View
28
Download
1
Category
Preview:
DESCRIPTION
Policy Management. Elisa Bertino , Ninghui Li (Purdue U.) Anupam Joshi (UMBC) Ravi Sandhu (UTSA). Research Goals. Identify the types of policy relevant to AISL Develop corresponding languages and formal models Implement policy languages - PowerPoint PPT Presentation
Citation preview
Department of Computer Science
Policy Management
Elisa Bertino, Ninghui Li (Purdue U.)
Anupam Joshi (UMBC)
Ravi Sandhu (UTSA)
use
acquire
discover
veracity
vector
volu
me
velocity
Department of Computer Science
Research Goals
• Identify the types of policy relevant to AISL
• Develop corresponding languages and formal models
• Implement policy languages
• Develop relevant policy tools to support the policy lifecycle
• Develop policy scenarios
Department of Computer Science
Types of Policy
– Access control policies • Controlling who is accessing which data
– Accountability policies • Controlling how data is used and modified
– Trust policies• Specifying criteria to determine which party to
trust for what data/resource
Department of Computer Science
Policy Lifecycle Diagram
Specification Analysis
Deployment&Enforcement
•Collaborative enforcement (possibly privacy-preserving)•Safe approximation•Enforcement in information group-based sharing•Enforcement in information dissemination-centric sharing
•Develop new policy languages•Extend current policy languages•Develop formal models•Policy refinement•Policy integration•Policy versioning
•Identify analysis types•Develop tools
Department of Computer Science
Policy Refinement
Each refinement step must meet the following criteria [Karat08]:
• Correct — The set of refined policies correctly implements the higher-level policy.
• Consistent — The refinement must not lead to conflicts between the derived policies or the other policies existing in the system.
• Valid — The policies must be able to be enforced in the system context to which they will be applied.
• Minimal — All policies in the derived policy set must be required for the correctness of the refinement.
J. Karat, C.M. Karat, E. Bertino, N. Li, Q. Ni, C. Brodie, J. Lobo, S.B. Calo, L. F. Cranor, P. Kamaraguru, P. Reerder, “Policy Framework for Security and Privacy Management”, To appear in IBM Systems Journal, 2008.
Department of Computer Science
EXAMEnvironment for Xacml policy Analysis & Management
EXAM is a comprehensive environment for analyzing and managing access control policies. It supports acquisition, editing and retrieval of policies in addition to policy property analysis, policy similarity analysis and policy integration.
Current Results
Department of Computer Science
Motivation
Proliferation of Policies !!
Need for tools for managing and
analyzing policies !
Department of Computer Science
XACML • EXtensible Access Control Markup Language.
– XML based – OASIS standard language for specification of access control
policies.– Express many policies of interest to real world application
Department of Computer Science
EXAM Overview: Architecture
PolicyRepository
PolicySimilarity
Filter
Policy Similarity Analyzer
Query Dispatcher
User
User Interface
…User User
Policy Annotation
Policy Integration Framework
Department of Computer Science
EXAM Overview : QueriesPolicy Analysis Query
Metadata Query Content Query Effect Query
Single-Policy QueryMultiple-Policy Query
Property Verification Query
Common Property Query
Discrimination Query
<Policy ID=“Pol1”>
<Rule ID=“R11” Effect=“Permit”>
<Target>
<Subject> domain {“.edu”} </Subject>
<Resource> FileA </Resource>
<Action> Read </Action>
</Target>
<Condition>8:00<=Time<=22:00</Condition>
<Policy ID=“Pol2”>
<Rule ID=“R11” Effect=“Permit”>
<Target>
<Subject> domain {“.edu”} OR
affiliation = “IBM”
</Subject>
<Resource> FileA </Resource>
<Action> Read </Action>
</Target>
<Condition>6:00<=Time<=20:00</Condition>
Does Policy Pol2 deny read access on FileA between 10pm and 12am ?
Find all requests permitted by both policies Pol1 and Pol2.
Find all requests which are permitted by Pol1 but denied by Pol2.
Department of Computer Science
Policy Similarity Analysis• Goal
– Characterize the relationships among the sets of requests respectively authorized by a set of policies.
• Two techniques– Policy Similarity Filter
• Less precise, faster.
– Policy Similarity Analyzer• Precise, slower.
Department of Computer Science
EXAM Overview: Architecture
PolicyRepository
PolicySimilarity
Filter
Policy Similarity Analyzer
Query Dispatcher
User
User Interface
…User User
Policy Annotation
Policy Integration Framework
Department of Computer Science
Policy Similarity Filter
• Quick and less precise.• Inspired by Information Retrieval (IR) techniques.• Policy similarity measure
– Assign a similarity score between two policies.
• Typical applications– A quick filter phase to prune the set of policies to be
analyzed by the precise policy similarity technique.
– A distance function for clustering policies.
Department of Computer Science
ExampleDATA OWNER POLICY 1
DATA OWNER POLICY 2
0
0.71
Department of Computer Science
ExampleDATA OWNER POLICY 1
RESOURCE OWNER POLICY 3
0.4
Department of Computer Science
EXAM Overview: Architecture
PolicyRepository
PolicySimilarity
Filter
Policy Similarity Analyzer
Query Dispatcher
User
User Interface
…User User
Policy Annotation
Policy Integration Framework
Department of Computer Science
Policy Similarity Analyzer(PSA)• Uses Multi-Terminal Binary Decision Diagram (MTBDD)
based representation of a policy.• Combines model-checking and satisfiability checking to
perform similarity analysis on policies with different types of constraints on attributes– One variable equality constraints
• Affiliation = “IBM”, Role != “Student”
– One variable inequality constraints• Age < 50, 8<=Time<=22
– Linear constraints• Bonus + 2 * Salary <= 250000
– Compound Boolean constraints• (Nationality = “US” Clearance = “High)
Department of Computer Science
MTBDD - Multi-Terminal Binary Decision Diagram
• Rooted, directed acyclic graph.– Represent functions of the form f : Bn -> R
• In a policy MTBDD internal nodes represent the predicates on attributes and the terminals denote the policy decisions Permit, Deny or NotApplicable.
Pol1
Permit : (fileName = fileA) (time < 17:00 age > 18)
f
t
a
NA Y
<Policy ID = Pol1><Rule Effect = Permit> <Target><Resource>(fileName = fileA) </Resource>
<Condition> (time < 17:00 age > 18) </Condition></Target> </Rule> </Policy>
Department of Computer Science
P1 P2 Auxiliary Rule
YNA
CMTBDD
N-CP N-N Y-N Y-Y
NA CP
Query: What requests are permitted by both policies?
MTBDD MTBDD MTBDD
Policy Comparison
N NA Y N
….. …..
Department of Computer Science
EXAM Overview : Architecture
PolicyRepository
PolicySimilarity
Filter
Policy Similarity Analyzer
Query Dispatcher
User
User Interface
…User User
Policy Annotation
Policy Integration Framework
Department of Computer Science
Policy Integration• A Fine-grained Integration Algebra (FIA)
– 3-valued (Permit, Deny, NotApplicable)– Specify behavior at the granularity of requests and effects– Restrict domain of applicability– Support expressive policy languages like XACML
• Framework for specifying integration constraints and generating integrated policies. – MTBDD based implementation of FIA– Generation of integrated policy in XACML syntax.
Department of Computer Science
Fine-grained Integration Algebra (FIA)
Vocabulary of attribute names and domains
Policy constants
Permit policy Deny policy
Binary operators
Addition Intersection
Unary operators
Negation Domain Projection
Department of Computer Science
FIA - Theoretical Results• Expressivity
– FIA can express all XACML policy combining algorithms
– FIA can express policy “jumps”– FIA can model closed policies and open policies
• Completeness– A completeness notion has been developed,
based on the concept of policy combination matrix, and FIA is complete with respect to such notion
• Minimality– Identification of the minimal complete subsets of
the FIA operators
Department of Computer Science
XACML Policy Generation
YNA
A
B
01
10
pos=manager
act=read
PolicyID = Example
<RuleID=R1 Effect=Permit>
<Target>
<Subject pos=manager \>
<Action act=read \>
<\Target>
<\Rule>
Department of Computer Science
Next Steps
• Develop visualization techniques for policy analysis results
• Extend EXAM with a tool for synonym dictionary management, ontologies
Department of Computer ScienceNovel Reference XACML Architecture for
Multi-party collaborative Enforcement
PolicyAuthoring
Local PolicyRepository
Request Dispatcher/Decision Coordinator
PDP PDP
Local PolicyRepository
… …
DecompositionConstraint
PolicyDecomposition
constraint
global policy
PEP
request
ObligationService
obligations
request
global Policyabstract
ContextHandler
request
ContextHandler
request
… …
SubjectResource
Environment
attribute SubjectResource
Environment
attribute
attribute attribute
decision
decision
decision
decision
decision decision
policy policy
Global PolicyRepository
global policy
Department of Computer Science
• Combining policies is necessary in AISL• XACML has several fixed Policy Combining Algorithms (PCAs) for
combining policies– deny-overrides, permit-overrides, first-applicable, only-one-
applicable• We propose the Policy Combining Language (PCL)
– allows expression of useful new PCAs• e.g., weak consensus, strong consensus, weak majority, and
strong majority– elegantly handles policy evaluation errors– is fully backward compatible with XACML– enables optimized evaluation using automata theory
Extending XACML for Multi-party collaborative Enforcement
Department of Computer Science
Next Steps
• Develop an implementation of the extended XACML algorithms and of the policy distribution and enforcement algorithms
• Investigate cryptographic approaches
Recommended