analysis and detection of access violations in componentised systems n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Analysis and Detection of Access Violations in Componentised Systems PowerPoint Presentation
Download Presentation
Analysis and Detection of Access Violations in Componentised Systems

Loading in 2 Seconds...

play fullscreen
1 / 15

Analysis and Detection of Access Violations in Componentised Systems - PowerPoint PPT Presentation


  • 130 Views
  • Uploaded on

Analysis and Detection of Access Violations in Componentised Systems. David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith Advances in Computer Security and Forensics – 13 th July 2007.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Analysis and Detection of Access Violations in Componentised Systems' - angelo


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
analysis and detection of access violations in componentised systems

Analysis and Detection of Access Violations in Componentised Systems

David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith

Advances in Computer Security and Forensics – 13th July 2007

Network & Information Security Technology LaboratorySchool of Computing and Mathematical SciencesLiverpool John Moores UniversityByrom Street, Liverpool L3 3AF, UKEmail: {D.Llewellyn-Jones, M.Merabti, Q.Shi, R.Askwith}@ljmu.ac.uk

Web: http://www.cms.livjm.ac.uk/NISTL

contents
Contents
  • Introduction
    • Access control
    • Ubiquitous computing
    • Network elevation of privileges
  • Composition access control check
    • Process
    • Implementation
  • Experiments and results
  • Conclusion
access control
In theory

User can access data only if their access level satisfies the access requirements of the data

In practice

A user can only access data via a program

User

Access level

Data

Access req.

User

Access level

Access req.

Program

Access level

Data

Access req.

Access Control
distributed access control
Distributed Access Control
  • Taos, local access control
    • Centralised access control
  • DSS DACS, DSI, CORBASec
    • Atomic
    • Enforced between pairs of components
  • An alternative approach
    • Consider wider composition structure
ubiquitous computing
Ubiquitous Computing
  • Networking is wireless and pervasive
  • Devices are mobile and plentiful
  • Data flows unimpeded
    • Easy access to data from anywhere
    • Access control remains important
network elevation of privileges

System A

System B

Alice’s file

read

Alice’s program

send

SU’s program

File

write

File with access by Bob

write

Bob’s program

Bob’s program

read

send

Network Elevation of Privileges
  • Data sent across a network may be vulnerable
    • Inconsistent access requirements
    • Each system individually satisfies access requirements
    • Combined, incorrect access may occur
solution overview
Solution Overview
  • Analyse possible data flow through a network
    • Based on topology and component properties
    • Analysis takes place when topology changes
    • Access control requirements are checked
    • Composition only allowed if requirements met
  • Need to know
    • Connections (data flow) between components
    • Data flow within each component
formalisation
Formalisation
  • Each component defined 4 data structures
    • uR, uWU,effective user ID for read, write
    • dR, dWD, access of files read, written by component
  • Access mappings
    • fR, fW : U × D → {0, 1}, determines if read, write access should be granted
  • Example: read access control lists
connections between components

1

3

2

4

5

Connections Between Components
  • Follow data flow through components
    • For example, simple depth first traversal
  • Match data access requirements with component access levels
    • Maintain dR, dWof data accessed, compare with uR, uW for each component using fR, fW.

1

2

3

4

5

component slicing
Component Slicing
  • Data flow within each component
    • Use Slicing to follow data
    • Applied using pre and post conditions
structure projection

1

3

2

4

3

5

Structure Projection
  • Follow data flow through components
    • Take internal data flow into account
    • Use slicing to determine this
  • Project the structure
    • Project connections onto points
    • Join points if pairs of connections coincide

1

2

3

4

5

current implementation
Current Implementation
  • Use MATTS component analysis tool
    • Based on agent components
    • Performs automatic slicing and topology check
    • Currently must input connections manually
future implementation
Future Implementation
  • To exist as a service in the network
    • Properties determined using instrumentation
  • Recheck whenever topology changes
    • Failure means composition would be refused
    • Success means access control requirements are guaranteed to be fulfilled
    • Properties cached to reduce overhead
timing results
Chain of components

Analysed as a single application

Analysed using composition analysis

600 MHz Intel X-Scale80321 Processor

Timing Results
conclusion
Conclusion
  • Provides useful distributed access control checking technique
  • Implementation suggests practical solution
    • Intend to implement in a Networked Appliance setting
  • Highlights how composition analysis can reduce impact of state explosion