Post on 25-Dec-2015
Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE).
Gregory T. Hoffer
CS7323 – Research Seminar (Dr. Qi Tian)
Overview
Role Based Trust by Example Proposed Framework Discussion References
Role Based Trust by Example
Two principals involved in transaction – can they trust each other?
Mortgage
Alice
Alice wants to see if she is eligible for a mortgage before she wastes time with the application process.
Role Based Trust by Example
Two principals involved in transaction – can they trust each other?
AliceBank
The bank is willing to reveal that its loan-approval policy uses one’s Date of Birth (DoB), current salary, and length of current employment.Further details, though, are a trade secret and confidential.Alice does not wish to disclose DoB nor salary level – considers it sensitive.
Role Based Trust by Example
Two principals involved in transaction – can they trust each other?
AliceBank
Winsborough, among others, have developed cryptographic credential schemes to address this.Imagine if both principals in communication had trust capabilities, and mechanism for exchanging information according to desired privacy?For example, Bank is certified by Better Business Bureau and FDIC, so Alice can trust it. Alice, on the other hand, is certified by DMV, or DoD, or similar.
Role Based Trust by Example 2
Bookstore that discounts for approved students.
Andy
Amazon.com offers discount to students under the age of 21 who attend UTSA.
Role-based trust policies can be used to implement this.
Role Based Trust by Example 2
Bookstore that discounts for approved students.
Andy
The credentials and policies of Amazon.com (image from [2])
Role Based Trust by Example 3
Hostile / Friendly Identification.
“Alan”
Can “Alan” trust “Sgt. Sam”? Can “Sgt. Sam” trust “Alan”?
“Sgt. Sam”
Formalizing Access Control Policies
Policies must be written and maintained for access-controlled services.
Policies are subject to change(consider last example – employees change frequently, as do roles and responsibilities, relationships, etc.)
Change introduces risk …
Proposal : Policy Analysis & Correction Framework
“When access control policies are subject to change, analyzing them for security properties such as safety (e.g., access to the database is limited to employees) and liveness (e.g., managers will always have access to the database) requires significant tool support” [1]
RT-SPACE* is introduced as a tool for authoring, verifying, and correcting RT (Role-based Trust) policies.
* Role-based Trust Management Security Policy Analysis and Correction Environment
RT-SPACE Process
RT-SPACE Process
Policy author builds or changes policy, then submits. Tool performs conservative conversion into one or more policy models. Each model automatically verified For model that fails to satisfy desired properties, the checker produces set of
counterexamples. Policy Correction component analyses counterexamples to generate set of suggested
corrections, from which policy author may select appropriate one. Modified policy serves as input to next iteration (to ensure other properties not
invalidated).
Policy Analysis Framework Components
Graph Construction Optimization Translation Model Checking Correction Visualization
RT-SPACE in Action
Summary
Role-based trust is important field for security and privacy in Access Control.
Policies can be tedious (and error-prone) to create and manage
RT-SPACE facilitates the creation and management process in order to achieve security and liveness efficiently and effectively.
Questions and Discussion
Any questions or comments?
References
[1] Mark Reith, Jianwei Niu, and William H. Winsborough. 2008. Role-based trust management security policy analysis and correction environment (RT-SPACE). In Companion of the 30th international conference on Software engineering (ICSE Companion '08). ACM, New York, NY, USA, 929-930. DOI=10.1145/1370175.1370192 http://doi.acm.org/10.1145/1370175.1370192.
[2] M. Reith, J. Niu, and W. H. Winsborough. Policy analysis framework for verification and correction. Technical Report CS-TR-2007-006, UTSA, 2007.
[3] Jiangtao Li, Ninghui Li, and William H. Winsborough. 2009. Automated trust negotiation using cryptographic credentials. ACM Trans. Inf. Syst. Secur. 13, 1, Article 2 (November 2009), 35 pages. DOI=10.1145/1609956.1609958 http://doi.acm.org/10.1145/1609956.1609958
[4] Ninghui Li, John C. Mitchell, and William H. Winsborough. Design of a role-based trust management framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy, pages 114–130. IEEE Computer Society Press, May 2002.