive Layer
Target System
ProbesEffectors
Monitor Triggers
SAAF Controller
Analyser SolutionsPlanner
Executor
Authorisation Infrastructure
ModelBehaviour Model
Architecture
Component
Component
Sub-component
Identity Provider Server
Identity Provider Server
Authorisation Server
Identity Provider Server
Service Provider Server
Roles/Attributes
Role/AttributeAdaptations
SAMLAssertion
SubjectAuthentication
Access Decision
AccessRequest
Subject AccessRequest
LDAP (Attribute Repository)
SimpleSAMLPHP: Identity ProviderAttributes
Identity Provider Server
Authorisation Server
CVS PDP
PERMIS Standalone
SAAF Controller
AccessEvents
PolicyAdaptations
ResourcesResources
Policy EnforcementPoint
SimpleSAMLPHP:Service Provider
Resources
Service Provider Server
Planner Analyser
Behaviour Model
Authorisation Infrastructure
Model
Executor Asset MonitorBehaviour Gauges
Identity Provider
Authorisation Service
Rules &Attributes
Tailored Solutions
Plan
GetBehaviour
SetBehaviourRBAC/ABAC
Constructs
GetAttributes
ActivePolicies
AccessRequests/Decisions
AttributeAssignment
New Policies
Authorisation Model?
Attr3
Attr2
Attr1
Sub1
Sub2
Sub3
Sub4
IdP1
IdP2
Tgt1
Tgt2
Tgt3
Tgt4
Tgt5
Tgt6
Act1
Act2
Act3
Act4
Act5
CredentialValidationConstraints
Access ControlConstraints
Subject AttributeAssignments
Part 3
Initial Configuration
PERMIS AZ Policy<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList> <Role Type="permisRole" Value="Contractor"/> </RoleList> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment> <TargetAccess ID="ContractPayroll"> <RoleList> <Role type="permisRole" Value="Contractor"/> </RoleList> <TargetList> <TargetDomain ID="PayrollSystem"/> <AllowedAction ID="getEmpPayslip"/> <AllowedAction ID="runPayroll"/> </TargetList> </TargetAccess>
SAAF Behaviour<BehaviourPolicy> <BaseTrigger ID="bt1"> <Subject/> <Provider/> <Attribute type="permisRole">Contractor</Attribute> <Target>PayrollSystem</Target> <Action>getEmpPayslip</Action> <Rate> <Threshold>5</Threshold> <Interval>1</Interval> <TimeScale>min</TimeScale> </Rate> </BaseTrigger> <CompositeTrigger ID="ct1"> <BasedTriggerID>bt1</BasedTriggerID> <Rate> <Threshold>4</Threshold> <Interval>1</Interval> <TimeScale>day</TimeScale> </Rate> </CompositeTrigger> </BehaviourPolicy>
SAAF Solutions (1)<SolutionPolicy> <Solution> <Action> <Operation>removeSubjectAttribute</Operation> </Action> <TriggerID>bt1</TriggerID> <TriggerID>ct1</TriggerID> </Solution> <Solution> <Action> <Operation>removeAttributePermission</Operation> </Action> <Action> <Operation>buildPolicy</Operation> </Action> <Action> <Operation>activatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution>
SAAF Solutions (2) <Solution> <Action> <Operation>removeAttributeAssignment</Operation> </Action> <Action> <Operation>buildPolicyFile</Operation> </Action> <Action> <Operation>activatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution> <Solution> <Action> <Operation>deactivatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution> </SolutionPolicy>
Runtime Adaptation
bt1 ct1
AnalyserPlanner
Executor Monitor
Target System
bt1
S1
S1
S1
ct1
S1,S2,S3,S4
S2
S2
LDAP directory
PERMIS AZ Policy
<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList> <Role Type="permisRole" Value="Contractor"/> </RoleList> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment>
Before adaptation (excerpt)
PERMIS AZ Policy
<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList/> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment>
After adaptation (excerpt)
Part 4
Validating Solutions
Verification
Analysis Planning
SAAF ControllerRBAC1RBAC2RBAC3
RBAC1RBAC2
RBAC
S1, S2, S3
RBAC1
isVerified
Model Validation
LDAP
PERMIS
RBAC
CONSTRAINTS
RBACDSML
rbacDSML MM
Constraint Verification (OCL)
constraint rbacDSML::Granted inv:self.rbacRole−>closure(parent).permission−>union (self.rbacRole.permission)−> includesAll(self.resource.permission)
Part 5
Planner Analyser
Behaviour Model
Authorisation Infrastructure
Model
Executor Asset MonitorBehaviour Gauges
Identity Provider
Authorisation Service
Rules &Attributes
Tailored Solutions
Plan
GetBehaviour
SetBehaviourRBAC/ABAC
Constructs
GetAttributes
ActivePolicies
AccessRequests/Decisions
AttributeAssignment
New Policies
Model RepairVerificationand repair
Analysis Planning
SAAF ControllerRBAC1RBAC2RBAC3
RBAC1_rRBAC2
RBAC
S1, S2, S3
RBAC1_r
RBAC1_rRBAC2
Model Repair
LDAP
PERMIS
RBAC
CONSTRAINTS
RBACDSML
Just One More Thing…
Thank You
References• C. Bailey, D. W. Chadwick, and R. de Lemos, “Self-adaptive federated authorization infrastructures,” Journal of Computer and System Sciences, vol. 80, no. 5, pp. 935–952, Aug. 2014.
• C. Bailey, L. Montrieux, R. de Lemos, Y. Yu, and M. Wermelinger, “Run-time generation, transformation, and verification of access control models for self-protection,” in SEAMS’14: 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, Hyderabad, India, 2014.
• B. H. C. Cheng, R. de Lemos, H. Giese, P. Inverardi, J. Magee, J. Andersson, B. Becker, N. Bencomo, Y. Brun, B. Cukic, G. D. M. Serugendo, S. Dustdar, A. Finkelstein, C. Gacek, K. Geihs, V. Grassi, G. Karsai, H. M. Kienle, J. Kramer, M. Litoiu, S. Malek, R. Mirandola, H. A. Müller, S. Park, M. Shaw, M. Tichy, M. Tivoli, D. Weyns, and J. Whittle, “Software Engineering for Self-Adaptive Systems: A Research Roadmap,” in Software Engineering for Self-Adaptive Systems, B. H. C. Cheng, R. de Lemos, H. Giese, P. Inverardi, and J. Magee, Eds. Springer Berlin Heidelberg, 2009, pp. 1–26
• S. Sinclair, S. W. Smith, S. Trudeau, M. E. Johnson, and A. Portera, “Information Risk in Financial Institutions: Field Study and Research Roadmap,” in Enterprise Applications and Services in the Finance Industry, D. J. Veit, D. Kundisch, T. Weitzel, C. Weinhardt, F. A. Rabhi, and F. Rajola, Eds. Springer Berlin Heidelberg, 2007, pp. 165–180.
Image Credits• All screen captures are from the film “Monthy Python and the Holy Grail” (1975)
• Snakes and Ladders, Len Matthews, CC by-nd 2.0 https://goo.gl/3j3KF4