Post on 26-Mar-2015
A New Modeling Paradigm for Dynamic Authorization in
Multi-Domain Systems
MMM-ACNS, September 13, 2007
Manoj Sastry, Ram Krishnan, Ravi Sandhu
Intel Corporation, USA
George Mason University, USA
University of Texas, San Antonio, USA
2
Copyright © Intel Corporation, 2007
Outline• Introduction
• Usage Scenario
• Characteristics of Multi-Domain Interactions
• Concept of Dynamic Attributes
• UCON Background
• EUCON Model & Components
• Summary
3
Copyright © Intel Corporation, 2007
Introduction• Emergence of mobile devices & ubiquitous n/w
– Anytime, Anywhere connectivity
•Mobility causes users to transcend domains
• Traditional ABAC unsuitable for dynamic env– Attributes pre-defined– Extensive a-priori agreement of attribute semantics
• New paradigm for modeling access control– Dynamic & Multi-domain interactions
4
Copyright © Intel Corporation, 2007
Usage Scenario
• Alice makes a purchase of $100 at Coffee Shop
• Coffee Shop provides a $10 ‘credit’ to Alice
• Credit usable at multiple stores
• Later, Alice uses ‘credit’ to purchase a book at Book Store
CoffeeShop (CS)
BookShop (BS)
Purchase
Credit Credit
Alice
5
Copyright © Intel Corporation, 2007
Characteristics of Multi-Domain Interactions• Subjects/Objects interact with multiple systems
– E.g., Alice interacts with Coffee Shop & Book Store
• Information is dynamic & transcends systems– E.g., Alice acquired a ‘credit’ at Coffee Shop & used it
to buy a book at the Book Store
• Prior agreement of semantics not desirable– E.g., Coffee Shop issues ‘credit’ to Alice that has to
be interpreted by Book Store at authorization time; next day, Coffee Shop may issue ‘coupon’
Multi-Domain Attrib
utes
Dynamic Attributes
6
Copyright © Intel Corporation, 2007
Concept of Dynamic Attributes• Not pre-defined attributes
• Not attributes whose value is dynamic
• New-born attributes with new name-value pairs
• E.g., ‘Credit’ was dynamically created by Coffee Shop; Book Store needs to interpret the semantics when Alice uses it to buy a book
7
Copyright © Intel Corporation, 2007
Usage Control Model (UCON) Background
Proposed extensions to UCON -> EUCON
8
Copyright © Intel Corporation, 2007
Classification of EUCON Attributes
• Classification based on two factors– Time of attribute definition•Pre-defined Attributes•Dynamic Attributes
– Scope of attribute definition•Local Attributes•Multi-Domain Attributes
9
Copyright © Intel Corporation, 2007
EUCON Attributes: PLA, PMA, DLA• Pre-Defined Local Attributes (PLA)– Same as current notion of attributes in attribute-
based access control models such as UCON
• Pre-Defined Multi-Domain Attributes (PMA)– A-priori agreement of attribute semantics across
multiple domains
• Dynamic Local Attributes (DLA)– Dynamically created but interpretable within same
domain– E.g., Coffee Shop could create an attribute ‘discount’
that is usable at a later date at the same store
10
Copyright © Intel Corporation, 2007
EUCON Attributes: DMA• Dynamic Multi-Domain Attributes (DMA)
– New approach to model emerging usage scenarios– Attributes created on the fly and interpretable in
multiple domains at authorization time– Subject & Object Attributes can be DMA•E.g., ‘Credit’ is a new-born subject (Alice) attribute created by the Coffee Shop. Book Store interacts with CS at run time when Alice uses it to purchase a book•E.g., Alice checks in with airport security and the objects she carries gets a DMA “cleared=true”. Alice uses this DMA at the airline system to board
11
Copyright © Intel Corporation, 2007
EUCON Authorizations• Rules based on subject and object attributes
• Pre-defined Local Authorization– Current UCON authorization
• Pre-defined Multi-Domain Authorization– Current authorization methods for multi-domain
• Dynamic Local Authorization– Construction of rules based on DLA
• Dynamic Multi-Domain Authorization– Construction of dynamic authorization rules by interpreting DMA– E.g., Book Store interprets ‘credit’ at runtime and constructs
dynamic authorization rules
12
Copyright © Intel Corporation, 2007
EUCON Obligations• Subject pre-req before access can be granted
– E.g., Alice agrees to a license before she can access whitepaper
• Pre-defined Local & Dynamic Obligations– Obligations on local & dynamic attributes
• Pre-defined Multi-Domain Obligations– Obligations interpretable across multiple domains
• Dynamic Multi-Domain Obligations– Obligations on DMA– Defined dynamically and interpreted at multiple domains– E.g., Before Alice can use ‘credit’ at Book Store, she is
obligated to engage in a transaction with another Coffee Shop within the Book Store
13
Copyright © Intel Corporation, 2007
EUCON Conditions• System factors held before access granted
• Dynamic Multi-Domain Conditions– Conditions on DMA interpretable at multiple domains– E.g., Book Store could dynamically discover a
condition on using ‘credit’ such that current ‘credit’ usage on all Coffee Shop systems is not > $1000
14
Copyright © Intel Corporation, 2007
Extended UCON (EUCON)
15
Copyright © Intel Corporation, 2007
Summary
Emergence of mobile & dynamic apps
Users transcend domains in mobile env.
Current access control models unsuitable
New paradigm for dynamic, multi-domain
Proposed extensions to UCON - EUCON
16
Copyright © Intel Corporation, 2007
Thank You!
BACKUP
18
Copyright © Intel Corporation, 2007
Related Work• Damiani, Vimercati & Samarati identify reqs
– Similar to our requirements for a mobile env.– Survey extensions proposed for other models;
however, our concept of DMA is different
• Covington & Sastry have proposed CABAC– Authorization policies based entirely on attributes– Transaction attributes defined in this work is similar
to our pre-defined multi-domain attributes
19
Copyright © Intel Corporation, 2007
Background: Continuity & Mutability