Slide title In CAPITALS 50 pt Slide subtitle 32 pt ESPOON: Enforcing Security Policies in Outsourced...
-
Upload
kathleen-leslie-ball -
Category
Documents
-
view
212 -
download
0
Transcript of Slide title In CAPITALS 50 pt Slide subtitle 32 pt ESPOON: Enforcing Security Policies in Outsourced...
Slide titleIn CAPITALS
50 pt
Slide subtitle 32 pt
ESPOON: Enforcing Security Policies in Outsourced Environments
M. Rizwan Asghar
SRI InternationalMenlo Park, CA, USA
August 1, 2012
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
2
Why Outsourcing
Cost saving
Scalability
Efficiency
Availability
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
3
Motivation
Patient
Service Provider
Policy
Dentist
Access Request
Access Request
Medical Record Access ResponsePolicy:
Only a dentist may get access from dentist-ward during duty hours (9-17 hrs)
PolicyMedical Record
Issue:Policy or access request may leak sensitive information
Requester=Dentist, Location=Dentist-ward, Time=10hrs
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
4
Problem
Patient
Service Provider
Policy
Dentist
Access Request
Access Request
Medical Record
PolicyMedical Record
Problem:How to evaluate encrypted policy against encrypted access request
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
5
Proposed Solution
We name our solution ESPOON (Enforcing Security Policies in OutsOurced eNvironments)
In ESPOON, the Service Provider is assumed honest-but-curious
ESPOON is capable of handling complex policies involving range queries
ESPOON is a multiuser scheme in which entities do not share any encryption keys
A compromised user can be removed without requiring re-encryption of policies
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
6
ESPOON Architecture
Policy Store
PIP
Administration Point
Admin User
Service Provider
(i)
Requester
Key Store
PEP
PDP
(6)Data
(5)Yes/No (2)
(7)Response
(1)
Outsourced Environment
Trusted but can be removed Partially-trusted but can be removed
Trusted Key Management Authority
Data Store
Fully-trusted),( 1 sxK AuA
),( 1 sxK RuR
),( 2As xAKA ),( 2Rs xRK
R
),( sxMSK ),,,( fHghgParams x
21 ii xxx
AsK
AuKPolicy}{
(ii)
}{PolicyC
RuKREQ}{
RsK }{REQTD
(3)
}{PolicyC
(4)
RuKContext}{
}{ContextTD
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
7
Policy Representation
Λ
V
Λ
V
Λ
V
AT = Access Time
Policy:Only a dentist may get access from dentist-ward during duty hours (9-17 hrs)
Requester=Dentist
Location=Dentist-Ward
AT:0****
AT:*0*** AT:**0** AT:***0* AT:****0
AT:1****
AT:*1***
AT:**1** AT:***1*
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
8
Policy Evaluation
Λ
V
Λ
V
Λ
V
AT = Access Time
C(Requester=Dentist)
C(Location=Dentist-Ward)
C(AT:0****)
C(AT:*0***) C(AT:**0**) C(AT:***0*) C(AT:****0)
C(AT:1****)
C(AT:*1***)
C(AT:**1**) C(AT:***1*)
TD(Requester=Dentist)
TD(Location=Dentist-Ward)
Access Time=10hrs
TD(AT:0****)
TD(AT:*1***)
TD(AT:**0**)
TD(AT:***1*)
TD(AT:****0)
Yes
No
NoNo Yes
Yes
Yes
Yes
NoYes
Yes
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
9
Policy Evaluation (2)
Λ
V
Λ
V
Λ
V
Yes
No
NoNo Yes
Yes
Yes
Yes
NoYes
Yes
No
Yes
Yes
Yes
Yes
Yes
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
10
Performance Analysis: Requester
String Attribute: O(n), n is the number of string attributes
Numerical Attribute: O(ns), n is the number of numerical attributes each of size s
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
11
Performance Analysis: Policy Evaluation
String Attribute: O(nm), n is the number of string attributes and m is the number of string comparisons
Numerical Attribute: O(nms2), n is the number of numerical attributes and m is the number of numerical comparisons each of size s
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
12
Related Work
Schemes supporting access controls in outsourced environments require re-generation of keys and re-encryption of data for any administrative changes [Vimercati et al. CSAW’07 VLDB’07]
Schemes supporting queries on encrypted data do not support access policies [Dong et al. DBSec’08, Song et al. S&P’00, Boneh et al. EUROCRYPT’04, Curtmola et al. CCS’06, Hwang and Lee LNCS’07, Boneh and Waters TCC’07, Wang et al. SOFSEM’08, Baek et al. ICCSA’08, Rhee et al. JSS’10, Shao et al. Inf. Sci.’10]
Encrypted data with CP-ABE policy reveals the policy structure [Narayan et al. CCSW’10]
Hidden credentials schemes do not support complex policies and require parties to be online [Holt et al. WPES’03, Bradshaw et al. CCS’04]
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
13
Recent Advancements
ESPOONERBAC
– Enforcing RBAC style of policies covering:
RBAC0 – Role assignment and permission assignment
RBAC1 – Dynamic constraints (E-GRANT)
- Dynamic separation of duties
- Chinese Wall
RBAC2 = RBAC0 + RBAC1
Distributed Policy Enforcement– Under development and writing paper
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
14
Conclusions and Future Work
Conclusions– ESPOON enforces policies in outsourced environments
– ESPOON supports complex policies including range queries
– ESPOON employs a multiuser scheme where entities do not share keys
Future work– Secure auditing mechanism in ESPOON
– Support for negative authorisation policies and conflict resolution
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
16
References
[Asghar et al. CCS’11] M. R. Asghar, G. Russello, B. Crispo. POSTER:ESPOONERBAC: Enforcing Security Policies in Outsourced Environments with Encrypted RBAC. In Proceedings of the 18th ACM conference on Computer and communications security, CCS ’11, pages 841-844, New York, NY, USA, 2011. ACM.
[Asghar et al. ARES’11] M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments. The Sixth International Conference on Availability, Reliability and Security (ARES), Austria, Vienna, 22-26 August 2011, pages 99-108. IEEE, 2011 (Full paper acceptance rate was 20%).
M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOONERBAC: Enforcing Security Policies in Outsourced Environments with Encrypted RBAC. Elsevier Computers & Security (COSE) – under review
M. R. Asghar, G. Russello, B. Crispo. E-GRANT: Enforcing Encrypted Dynamic Security Constraints in the Cloud – A journal paper under review
Top right corner for field-mark, customer or partner logotypes. See Best practice for example.
Slide title 40 pt
Slide subtitle 24 pt
Text 24 pt
Bullets level 2-520 pt
17
Thank You!
Any Questions?