320 likes | 413 Views
Explore how soft constraints model and solve secure interoperation issues, addressing access configuration, reconfiguration, and transitivity. Semiring framework enables efficient analysis of system security. Study soft constraints in security policy and mechanism, ensuring secure composition and interoperation. Discover future work possibilities in the field.
E N D
Reasoning about Secure Interoperation using Soft Constraints Stefano Bistarelli Dipartimento di Scienze, Università di Pescara, Italy; IIT, CNR, Pisa, Italy Simon Foley, Barry O’Sullivan Department of Computer Science University College Cork Ireland Speaker: Stefano Bistarelli
Thanks to my co-authors…. • Barry O’Sullivan • University College Cork, Ireland • Cork Constraint Computation Centre • Constraints • Simon Foley • University College Cork, Ireland • Security, Policy, Formal Methods
Motivations Admin System Sales System
Security Policy Subject Do Operation Security Mechanism Object Basic Security Modeling • Subject: processes, … Objects: memory, files, … • Security policy defines rules that govern access to objects by subjects. • Security mechanism ensures security policy is upheld.
Alice allowed access Bob’s files Clare allowed access Alice’s files connection Secure Composition of Systems • Systems are individually secure. • Is it safe to allow file sharing between Personnel and Sales systems? • Clare not authorized to access Bob’s files, but, • Clare may access Bob’s files via Sales system. • Need to reconfigure connections to close this circuitous access route [COLOPS2003,SAC2004,IAAI2004]. • Need to reconfigure system access configurations! Admin System Sales System
Secure Interoperation • Computation Foundations [Gong&Qian, 1994] • Analyzing the security of interoperating and individually secure systems can be done in polynomial time. • Given a non-secure network configuration, then re-configuring the connections in an optimal way (to minimize the impact on interoperability) is NP.
Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work
C={pairwise-different} x1 {yellow} a} C, PC, con, def, V, D, {red,blue} x2 x3 {blue,yellow} x1 x2 x3 x4 x4 {red,blue,yellow} Crisp toward soft constraints P={ combination projection
5$ C={pairwise-different} x1 3$ {yellow} • C-semiring <A,+,´,0,1>: {red,blue} x2 2$ Weighted x3 {blue,yellow} <+,min,+,+,0> x1 x2 x3 x4 Probabilistic <[0,1],max,,0,1> x4 {red,blue,yellow} Fuzzy <[0,1],max,min,0,1> Classical <{false,true},,,false,true> 15$ 15$ Combination (+) 13$ 13$ 15$ Projection (min) Crisp toward soft constraints
The Semiring Framework • A c-semiring is a tuple <A,+,×,0,1> such that: • A is the set of all consistency values and 0, 1A.0is thelowest consistency value and 1 is the highest consistency value; • +, the additive operator, is a closed, commutative, associativeand idempotent operation such that 1 is its absorbing elementand 0 is its unit element; • ×, the multiplicative operator, is a closed and associative operationsuch that 0is its absorbing element, 1is its unit elementand × distributes over +. Stefano Bistarelli, Ugo Montanari, and Francesca Rossi,Semiring-based Constraint Solving and Optimization Journal of the ACM, 44(2):201–236, Mar1997.
Semiring-based Constraints • Given a semiring<A,+,×, 0, 1>, an ordered set of variablesV over a finite domain D, a constraint is a function which mapsan assignment of the variables in the support of c, supp(c) toan element of A. • Notation c represents the constraint function c evaluated underinstantiation , returning a semiring value. • Given two constraints c1 and c2, their combination is defined as(c1c2) = c1×c2 . • The operation C represents the combination of a set ofconstraints C. • a· b iff a+b=b • c1v c2 iff 8 c1· c2 Stefano Bistarelli, Ugo Montanari and Francesca Rossi,Soft Concurrent Constraint Programming, Proceedings of ESOP-2002, LNCS, April 2002.
Talk Outline: describe how constraints provide a natural approach to modelling and solving the secure interoperation problem • Basic Security Modelling • Secure Composition of systems • Secure Interoperation • What are Soft Constraints? • Semiring Framework • Using constraints for • Access Configuration • Access Reconfiguration • Access Interoperation • Dealing with Transitivity • Future Work
{w} a b Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T> CS,O(a,b)={w}
F T a a b b CS,O(a,b)=F CS,O(a,b)=T Access Configuration • A collection of constraints between entities (subjects, objects) specifying access permissions • Represented as a semiring • S=<PERM,+,£,?,>> • Srw=<2{r,w},[,Å,;,{r,w}> • Sbool=<{F,T},Ç,Æ,F,T>
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
a b c Access Configuration: Example • Sbool=<{F,T},Ç,Æ,F,T> • CS,O(b,a)=F • CS,O(c,b)=F • CS,O(x,y)=T
C> CS v Secure reconfigurations C? Access Reconfiguration • Existing configuration CS may be safely re-configured to CS’ when CS’v CS CS’
a b c a b rw rw a b a b rw w rw r c r c c Access Reconfiguration: Example
a b a c c d Access Interoperation CS1 CS3 • Has to be a secure reconfiguration of both the sistems S1 and S3
a b a c c d Access Interoperation CS1 CS3
a a a b b a c d c c c d a b a c c d Access Interoperation CS1CS3 CS1 CS3
CS1 CS3 a b a c c d Access Transitivity
a a b c d c Access Transitivity CS1CS3 CS1 CS3
a a a a b b c c d d c c a a b c d c Access Transitivity CS1CS3 CS1 CS3
CS1 CS1 CS1CS3 a b a a b b a c c c c d CS3 a b c Access Transitivity vs non-transitivity
Where to from here? • Real world implementation: • Currently seeking funding to work with a company based in New Hampshire, USA.
Conclusion • We described how constraints provide a natural approach to modelling and solving the secure interoperation problem • Access Configuration • Access Reconfiguration • Access Interoperation • Transitivity entities • All naturally represented with constraint operations
Questions? • Thank you for your attention • You have been listening to: • “Reasoning about Secure Interoperation using Soft Constraints” • Stefano Bistarelli, Simon Foley and Barry O’Sullivan • Proceedings of FAST2004, pag. 183-196