Granularity Based Flow Control

Omar Abahmane

Luigi Logrippo

Université du Québec en Outaouais

PST 2014

July 23, 2014

Outline

Introduction Information flow control Security models and Flow control (challenges

and limits) Granular computing Granularity Based Flow Control (the model) Advantages of the GBFC model Implementation example Conclusion

Introduction What was my address and phone number in

1997? Hard to recall without mistakes! Found it on a website that also provided more

recent addresses, my age, my email, some possible relatives and other private information … !

How did that site get my information? …. Scary!! The apps on a mobile phone may have

access to much more confidential data and are connected to the Internet all time …

Information flow and Flow control

The flow …. The problem!

Information flow control challenges Fact: Too much Information … changing

frequently Challenge for : Security Policy management

Fact: Too many security domains Challenge : Information tracking

Fact: Too many objects and forms of flow Challenge : Real time flow control

Fact: Too much changing technologies Challenge : Upgrading and End to end security

Fact: Too many recipients Challenge : Information usage control

Security models and Flow control (the limits)

Too permissive of the flow Permit undesirable flows that compromise

confidentiality Too restrictive of the flow

Prevent legitimate flow causing a problem of information availability

Flow = Access Consider access control mechanisms sufficient for

flow control Manage security through securing subjects

and objects Secure data based on a secondary component

rather than securing data itself.

Granular computing

Introduced in : 1997 Fundamental components : Granules Forms of granules : subsets, classes, objects,

clusters, and elements of a domain or universe

Example of granules : For an image file : forms, textures, pixels, etc. For a text document : Paragraphs, Sentences or

Words Implementation : Database management

systems

Granularity Based Flow Control (the model)

Goal : Enforce flow control and prevent information leakage

Core Component : Access Control Engine (ACE)

Base Implementation criteria : Granularity (Granularity Level ) Flow restriction (VFA, Refresh rate) Availability (References and Noise)

Granularity Based Flow Control (the model)

1

2

3

4

5

6

79

8

The process :

Granularity Based Flow Control (the model)

Granularity criteria: Security managed through the granular

classification of document components (words, sentences, paragraphs … etc.)

Implementation : Granularity Level T. T is set to different values for each component of

the document depending on its level of classification.

Granularity Based Flow Control (the model)

Flow restriction criteria : Intended to limit or prevent information flow from

authorized to non-authorized subjects. Most efficient flow control is obviously “not having

a flow at all” Implementation : Refresh Rate T . T establishes the criteria and/or the frequency

applied to redraw references to classified information granules within the document.

Granularity Based Flow Control (the model)

Availability criteria : Logical availability on a physical support accessible by

a subject. Unavailable information is inaccessible information. Implementation : Availability Rate T and Noise level T T level of availability of granules within the

document, based on the nature of the data to be replaced by references (nouns, verbs, dates, etc. ...) and on the classification level threshold to consider (S or TS …).

T level of noise injection applied to the document to replace the classified unavailable information granules.

Granularity Based Flow Control (the model)

Level of security Lowest Highest Examples

T Document Word Word, sentence …

TData Type All Available None Nouns, Verbs, Dates…

Classification Unclassified Top Secret (TS), (S), (C), (U) …

T Event based None Maximum

Update, Infection, system failure …

Frequency Never High Monthly, daily, …

T No Noise Max noisedata types in T (Nouns, Verbs, …)

Granularity Based Flow Control (the model)

Examples:T=WordT=((Nouns, Verbs), TS)T=(Update, Infection)T=(None)

T=WordT=((Nouns, Verbs, Dates), S)T=(Update, Monthly)T=(All)

Granularity Based Flow Control (the model)

GBFC Algorithm

Proceedings : 33023000S136.pdf Page 5.

1. begin 2. V:=AuthorizeAccess(S, Inf) 3. if V=False then 4. accessDenied()5. else6. initializeInformation(Inf) 7. load T, T , T, T

8. while(not EOF)9. for each gri ∈ Inf 10. if (gri.attr ∈ classified and gri.attr <= S.attr) then 11. addRef (VFA, gri.ref)12. updateVFA()13. else if (gri.attr ∈ classified and gri.attr > S.attr) then 14. addRef (VFA, noise.ref) 15. updateVFA()16. else17. addIndex (FA, gri.idex)18. updateFA()19. end if 20. end for21. buildVFA() 22. buildFA()23. refreshRef(T, T, T)24. regranulate(Inf, T )25. end while26. end if27. end

Advantages of the GBFC model

Adaptability:

Flexible and maneuverable multi-criteria environment for optimal control of information flow.

Level of security Lowest Highest Examples

T Document Word Word, sentence …

TData Type All Available None Nouns, Verbs, Dates…

Classification Unclassified Top Secret (TS), (S), (C), (U) …

T Event based None Maximum

Update, Infection, system failure …

Frequency Never High Monthly, daily, …

T No Noise Max noisedata types in T (Nouns, Verbs, …)

Advantages of the GBFC model

Access restriction and replications:

Efficient granularity based classificationMechanism; Enforcing availability without compromising confidentiality; One information … different views!

Advantages of the GBFC model

Access restriction and replications:

One information … different views! View Based Access Control (redefined) The mirror = The ACE Virtual image (information) viewed through the mirror depends on :

the actions on the mirror, and the status of the window (open, closed or semi-open).

Advantages of the GBFC model

Total control: Centralized access model Permanent systems administrators’ full access

control. Automatic isolation of classified information during security alerts (external attacks, malicious infections,

imminent risk due to voluntary or involuntary

leakage of data, etc.).

Quick recovery after the restoration of the secure state.

Advantages of the GBFC model

Loss of data: Loss of material is the leading cause of information leakage

according to studies in the U.S., Europe and Asia. Source : McAfee, InfoWatch, DataLossDB

GBFC offers : Centralized architecture for classified information; Classified elements protection through references to data; Traceability of lost information; Completely user-transparent framework.

Advantages of the GBFC model

Implementation and compatibility: Platform independent security system Flexibility and adaptation to security environments. Effective in heterogeneous security environments or in extended networks(Internet , Cloud Computing ..) Implement s flow control for security models that don’t implicitly enforce it.

IDENTIFICATION

AUTHENTICATION LEVEL

AUTHORIZATION LEVEL

ACCESS CONTROL ENGINE

(TS) Every individual in a command center responsible for the preparation of emergency action must be familiar with the procedures in the EAP (/TS). (U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).

Advantages of the GBFC model

Noise injection:

Every aspect in a database solution responsible for the system of agent toolkit integrates call familiar with the languages in the GUI. Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.

Implementation(U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).

T=Word T= ((Nouns, Verbs, Abbreviations,

Dates), S) T=(Update, Monthly) T=(Nouns, Verbs, Abbreviations)

Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These 2F08A829 and 2355EA66 2435F450 3D502CE9 to 324AF563 by the 25466F31.

Form of data received by an authorized user

Implementation(U) Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task (/U). (S) These individuals and programs are subject to review by the OJCS (/S).

T=Word T= ((Nouns, Verbs, Abbreviations,

Dates), S) T=(Update, Monthly) T=(Nouns, Verbs, Abbreviations)

Command center training and evaluation programs will be developed to ensure that individuals charged with the preparation and transmission of emergency action messages are qualified in this task. These networks and algorithms draw concept to function by the EBML.

Real data received by a non-authorized user

Conclusion and future work

The achievement : Text based GBFC model The next step : Mathematical model The goal : Generalized model (images and

other media) The implementation : Demonstration

prototype