Reasoning about Secure Interoperation using Soft Constraints

32
C Consiglio Nazionale delle Ricerche - Pisa Iit Istituto per l’Informatica e la Telematica Reasoning about Secure Interoperation using Soft Constraints Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland Speaker: Stefano Bistarelli

description

Reasoning about Secure Interoperation using Soft Constraints. Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy. Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland. Speaker: Stefano Bistarelli. - PowerPoint PPT Presentation

Transcript of Reasoning about Secure Interoperation using Soft Constraints

Page 1: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Reasoning about Secure Interoperation using Soft Constraints

Stefano BistarelliDipartimento di Scienze,

Università di Pescara, Italy;IIT, CNR, Pisa, Italy

Simon Foley, Barry O’Sullivan

Department of Computer ScienceUniversity College Cork

IrelandSpeaker: Stefano Bistarelli

Page 2: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Thanks to my co-authors….

Barry O’Sullivan University College

Cork, Ireland Cork Constraint

Computation Centre Constraints

Simon Foley University College

Cork, Ireland Security, Policy,

Formal Methods

Page 3: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaMotivations

AdminSystem

Sales System

Page 4: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaBasic Security Modeling

Subject DoOperation

SecurityMechanism Object

SecurityPolicy

Subject: processes, … Objects: memory, files, …

Security policy defines rules that govern access to objects by subjects.

Security mechanism ensures security policy is upheld.

Page 5: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Secure Composition of Systems

Systems are individually secure.Is it safe to allow file sharing between Personnel and Sales systems?

Clare not authorized to access Bob’s files, but, Clare may access Bob’s files via Sales system. Need to reconfigure connections to close this circuitous

access route [COLOPS2003,SAC2004,IAAI2004]. Need to reconfigure system access configurations!

AdminSystem

Sales System

Alice allowedaccess Bob’s files

Clare allowedaccess Alice’s files

connection

Page 6: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaSecure Interoperation

Computation Foundations [Gong&Qian, 1994] Analyzing the security of interoperating and

individually secure systems can be done in polynomial time.

Given a non-secure network configuration, then re-configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.

Page 7: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaTalk Outline:

describe how constraints provide a natural approach to modelling and solving the secure interoperation problem Basic Security

Modelling Secure Composition of

systems Secure Interoperation

What are Soft Constraints?

Semiring Framework

Using constraints for Access Configuration Access Reconfiguration Access Interoperation Dealing with Transitivity

Future Work

Page 8: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Crisp toward soft constraints

P={

x3

x4

x1

x2 V,

{red,blue,yellow}

{blue,yellow}

{red,blue}{yellow}

D,

C={pairwise-different}

C, PC, con, def, a}

x1 x2 x3 x4

combination

projection

Page 9: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Crisp toward soft constraints

x3

x4

x1

x2

{red,blue,yellow}

{blue,yellow}

{red,blue}{yellow}

C={pairwise-different} 5$3$

2$

15$15$x1 x2 x3 x4

Combination (+)

Projection (min)

15$

13$

13$

<+,min,+,+,0>

<[0,1],max,min,0,1>

<[0,1],max,,0,1>

<{false,true},,,false,true>

ProbabilisticFuzzy

Classical

WeightedC-semiring <A,+,,0,1>:

Page 10: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaThe Semiring Framework

A c-semiring is a tuple <A,+,×,0,1> such that:A is the set of all consistency values and 0, 1A. 0 is the lowest consistency value and 1 is the highest consistency value;+, the additive operator, is a closed, commutative, associative and idempotent operation such that 1 is its absorbing element and 0 is its unit element;×, the multiplicative operator, is a closed and associative operation such that 0 is its absorbing element, 1 is its unit element and × distributes over +.

Stefano Bistarelli, Ugo Montanari, and Francesca Rossi, Semiring-based Constraint Solving and OptimizationJournal of the ACM, 44(2):201–236, Mar 1997.

Page 11: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Semiring-based Constraints

Given a semiring <A,+,×, 0, 1> , an ordered set of variables V over a finite domain D, a constraint is a function which maps an assignment of the variables in the support of c, supp(c) to an element of A.Notation c represents the constraint function c evaluated under instantiation , returning a semiring value.Given two constraints c1 and c2, their combination is defined as (c1c2) = c1×c2 .The operation C represents the combination of a set of constraints C.a· b iff a+b=bc1 v c2 iff 8 c1 · c2

Stefano Bistarelli, Ugo Montanari and Francesca Rossi, Soft Concurrent Constraint Programming,Proceedings of ESOP-2002, LNCS, April 2002.

Page 12: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaTalk Outline:

describe how constraints provide a natural approach to modelling and solving the secure interoperation problem Basic Security

Modelling Secure Composition of

systems Secure Interoperation

What are Soft Constraints?

Semiring Framework

Using constraints for Access Configuration Access Reconfiguration Access Interoperation Dealing with Transitivity

Future Work

Page 13: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Configuration

A collection of constraints between entities (subjects, objects) specifying access permissions Represented as a semiring

S=<PERM,+,£,?,>> Srw=<2{r,w},[,Å,;,{r,w}> Sbool=<{F,T},Ç,Æ,F,T>

a b{w}

CS,O(a,b)={w}

Page 14: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Configuration

A collection of constraints between entities (subjects, objects) specifying access permissions Represented as a semiring

S=<PERM,+,£,?,>> Srw=<2{r,w},[,Å,;,{r,w}> Sbool=<{F,T},Ç,Æ,F,T>

a b F

CS,O(a,b)=F

a b T

CS,O(a,b)=T

Page 15: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Configuration: Example

Sbool=<{F,T},Ç,Æ,F,T> CS,O(b,a)=F CS,O(c,b)=F CS,O(x,y)=T

c

ba

Page 16: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Configuration: Example

Sbool=<{F,T},Ç,Æ,F,T> CS,O(b,a)=F CS,O(c,b)=F CS,O(x,y)=T

c

ba

Page 17: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Configuration: Example

Sbool=<{F,T},Ç,Æ,F,T> CS,O(b,a)=F CS,O(c,b)=F CS,O(x,y)=T

c

ba

Page 18: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Configuration: Example

Sbool=<{F,T},Ç,Æ,F,T> CS,O(b,a)=F CS,O(c,b)=F CS,O(x,y)=T

c

ba

Page 19: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Configuration: Example

Sbool=<{F,T},Ç,Æ,F,T> CS,O(b,a)=F CS,O(c,b)=F CS,O(x,y)=T

c

ba

Page 20: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Reconfiguration

Existing configuration CS may be safely re-configured to CS’ when CS’v CS

C>

CS

C?

vSecure reconfigurations

CS’

Page 21: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Access Reconfiguration: Example

c

ba

c

ba

c

ba

rrwrw

rw

c

ba

wr

rw

Page 22: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Interoperation

Has to be a secure reconfiguration of both the sistems S1 and S3

CS1 CS3

c

ba a

c d

Page 23: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Interoperation

CS1 CS3

c

ba a

c d

Page 24: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Interoperation

CS1 CS3

c

ba a

c d

CS1 CS3

c

baa

c d

c

ba a

c d

Page 25: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Transitivity

CS1

c

ba

CS3

a

c d

Page 26: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Transitivity

CS1 CS3CS1 CS3

c

ba a

c d

Page 27: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Transitivity

CS1 CS3

a

c d

CS1 CS3

c

ba

c

ba a

c d

c

baa

c d

Page 28: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaAccess Transitivity vs non-

transitivityCS1

c

ba

CS3a

c d

CS1 CS3

CS1

c

ba

c

ba

c

ba

Page 29: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaWhere to from here?

Real world implementation: Currently seeking funding

to work with a company based in New Hampshire, USA.

Page 30: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la TelematicaConclusion

We described how constraints provide a natural approach to modelling and solving the secure interoperation problemAccess ConfigurationAccess ReconfigurationAccess Interoperation Transitivity entities

All naturally represented with constraint operations

Page 31: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Page 32: Reasoning about Secure Interoperation using Soft Constraints

C Consiglio Nazionale delle Ricerche - PisaIit Istituto per l’Informatica e la Telematica

Questions?Thank you for your attention

You have been listening to:

“Reasoning about Secure Interoperation using Soft Constraints”

Stefano Bistarelli, Simon Foley and Barry O’Sullivan

Proceedings of FAST2004, pag. 183-196