Policy carrying policy enforcing digital objects
Download
1 / 23

Policy-Carrying, Policy-Enforcing Digital Objects - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

Policy-Carrying, Policy-Enforcing Digital Objects . Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000. Access Control Challenge. Enforcement of highly expressive access control policies to support context-specific requirements of digital libraries.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Policy-Carrying, Policy-Enforcing Digital Objects' - willis


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Policy carrying policy enforcing digital objects

Policy-Carrying, Policy-EnforcingDigital Objects

Sandra Payette

Project Prism - Cornell University

DLI2 All-Projects Meeting

June 14, 2000


Access control challenge
Access Control Challenge

Enforcement of highly expressive access control policies to support context-specific requirements

of digital libraries.


General purpose policy enforcement
General-Purpose Policy Enforcement


Context specific policy enforcement
Context-SpecificPolicy Enforcement


Limitations of traditional access control mechanisms
Limitations of traditional access control mechanisms

  • Fixed set of abstractions

    • objects are files, directories, etc.

    • actions are read, write, execute, etc.

  • Limited expressiveness for policies

  • Not easily extended for complex or fine-grained policies


Requirements for new contexts
Requirements for new contexts

  • Architecture that supports behavior-centric policy enforcement

  • Policy definition languages that are flexible

  • Highly secure enforcement mechanism

  • Support for mobile code and mobile computing environments


Policy enforcement continuum
Policy Enforcement Continuum

Digital Objects

repository-centric

object-centric


Generalization
Generalization

  • Digital objects can be treated as generic entities, even if they are very specialized in some ways

  • Generic policies can address the non-specific nature of a digital object or a collection of digital objects

“Only repository managers can delete objects from

the collection.”


Specialization
Specialization

  • Digital objects can have object-specific policies associated with them

  • Policies may be fine-grained or idiosyncratic

  • General-purpose enforcement mechanisms will not easily accommodate these policies, if at all


Example object specific policy

Users can access Lecture Object “A” according to the following rules:

Access High Resolution Video

Access Low Resolution Video

Access Slides 1-20

Access Slides 21-25

Access Descriptive Metadata

Cornell student credential

Cornell student credential or pay fee

No restriction

Cornell student credential

No restriction

Example: Object-specific policy


Policy carrying policy enforcing digital objects motivation
Policy-Carrying, Policy-Enforcing Digital Objects - motivation

  • Semantics of policies should parallel the behavioral semantics of real-world entities

  • Decentralized policy management

  • Extensibility for policies and mechanisms

  • Portability and Mobile computing (policies move with the objects)


Experiments building on existing work
Experiments: motivationBuilding on existing work

  • Fedora - digital object and repository architecture (Payette and Lagoze, 1998, 2000)

  • Security Automata (Schneider, 1999)

  • PoET - Policy Enforcement Toolkit (Erlingsson and Schneider, 1999, 2000)


Fedora digital object model
Fedora Digital Object Model motivation

Extensible

Mechanism

Encapsulated service request

Typed

Disseminator

Internal

stream

Data

Stream

Data

Stream

Data

Stream

Generic interface

Primitive

Disseminator

Disseminations


Fedora behaviors

Dublin motivation

Core

Fedora - Behaviors

GetVideo(quality)

GetSlide(seqNum)

GetSyncData

GetDCRecord

GetDCField(name)

Lecture

Mechanism

Video-H

(mpeg)

slide-2

(gif)

slide-1

(gif)

Video-L

(mpeg)

metadata

(xml)

Content Disseminations

Lecture

Archive


Security automata
Security Automata motivation

  • Theoretical basis for specifying policies that are enforceable, flexible, and fine-grained

  • Policies are modeled as finite-state machines

  • Enforcement mechanism simulates automaton, preventing executions that violate policy

Source: Schneider, 1999


Example simple security automata
Example: motivationSimple Security Automata

Lesson 1

Video

Accessed

Descriptive

Metadata

Accessed

Present

Cornell ID

“After viewing descriptive metadata, ONLY Cornellians

can access the Lesson 1 video.”


Policy enforcement toolkit poet
Policy Enforcement Toolkit (PoET) motivation

  • Implements In-line Reference Monitors (IRMs) that simulate security automata

  • Mediates all executions upon a system, application, or object

  • Modifies bytecode to embed policies (trusted program rewriter)

  • Converts java applications to secured applications

Source: Erlingsson and Schneider, 1999, 2000


Poet how it works
PoET - how it works motivation

POLICY

in

PSLang

JVM

PoET

Rewriter

PoET

Class Loader

Modified Bytecode

(policy embedded)

Program runs

(obeys policy)

Java Bytecode

Source: Erlingsson and Schneider, 1999, 2000


Fedora and poet

Dublin motivation

Core

Guarded

Lecture

Mechanism

Fedora and PoET

Java bytecode

in-lined with policies

Video-H

Policy-L

(psl)

Video-L

slide-2

(gif)

Lecture

Archive

slide-1

(gif)

Default

Policy

metadata

(xml)

Content Disseminations


The overall result

Dublin motivation

Core

The Overall Result

Guarded

Lecture

Mechanism

Lecture

Archive

Content Disseminations

* High resolution video (students only) ** Low Resolution video (students; others with fee) * * Slides (#1-20 all users; #21-25 students only) *


Challenges and future work
Challenges and Future Work motivation

  • Ramp up - enforcement of more complex policies, more object types

  • Examine tension between object-centric vs. repository centric policy enforcement

  • Mobile computing - trust schemes to support policy enforcement as objects move

  • “Intentional” policies and dynamic binding

  • Preservation application of security automata - detect unacceptable transitions


References fedora
References - Fedora motivation

Payette, Sandra and Carl Lagoze, “Flexible and Extensible Digital Object and Repository Architecture,” ECDL98, Heraklion, Crete, September 21-23, 1998, Springer, 1998, (Lecture notes in computer science; Vol. 1513). http://www.cs.cornell.edu/payette/papers/ecdl98/fedora.html

Payette, Sandra, Christophe Blanchi, Carl Lagoze, and Edward Overly, “Interoperability for Digital Objects and Repositories: The Cornell/CNRI Experiments,” D-Lib Magazine, May 1999. http://www.dlib.org/dlib/may99/payette/05payette.html

Payette, Sandra and Carl Lagoze, Policy-Carrying, Policy-Enforcing Digital Objects, accepted by Fourth European Conference on Research andAdvanced Technology for Digital Libraries, Portugal, Springer, 2000, (Lecture notes in computer science), draft available at http://www.cs.cornell.edu/payette/papers/ecdl2000/pcpe-draft.ps

Payette, Sandra and Carl Lagoze, Value Added Surrogates for Distributed Content: Establishing a Virtual Control Zone, D-Lib Magazine, June 2000,

http://www.dlib.org/dlib/june00/payette/06payette.html


References security automata and poet
References: motivationSecurity Automata and PoET

Schneider, Fred B., “Enforceable Security Policies,” Computer Science Technical Report #TR98-1664, Department of Computer Science, Cornell University, July 24, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR98-1664

Erlingsson, Ulfar and Fred B. Schneider, “SASI Enforcement of Security Policies: A Retrospective,” Computer Science Technical Report #TR99-1758, Department of Computer Science, Cornell University, July 19, 1999,

http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR99-1758

Erlingsson, Ulfar and Fred B. Schneider, “IRM Enforcement of Java Stack Inspection,” Computer Science Technical Report #TR2000-1786, Department of Computer Science, Cornell University, February 19, 2000,

http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR2000-1786


ad