1 / 21

Using Attribute-Based Access Control to Enable Attribute-Based Messaging

Using Attribute-Based Access Control to Enable Attribute-Based Messaging. Rakesh Bobba , Omid Fatemieh, Fariba Khan, Carl A. Gunter and Himanshu Khurana University of Illinois at Urbana-Champaign. To: faculty going on sabbatical. Introduction to ABM.

Download Presentation

Using Attribute-Based Access Control to Enable Attribute-Based Messaging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Using Attribute-Based Access Control to Enable Attribute-Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter and Himanshu Khurana University of Illinois at Urbana-Champaign

  2. To: faculty going on sabbatical Introduction to ABM Attribute-Based Messaging (ABM): Targeting messages based on attributes. ACSAC 2006

  3. Introduction to ABM Attribute-Based Messaging (ABM): Targeting messages based on attributes. Examples • Address all faculty going on sabbatical next term • Notify all female CS graduate students who passed qualifying exams of a scholarship opportunity ACSAC 2006

  4. Why ABM? • Attribute-based systems have desirable properties • flexibility, privacy and intuitiveness • Attribute-Based Messaging (ABM) brings these advantages to e-mail messaging • enhances confidentiality by supporting targeted messaging • via dynamic and transient groups • enhances relevance of messages • by reducing unwanted messages ACSAC 2006

  5. Challenges • Access Control • access to such a system should be carefully controlled • potential for spam • privacy of attributes • Deployability • system should be compatible with existing infrastructure • Efficiency • system should have comparable performance to regular e-mail ACSAC 2006

  6. Policy Decision ABM Server E-mail MTA To: Managers Enterprise Architecture • Ensuing Issues • ABM Address Format, Client I/F • Access Control - policy specification and enforcement • Attribute Database creation and maintenance Attr. DB ACSAC 2006

  7. Enterprise Architecture cont. • Attribute database • all enterprises have attribute data about their users • data spread over multiple, possibly disparate databases • assume that this attribute data is available to ABM system • “information fabric” , “data services layer” • ABM address format • logical expressions of attribute value pairs • disjunctive normal form ACSAC 2006

  8. Access Control • Access Control Lists (ACLs) • difficult to manage ACSAC 2006

  9. Access Control • Access Control Lists (ACLs) • difficult to manage • Role-Based Access Control (RBAC) • simplified management if roles already exist ACSAC 2006

  10. Access Control • Access Control Lists (ACLs) • difficult to manage • Role-Based Access Control (RBAC) • simplified management if roles already exist • Attribute-Based Access Control (ABAC) • uses same attributes used to target messages • more flexible policies than with RBAC • Access policy • XACML is used to specify access policies • Sun’s XACML engine is used for policy decision ACSAC 2006

  11. Access Control cont. • Problem • need policy per logical expression • policy explosion • Solution? • one policy per <attribute,value> ACSAC 2006

  12. Deployability • Use existing e-mail infrastructure (SMTP) • address ABM messages to the ABM server (MUA) and add ABM address as a MIME attachment • No modification to client • use a web server to aid the sender in composing the ABM address via a thin client (web browser) • E-mail like semantics • policy specialization ACSAC 2006

  13. AR1 Policy xml AR2 Web Server Windows IIS MTA AR4 AR3 PS7 Attribute DB MS SQL Server PS2 ABM Server PS8 Sender PS1 MS2 MS1 Putting It All Together PDP Sun’s XACML Engine Legend PS: Policy Specialization MS: Messaging AR: Address Resolution ACSAC 2006

  14. Security Analysis • Problem • open to replay attacks • Solution • MTA configured with SMTP authentication • with additional message specific checks ACSAC 2006

  15. Experimental Setup • Measured • latency over regular e-mail • with and without access control • latency of Policy Specialization • Setup • up to 60K users • 100 attributes in the system • 20% of attributes common to most users • 80% of attributes sparsely distributed ACSAC 2006

  16. Results ACSAC 2006

  17. Results Continued… Policy Specialization Latency ACSAC 2006

  18. Other Considerations • Policy Administration • one policy per <attribute ,value> not per address • further be reduced to one policy per attribute • Privacy • of sender and receivers • of ABM address • Usability • user interfaces ACSAC 2006

  19. Related Work • Technologies • List Servers • Customer Relationship Management (CRM) • Secure role-based messaging • WSEmail ACSAC 2006

  20. Future Work • Inter-domain ABM • e.g., address doctors in the tri-state area who have expertise in a specific kind of surgical procedure • challenge – “attribute mapping” • application in ‘emergency communications’ • Encrypted ABM ACSAC 2006

  21. ACSAC 2006

More Related