Privilege and Policy Management for Cyber Infrastructures - PowerPoint PPT Presentation

andrew
privilege and policy management for cyber infrastructures l.
Skip this Video
Loading SlideShow in 5 Seconds..
Privilege and Policy Management for Cyber Infrastructures PowerPoint Presentation
Download Presentation
Privilege and Policy Management for Cyber Infrastructures

play fullscreen
1 / 15
Download Presentation
Privilege and Policy Management for Cyber Infrastructures
222 Views
Download Presentation

Privilege and Policy Management for Cyber Infrastructures

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth Security Information Center Fermi National Accelerator Laboratory IBM March 14-15, 2005

  2. Organization • Grand Challenges • Problems • Requirements • PRIMA – a privilege-based approach • Models • Architecture/Mechanisms • Research challenges • Policy • Obligations • Enforcement • Usability • Relationship to I3P and Workshop Themes March 14-15, 2004

  3. Grand Challenge Problems • Societal infrastructures “Develop tools and principles that allow construction of large-scale systems for important societal applications that are highly trustworthy despite being attractive targets.” • Dynamic, pervasive computing environments “For the dynamic, pervasive computing environments of the future, give computing end-users security they can understand and privacy they can control. From: CRA Workshop on “Grand Research Challenges in Information Security and Assurance,” November 2003. March 14-15, 2004

  4. Cyber Infrastructure Requirements March 14-15, 2004

  5. PRIMA Models March 14-15, 2004

  6. PRIMA Properties March 14-15, 2004

  7. Privilege Structure • Privilege Properties • Fully associated • Directly applicable • Time limited • Externalized • Secure • Non-repudiation • Implementation • Container: X.509 Attribute Certificate • Privilege: XACML rule construct March 14-15, 2004

  8. Enforcement Concepts • Policy Enforcement Point (PEP) checks privileges for: • Applicability (to resource and requestor) • Validity (of time frame and signature) • Authority (with respect to privilege management policy) • All permissible privilege constitute a dynamic policy for a request • Policy Decision Point (PDP): • Makes coarse decision • Adds obligations for PEP March 14-15, 2004

  9. Dynamic Policy March 14-15, 2004

  10. Obligations • Additional constraints to an authorization decision • If PEP cannot fulfill an obligation then it disallows access • Obligation address the mismatch in level of detail between request and policies • Obligations help in maintaining system state March 14-15, 2004

  11. Research Challenges: Policy • What can be adapted from software engineering research for policy: • Testing • Debugging • Formal Analysis • Requirements engineering • Policy extensions • Threat/environment aware March 14-15, 2004

  12. Research Challenges: Obligations • Granularity mismatch • Too many rights to be externalized • Partially addressed by dynamic policy • With respect to the request • Need to add restrictions finer-grained than request March 14-15, 2004

  13. Research Challenges: Enforcement • Evaluation of mechanisms • Dynamic user accounts • Virtual machine/sandboxing • Service containers • Model • Distributing privileges to dynamically provision an execution environment, vs. • Pre-provisioning an execution environment and distributing a privilege for it March 14-15, 2004

  14. Research Challenges: Usability • What are the right conceptual models? • Privileges • Roles • Others? Several? Combinations? • How can users manage their rights? • P3P • Shibboleth release policies • Least-privilege control March 14-15, 2004

  15. Addressing I3P and Workshop Themes I3P Agenda Workshop Themes March 14-15, 2004