USC CSci599 Trusted Computing Lecture Six – Policy February 16, 2007

1. USC CSci599Trusted ComputingLecture Six – PolicyFebruary 16, 2007 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2. Announcements • Mid-term Next week • 1 hour – at start of lecture • Closed book • Essay question • Perhaps list as a question • Today • Two student presentations • Xen -Arun Viswanathan • HIPAA – Sunil Raga • Discussion of policy

3. The Importance of Policy • Basic building blocks of security well understood, but problem persist because: • Vulnerabilities in implementation, configuration and complexity of interactions. • Building blocks deployed without “glue” • Security demands flexible and adaptable ways to tell parts of the system what access to allow: • Systems can only enforce rules that are specified • Today’s applications take myopic view andare unable to adapt to attack

4. The hard problems remain • How to manage dynamic policies in a federated environment. • How to simplify policy specification. • What kinds of policies work best. • Can standard policy templates be created that correspond to the intrinsic policies that people expect, corresponding to common business, personal, government, or national security interactions.

5. Security for Weakly Managed Systems • Security in federated environments • Assets managed by different organizations • Resolution of conflict in security policies • Support for dynamic management of policy across organizations • Assessment of trustworthiness based on observationand shared reputation

6. Security for Weakly Managed Systems • Managing the unmanageable • Desktops, Laptops, Employee home machines • Sensors and actuators in the field • May be under multiple management domains • Employer, school, sensors on links between organizations • Need to support joint management • Need to prevent cross-domain connection through shared asset. • Need assurance of provenance of peer.

7. Policy Sources • Sources of Policy • Application implementers • Service providers • Content providers • Legislation • Employers • Individuals

8. Policy Storage • Where are policies stored • Carried with objects • Included in credentials • Stored with the entities that enforce it • Retrieved remotely

9. Policy Enforcement • Places where policy enforced • Network admission / routers • Servers providing information • Mail servers other infrastrcture • End devices

10. Policy Effects • What Policy Says to Do • Protect data in the hands of others • Determine when to release data • Decide when to allow changes to data • Determine peer relationships

11. When Policy Enforced • When Policies are Enforced • When data requested • When data subsequently used • Pre-computed when connection established

12. Focus of Trusted Computing • To date, the better understood parts of trusted computing is the mechanism. • Policy is understood in support of the mechanism. • But mechanism must support policy, and that policy is the part that is not well understood. • What do we want TC to do.

13. Suggested Policy Model • Separate policy into: • Basic policies enforced through trusted computing. • Fine-grained policies enforced by the trusted components. • Precomputed policies that say how pieces fit together.

14. Authorization in TVSA • First level provides coarse-grained authorization • Almost capability like • Based on being in the right virtual system. • Fine grained mediated within VS • The apps running in the VS must enforce fine-grained policies if needed. • Some policy pre-computed • Negotiation of access and obligation takes place when components join a virtual system.

15. Discuss Policy using TVSA • Rings represent Precomputed policy • Virtual System identifiers used to enforce simple policies. • Fine grained policies enforced by the individual components embedded within the rings to the right. BNK WEB DRM Qkn Brs OS PRV