presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf ·...
Transcript of presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf ·...
![Page 1: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/1.jpg)
Oleksandr Bodriagov
School of Computer Science and Communica9on KTH -‐ The Royal Ins9tute of Technology
XACML, ABAC, Privacy preserving access-‐controls
![Page 2: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/2.jpg)
Well-‐known access-‐control models :
2
Role Based Access Control (RBAC)
AMribute-‐based Access control (ABAC)
Mandatory Access Control (MAC)
Discre9onary Access Control (DAC)
![Page 3: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/3.jpg)
Discre9onary Access Control (DAC)
every object has an owner
ACL-‐based or capability-‐based
Typical examples: Linux and Windows
+ Scalable
-‐ uniformity of access for end-‐users with similar job func9ons could be diminished
-‐ 9me consuming and cumbersome in a large environment
![Page 4: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/4.jpg)
Mandatory Access Control (MAC)
Image: hMp://oreilly.com/catalog/csb/chapter/fig.03.03.gif
![Page 5: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/5.jpg)
Mandatory Access Control (MAC)
security policy is centrally controlled
security label of the subject, security label of an object, type of access Typical examples: Security-‐Enhanced Linux (SELinux), military
+ the chance for administra9ve error or social engineering is greatly reduced
-‐ administra9ve nightmare in a dynamic and evolving environment.
hMp://www.sans.org/reading_room/whitepapers/sysadmin/role-‐based-‐access-‐control-‐nist-‐solu9on_1270
![Page 6: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/6.jpg)
Role-‐Based Access Control (RBAC)
Image: hMp://www.mariofrank.net/MarioFrank_files/RBAC_toy_exampleHiRes.bmp
![Page 7: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/7.jpg)
Role-‐Based Access Control (RBAC)
security policy is centrally controlled
users, roles, permissions, opera9ons, and objects Typical examples: Solaris, SELinux
+ individual administra9on of accounts is greatly reduced
-‐ difficulty of se^ng up an ini9al role structure inflexibility in rapidly changing domains
hMp://www.sans.org/reading_room/whitepapers/sysadmin/role-‐based-‐access-‐control-‐nist-‐solu9on_1270
![Page 8: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/8.jpg)
AMribute-‐based Access control (ABAC)
Image: hMp://seclab.web.cs.illinois.edu/wp-‐content/uploads/2011/03/abs.png
![Page 9: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/9.jpg)
AMribute-‐based Access control (ABAC)
Subject has a set of aMributes
Rules specify condi9ons under which access is granted or denied
Typical examples: Web services, IBM 9voli
hMp://csrc.nist.gov/groups/SNS/rbac/documents/kuhn-‐coyne-‐weil-‐10.pdf
![Page 10: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/10.jpg)
ABAC vs RBAC
hMp://csrc.nist.gov/groups/SNS/rbac/documents/kuhn-‐coyne-‐weil-‐10.pdf
Set up effort
administra0on and user permission review
RBAC Hard Easy
ABAC Easy Hard
![Page 11: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/11.jpg)
XACML
hMps://www.oasis-‐open.org/commiMees/download.php/2713/Brief_Introduc9on_to_XACML.html
XACML = access control policy language. It provides a syntax (defined in XML) for managing access to resources.
PEP Protected resource
PDP
Request
Request Decision
![Page 12: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/12.jpg)
XACML
hMps://hMp://docs.oasis-‐open.org/xacml/2.0/access_control-‐xacml-‐2.0-‐core-‐spec-‐os.pdf
Access control decision = f (a subject, a resource, and an ac0on, and their aMributes) A <Policy> contains a set of <Rule> elements, and a rule-‐combining algorithm A <Rule> contains: • a target (the set of subjects, resources, ac5ons and environments to which it applies) • an effect ("Permit" and "Deny") • a condi9on (refines the applicability of the rule beyond the predicates implied by its target)
![Page 13: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/13.jpg)
hMps://hMp://docs.oasis-‐open.org/xacml/2.0/access_control-‐xacml-‐2.0-‐core-‐spec-‐os.pdf
![Page 14: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/14.jpg)
hMps://hMp://docs.oasis-‐open.org/xacml/2.0/access_control-‐xacml-‐2.0-‐core-‐spec-‐os.pdf
XACML: request
![Page 15: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/15.jpg)
Outsourced IT Economy of scale
Privacy-‐Preserving access control
Full control over data Privacy-‐preserving access control
![Page 16: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/16.jpg)
Privacy-‐Preserving access control
The subject only learns whether or not access was granted The provider learns only access frequencies for individual resources
• Hidden policies • Hidden creden9als • Hidden access control decisions
![Page 17: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/17.jpg)
Why it is important
Example: electronic health records EHRs in the Cloud: • Pa9ents and doctors can access informa9on whenever they want • Easy to make it available for someone else • In case of emergency, an emergency doctor can access all data
Drawback: Simple encryp9on of data does not stop provider from learning a lot of informa9on…
![Page 18: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/18.jpg)
Can combine with: DAC, MAC, RBAC, ABAC Access to resources based on 9ckets = push sequence
Homomorphic cryptography Supported Access Control (HSAC)
PEP Protected resource
PDP
Request resource
{9cket}
Request 9cket 9cket
resource
TLS tunnel
![Page 19: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/19.jpg)
Homomorphic container = general purpose CPU with random access memory that operates on encrypted inputs using encrypted programs and produces encrypted outputs. • Program should be encrypted at assembly 9me using the
public key of the owner.
• This machine program can model arbitrary func9ons.
• The homomorphic scheme allows injec9ng data into the memory image aker it was transferred to provider.
• Plaintext should be encrypted with the owner’s public key
Homomorphic cryptography Supported Access Control (HSAC)
![Page 20: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/20.jpg)
PDP Homomorphic container
Ticket is cryptographically signed by PDP The subject has a private-‐public key pair used for encryp9on/decryp9on of homomorphic container If one uses the same keys for container, there is a risk to be iden9fied => for each request random pair.
Homomorphic cryptography Supported Access Control (HSAC)
creden0alsKpub , RIDKpub, Kpub
Kpub
![Page 21: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/21.jpg)
Homomorphic cryptography Supported Access Control (HSAC)
Result = encrypted (Kpub) and signed 9cket. It should be extracted from the predetermined memory loca9on and sent back to the subject. The subject then gives it to PEP.
![Page 22: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/22.jpg)
Homomorphic cryptography Supported Access Control (HSAC)
If PEP and PDP collude, they can link a resource to some AC creden9als But neither PEP nor PDP would be able to deduce for whom and because of which policies access was granted.
![Page 23: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/23.jpg)
Homomorphic cryptography Supported Access Control (HSAC)
Advantages Disadvantages Strong protec9on against malicious adversary: can learn key Kpub and launch DoS
Has very high computa9onal complexity: simple integer addi9on takes a few minutes
Strong protec9on against the provider Strong protec9on against the subject
![Page 24: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/24.jpg)
Q & A
24
![Page 25: presentation 2012 11 12 - KTHbuc/PPC/Slides/accesscontrololeksandr.pdf · Well=known*access=control*models:* 2 Role*Based*Access* Control*(RBAC)* AMribute=based*Access* control*(ABAC)*](https://reader034.fdocuments.us/reader034/viewer/2022050104/5f42f9d8e384496084028c29/html5/thumbnails/25.jpg)
SAML: security asser9on markup language