Multiple access control policies
Download
1 / 28

Multiple Access Control Policies - PowerPoint PPT Presentation


  • 192 Views
  • Uploaded on

Multiple Access Control Policies. A Unified Framework for Enforcing Multiple Access Control Policies [by Jajodia and Samarti] Authorization in Distributed Systems: A New Approach [by Woo and Lam] References:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Multiple Access Control Policies' - ann


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Multiple access control policies

Multiple Access Control Policies

A Unified Framework for Enforcing Multiple Access Control Policies [by Jajodia and Samarti]

Authorization in Distributed Systems: A New Approach [by Woo and Lam]

References:

* A logical Framework for Reasoning on Data Access Control Policies ACM Trans. Bertino and Catania. Vol. 6, No. 1.

* The well-founded Semantics for General Logic Programs. Gelder and Ross.


Definition
Definition

  • Access control policies are devised for controlling access to information.

  • Policy requires its own language, which specifies policy bases.

  • Policy base encodes a set of authorization requirements and is given a precise semantics based upon a formal notion of authorization policy.


Multiple access control policies1
Multiple Access Control Policies

  • Problem: Protection requirements within a system vary dramatically, and no single policy may simultaneously satisfy them all.

  • This paper presents a flexible authorization manager (FAM) that enforce multiple access control policies within a unified system.

  • FAM is based on a language through which users can specify authorizations and access control policies.


Multiple access control policies


Formalization
Formalization

  • A data system DS consists of a 4-tuple (Obj, T, S, A), where Obj, T, S, A are object, type, subject, action.

  • User Hierarchy. A DS is said to be user-hierarchical iff there exists a finite partially ordered set (G, ) such that: x is a -minimal element of G iff x  U


Multiple access control policies


Examples
Examples variable symbols and predicate symbols.

  • cando(file1, Employees, +write)  .

  • cando(file1, s, +write)  in(s, Employees)

  • dercando(o,s,+a)  cando(o,s,+a)&in(s,s)

  • dercando(file1,s,-read)  dercando(file2,s ,read) & in(s,s) & in(s,s)

  • dercando(o,s,-write)  done(o,s,read) & typeof(o, Exams) & typeof(o, Solutions)


Multiple access control policies

  • error(o,s,a) variable symbols and predicate symbols. cando(o,s,+a)&cando(o,s,-a)

  • error(o,s,a)  done(o,s,read) & done(o,s,read) & typeof(o,Budget-A) & typeof(o, Budget-B)


Fam programs
FAM-programs variable symbols and predicate symbols.

  • An authorization specification AS is said to be a FAM-program iff the set of decision (do) rules in AS is:

    • Clash-free and

    • For each triple (o,u,a), there exists at least one weakly applicable do-rule in AS.


Multiple access control policies

  • Clash-free variable symbols and predicate symbols.

    do(file1, X,+read)  dirin(X, Employees)

    do(file1, X, -read)  dirin (X, Policeman)

  • Weakly Applicable

    Consider the triple (file1, john, read)

    do(file1, s,+a)  dercando(file1, s, +a)

    do(o, s, +read)  ¬dercando(o, s, +read)& ¬dercando(o, s, -read)&typeof(o, Pblc-docs)


Cam program
CAM-program variable symbols and predicate symbols.

  • An authoization specification AS is said to be a semi-CAM program iff each do rule in AS has a head of the form do(OT, ST,+AT)

    do(O, U, -A)  ¬do(O, U, +A)


Fam policy library
FAM policy library variable symbols and predicate symbols.

  • Closed, open and hybrid

  • Hybrid: no overriding, subgroup overriding, and path overriding.

  • Conflict resolution:

    • No conflicts allowed

    • Permissions take precedence

    • Denials take precedence


Examples1
Examples variable symbols and predicate symbols.

  • Closed policy

    • dercando (o, u, +a)  cando(o, s, +a) & in(u, s)

    • do(o, u, +a)  dercando(o, u, +a)

    • error(o, s, a)  cando(o, s, -a)

    • do(o, u, -a)  ¬do(o, u, +a)

  • Open policy

    • dercando (o, u, -a)  cando(o, s, -a) & in(u, s)

    • do(o, u, +a)  ¬dercando(o, u, -a)


Multiple access control policies

  • Subgroup overrides along a path variable symbols and predicate symbols.

    • dercando(o, s, +a)  cando(o, s, +a)

    • dercando(o, s, -a)  cando(o, s, -a)

    • dercando(o, s, +a)  dercando(o, s, +a)& ¬cando(o, s, -a) & dirin(s, s)

    • dercando(o, s, -a)  dercando(o, s, -a)& ¬cando(o, s, +a)& dirin(s, s)


Authorization in distributed systems
Authorization in Distributed Systems variable symbols and predicate symbols.

  • Problem: need to have a language that is expressive enough for specifying commonly encountered authorization requirements. The requirements here include multiple access policies and supporting distributed environment.


Authorization policy
Authorization policy variable symbols and predicate symbols.

  • An authorization policy over a set of subjects S, a set of objects O and a set of access rights R is a 4-tuple (P+, P-, N+, N-) where each component is a subset of {(r, s, o) | r  R, s  S, o  O}

  • A grant (r, s, o) iff (r, s, o)  P+

  • A deny (r, s, o) iff (r, s, o)  N+

  • A fail (r, s, o) iff (r, s, o)  P+  N+


Examples2
Examples variable symbols and predicate symbols.

  • Let V = {x, y,…}, P = {p,q}, S = {A, B, G}, O = {X, Y, Z}

  • read-(G, x)

  • read+(A, X)  read+(A, Y)

  • x  G  read-(G, Y)  read-(x, Y)

  • ¬p  write+(x, Z)  ¬read+(x, y)


Closed policy base
Closed Policy Base variable symbols and predicate symbols.

  • A base is closed if it contains only closed rules, which contains no literal variables.

    B admits two extensions {write+(A,Y)} and {write+(A,X)}


Generalized form
Generalized Form variable symbols and predicate symbols.

  • Let be a rule


Open policy base
Open Policy Base variable symbols and predicate symbols.

  • Each open rule in B as standing for all its ground instances (closed rules).

  • If S={A,B} and O = {X,Y}


Exceptions
Exceptions variable symbols and predicate symbols.


Examples of policy base
Examples of Policy Base variable symbols and predicate symbols.

  • If a subject s has not been explicitly granted a right r to an object o, then s will inherit a denial of r to o if it belongs to a group g that has a denial of r to o.


The bad vs evil
The Bad vs. Evil variable symbols and predicate symbols.

  • [Woo] cannot resolve conflicts.

    • Horizontal composition

      • Each SSO specifies a policy base for a part of a system and multiple SSOs may cover the whole system. The policies may compliment or conflict among them.

    • Vertical composition

      • An SSO is responsible for his subordinate administrators. The leaf policy bases are mot specific and detailed than the root policy base. A composition of this would give rise to conflicts.


Multiple access control policies

  • [Jajodia] propose a logic language for expressing authorization rules and show how this language can express most of the access control policies. Programs that can be written in this language are a subset of stratified datalog program and therefore they are able to express only a limited set of authorization specifications.


Multiple access control policies

Thank you authorization rules and show how this language can express most of the access control policies. Programs that can be written in this language are a subset of stratified datalog program and therefore they are able to express only a limited set of authorization specifications.