Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
A Credential-Based Approach for Facilitating Automatic, Secure Resource Sharing Among Ad-hoc Dynamic Coalitions Janice Warner and Vijayalakshmi Atluri Rutgers University Ravi Mukkamala Old Dominion University August 2005 Coalition Resource Sharing • Dynamic and Ad-hoc – members may leave and new members may join • Examples: • Natural Disaster: government agencies, non-government organizations and private organizations may share data about victims, supplies and logistics. • Homeland Security: Information collected by various governmental agencies shared for comprehensive data mining • Virtual Enterprises: Collaboration between companies August 2005 IFIP05-Warner, Atluri and Mukkamala 2 Current Approaches to Resource Sharing • Form teams (workgroups) comprising of users from all coalition entities Problems: not viable and scalable - may result in delays • User ids given to each external member of the coalition and access control is provisioned on these ids. Problem: administratively burdensome; requires explicit revocation upon coalition or user termination • Single access id provided to each external coalition entity Problem: Fine-grained access control is not possible • Resources are copied to external coalition member Problem: Updates are difficult and may result in uncontrolled sharing August 2005 IFIP05-Warner, Atluri and Mukkamala 3 Outline • • • • • Motivation What is needed CBAC Model DCBAC Model Conclusions and Future Work August 2005 IFIP05-Warner, Atluri and Mukkamala 4 Resource Sharing among Coalitions • Typically, the policies for sharing are stated at the coalition level • Example – The Red Cross and Doctors without Borders will work together to investigate the spread of infectious diseases in the wake of a natural disaster. • Enforcing coalition-level security policies requires transforming them to implementation level • Example - Dr. Roberts of Doctors without Borders can access reports on the spread of infectious diseases in Turkey. August 2005 IFIP05-Warner, Atluri and Mukkamala 5 Our Preliminary Solution (presented at ICDCIT04) • A formal model comprising of three levels (user-object, role, coalition levels) • Enables handshaking of relevant information by appropriate levels of the agencies • Allows distributed access control – control remains in the hands of the resource owner August 2005 IFIP05-Warner, Atluri and Mukkamala 6 Layered CBAC Model coalition segment role segment user-object request = 555444555, DB99, RC11, doctor (location: Turkey, specialty: immunology) concept: disease, type: data role segment user-object request = doctor (location: Turkey, specialty: immunology) concept: Coalition Level Coalition Level Role Level Role Level disease, type: data user-object request =roberts, concept: disease, type: data August 2005 role segment user-object request = doctor (location: Turkey, specialty: immunology) concept: disease, type: data User-Object Level Entity A Drs-w/o-Borders User-Object Level Entity B Red Cross IFIP05-Warner, Atluri and Mukkamala user-object request =RID799, RID223 7 Limitations of CBAC Model • Coalitions need to have high level agreements in place before there is a flow of information: • Coalition entities know what is available and how to find it. • Coalition entity ids are pre-assigned. • Credentials requirements are union of all associated with role that has access to requested object. August 2005 IFIP05-Warner, Atluri and Mukkamala 8 Dynamic Coalition-Based Access Control Model (DCBAC) • Dynamic because: • Employs a Coalition Service Registry (CSR) where shared resources and coalition level policies are publicized Agreements do not need to established between coalition partners beforehand • Computes credentials needed by external user from local access control policies through Mapper layer. Coalition access control policy determined through transformation of local access control policy August 2005 IFIP05-Warner, Atluri and Mukkamala 9 Principals of DCBAC • Existing access control mechanisms within each coalition entity remain intact. • Access rights are granted to subjects only if they belong to an organization recognized by the coalition. • Subjects of a coalition entity must have credentials with attribute values comparable to those of local subjects. August 2005 IFIP05-Warner, Atluri and Mukkamala 10 DCBAC Architecture Network (e.g., Internet) Coalition Access Point (CAP) Coalition Level Credential Filter Local Services (shared and private) August 2005 Coalition Service Registry (CSR) Coalition Level Credential Filter Credential to LAC Mapper Credential to LAC Mapper Local Access Control (LAC) Local Access Control (LAC) Local User Interface Local User Interface IFIP05-Warner, Atluri and Mukkamala Local Services (shared and private) 11 Example Emergency Management Scenario International Red Cross makes available its Emergency Response IS subject to: Organization Level Policy: Must be member of a non-profit, certified, relief organization. Individual Policy: Access is restricted to information concerning the emergency site in which they are currently working. Policy Based on LAC Mapping: Credentials must be comparable with those of internal users. August 2005 IFIP05-Warner, Atluri and Mukkamala 12 Coalition Service Registry Coalition Service Registry (CSR) • Similar to UDDI Web Service Registry • Advertises resources that coalition entities make available • Describes interface to resources • Describes credentials needed to access resources • Verifies organizational-level credentials • Issues a “ticket” which can be submitted by individuals in authenticated organization with request to access a specific resource. August 2005 IFIP05-Warner, Atluri and Mukkamala 13 CSR is a UDDI-like Registry Coalition Service Registry (CSR) UDDI:name UDDI:discovery URL businessEntity UDDI:contacts UDDI:description UDDI:name businessService UDDI:description UDDI:category bag UDDI:accessPoint UDDI:description bindingTemplate August 2005 IFIP05-Warner, Atluri and Mukkamala UDDI:category bag UDDI:tModelInstanceDetails 14 CSR is a UDDI-like Registry UDDI:name Resources listed in the CSR are searchable based on resource identifiers, name, keywords or category. UDDI:discovery URL businessEntity Coalition Service Registry (CSR) UDDI:contacts UDDI:description UDDI:name businessService UDDI:description UDDI:category bag UDDI:accessPoint UDDI:description bindingTemplate August 2005 IFIP05-Warner, Atluri and Mukkamala UDDI:category bag UDDI:tModelInstanceDetails 15 CSR is a UDDI-like Registry Coalition Service Registry (CSR) UDDI:name UDDI:discovery URL businessEntity UDDI:contacts UDDI:description UDDI:name businessService UDDI:description Provides network address of Coalition Access Point from which resource can be requested. UDDI:category bag UDDI:accessPoint Provides credential info and other access requirements UDDI:description bindingTemplate August 2005 IFIP05-Warner, Atluri and Mukkamala UDDI:category bag UDDI:tModelInstanceDetails 16 Example – Resource request is made Network (e.g., Internet) Coalition Level 〈744, (location:Turkey, specialty: infectious disease), Red_Cross_RID_730〉 Credential Filter 〈744, (degree:MD, gender:M, location:Turkey, specialty: infectious disease), concept: disease type: data 〉 〈744, roberts, concept: disease type: data 〉 August 2005 Coalition Service Registry (CSR) Credential to LAC Mapper Local Access Control (LAC) Local User Interface IFIP05-Warner, Atluri and Mukkamala 17 Example – Obtain organizational assertion Network (e.g., Internet) Doctors-Without-Borders CAP consults the CSR: • to find the resource(s) (if it has not been located before) • to obtain a valid organizational assertion (if it does not currently have one) Coalition Level Credential Filter Coalition Service Registry (CSR) Credential to LAC Mapper Local Access Control (LAC) Local User Interface August 2005 IFIP05-Warner, Atluri and Mukkamala 18 Tickets are SAML assertions Coalition Service Registry (CSR) • Assertions are declarations of facts: • • • • Issuer ID and issuance timestamp Assertion ID Subject “Conditions” under which assertion is valid (e.g., validity period) • CSR declares that organizational credentials were submitted and validated. • Assertions can be digitally signed (and should be) August 2005 IFIP05-Warner, Atluri and Mukkamala 19 Example – Request send to provider’s CAP Network (e.g., Internet) Coalition Level 〈744, Doctors Without Borders, Red Cross, SAML Assertion, Red_Cross_RID_730, (location:Turkey, specialty: infectious disease) 〉 Coalition Level Credential Filter Credential Filter Credential to LAC Mapper Credential to LAC Mapper Local Access Control (LAC) Local Access Control (LAC) Local User Interface August 2005 Local Services (shared and private) Local User Interface IFIP05-Warner, Atluri and Mukkamala 20 Example – Provider evaluates request Network (e.g., Internet) Coalition Level Coalition Level Validates organizational credentials Credential Filter Credential Filter 〈744, Red_Cross_RID_730, (location:Turkey, specialty: infectious disease) 〉 Credential to LAC Mapper Credential to LAC Mapper Local Access Control (LAC) Local Access Control (LAC) Local User Interface Local User Interface August 2005 〈744, Red_Cross_RID_730〉 IFIP05-Warner, Atluri and Mukkamala Local Services (shared and private) 21 Conclusions • DCBAC automates translation of coalition level policies into subject-resource level. • Depends upon credentials – both organizational level and user. • Maps roles to credentials commonly held by members of the role. • Uses a Coalition Service Registry so that ad-hoc coalitions can be formed simply by discovering resources that are needed. • Can be built using currently available standard protocols – XACML, UDDI and SAML. August 2005 IFIP05-Warner, Atluri and Mukkamala 22 Ongoing Work • Mapper – Details on mapping local policies to credentials submitted to ICISS 2005 • Graph-based approach • Strategies for inclusion of similar credentials • Data mining of logs, local policies, and other security related data to obtain: • Groupings of users with similar data requirements and attributes • Groupings of resources • Resolving semantic heterogeneity between policies and credential attributes. August 2005 IFIP05-Warner, Atluri and Mukkamala 23 Coalition Level DCBAC – Coalition Level • Interacts with the coalition level at other coalition entities through the Coalition Access Point (CAP). • Incoming: Processes requests by validating CSR ticket. • Outgoing: Obtains ticket, appends to user request and forwards it to appropriate CAP. August 2005 IFIP05-Warner, Atluri and Mukkamala Credential Filter Credential to LAC Mapper Local Access Control (LAC) Local User Interface 24 Coalition Level DCBAC – Credential Filter Credential Filter • Incoming Requests: • Determines whether user credentials sent with request are adequate. • Optionally, can downgrade or upgrade the credentials of users from specific entities. Credential to LAC Mapper Local Access Control (LAC) Local User Interface • Outgoing Requests: • Filters user credentials such that only those necessary to obtain access are sent. August 2005 IFIP05-Warner, Atluri and Mukkamala 25 Coalition Level DCBAC - Mapper Credential Filter Credential to LAC Mapper Local Access Control (LAC) • Assumes RBAC local access control Local User although this is not essential. Interface • Incoming – Compares user credentials to internal roles that have rights to requested resource. • Outgoing – Determines role played by requester and retrieves credentials common to users playing that role. August 2005 IFIP05-Warner, Atluri and Mukkamala 26 Coalition Level DCBAC – LAC • Enforces control on local services for both local and non-local requests. • Local requests are received through the local user interface. • External requests are received through the mapper. August 2005 IFIP05-Warner, Atluri and Mukkamala Credential Filter Credential to LAC Mapper Local Access Control (LAC) Local User Interface 27