Comparing Web Frameworks; Struts, Spring Mvc, Webwork, Tapestry & Jsf
On Comparing the Expressing Power of Access Control Model Frameworks
description
Transcript of On Comparing the Expressing Power of Access Control Model Frameworks
![Page 1: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/1.jpg)
On Comparing the Expressing Power of Access Control Model Frameworks
Workshop on Logical Foundations of an Adaptive Security Infrastructure (WOLFASI)
A sub-workshop of the LICS Foundations of Computer Security (FCS'04) Workshop, LICS '04
July 12-13, 2004 Turku, Finland
Elisa Bertino
Purdue [email protected]
Barbara CataniaDISI
Università degli Studi di [email protected]
Elena FerrariDSCFM
Università degli Studi dell’Insubria [email protected]
Paolo PerlascaDICO
Università degli Studi di [email protected]
![Page 2: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/2.jpg)
Summary
• ASI and policy framework• Frameworks comparison• Conclusions and future work
![Page 3: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/3.jpg)
ASI
• Adaptive Security Infrastructure (ASI)– Collect information about security
environments– Analyze the collected data– Perform efficient compensating actions
according to security relevant detected events• ASI strictly depends on the underlying
security policy
![Page 4: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/4.jpg)
Security Policy Issues
• How formally representing the semantics of security policies ?
• In distributed environments– Compensating actions
• can involve different environments and • must agree with the respective underlying security
policies
![Page 5: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/5.jpg)
Framework
• Strategy: framework for representation, analysis, and usage of security policies
• Useful in– Performing security analysis– Identifying strategies– Producing compensating actions– Representing in a uniform way the heterogeneity of the
access control policies and formalisms• We focus on one of the most relevant classes of
security policies: access control policies
![Page 6: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/6.jpg)
Access Control (AC) Policies
• An access control policy determines the operations and rights that subjects can exercise on the protected objects
• Access control policies can be specified through authorization rules– Rules able to establish for each subject s which
actions such subject can perform on which object of the system
![Page 7: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/7.jpg)
General Access ControlSystem
Access Control PolicyAccess Control Policy
Data1 Data2
Access Request
ACP
ACP
Answer
![Page 8: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/8.jpg)
Which AC framework ?
• A variety of access control frameworks have been so far defined
• Each framework provides a formalism for specifying access control policies and a semantics for computing authorizations
• Different frameworks support the representation of different sets of policies
• No comparison of the expressive power of the proposed frameworks has been investigated
![Page 9: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/9.jpg)
LAMP
• LAMP is based on the C-Datalog language • C-Datalog supports:
– classical object-oriented concepts, such as classes, objects and inheritance (used to represent subjects, objects, privileges, sessions,…)
– typical logic-based concepts, such as deductive rules (used to represent authorization and constraint rules)
• Each instance of an ACM is a logical program composed of C-Datalog rules defined against a C-Datalog schema
![Page 10: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/10.jpg)
LAMP
• An Access Control Model Schema (ACMS) defines the structural components upon which the model is based
• Access Control Model Instance (ACMI) provides information concerning the component instances, that is, the “actual” subjects, objects, privileges and sessions, and the authorizations and constraint rules used to instantiate the model
![Page 11: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/11.jpg)
ACMI• DC• DSC• AC• PC• CC
DomainComponent
Domain StructureComponent
AuthorizationComponent
PropagationComponent
ConstraintComponent
Object(self:#8,name:Salaries,access_class:Secret)
g1
g2 g3
g4
g5
SubG(G1:g5,G2:g4) InSubG(G1: g4,G2: g1)
InSubG(G1: g5,G2: g1)
InSubG(G1:X,G2:Y) SubG(G1:X,G2:Y) InSubG(G1:X,G2:Y) SubG(G1:X,G2:Z) , InSubG(G1:Z,G2:Y)
ACMS
object(self:object,name:string,access_class:string)group(self:group,name:string)SubG(G1:group,G2:group)
Object(self:<value>,name:<value>,access_class:<value>)
![Page 12: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/12.jpg)
Jajodia et al.
• Jajodia et al. framework represents access control models by stratified logic programs constructed over a given logical language
• The basic elements used to represent an ACM are:– OTH, UGH, RH, A, Rel– Authorizations (o,s,<sign> a)
![Page 13: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/13.jpg)
Jajodia et al.
• An AS is a set of stratified rules satisfying some syntactic restrictions
• Authorizations are specified through predicates:– cando(o,s,<sign>a)– dercando(o,s,<sign>a)– do(o,s,<sign>a)
![Page 14: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/14.jpg)
RBAC
• NIST RBAC is defined by four levels of increasing complexity
• Roles are powerful and easy to use• SSD and DSD constraints• Policy free
![Page 15: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/15.jpg)
R1
R2 R3
R4P
Permission-roleAssignments
Constraints(SSD, DSD)
User-roleAssignments
U
RBAC COMPONENT
O
![Page 16: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/16.jpg)
Result
• All the ACMs that can be represented by the Jajodia et al. framework can be represented by the Lamp framework
• All the ACMs that can be represented by the four NIST levels can be represented by the Lamp framework
![Page 17: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/17.jpg)
ACMI• DC• DSC• AC• PC• CC
ACMS
AuthBase
ACM
AuthBase
![Page 18: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/18.jpg)
Result
• The set of the ACMs that can be represented by LAMP is greater than the one representable by the Jajodia et al. framework
• Locally stratified logic programs generates a unique set of authorizations vs more general formalism supporting the generation of more than one set of consistent authorizations
![Page 19: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/19.jpg)
Result
• The set of the ACMs that can be represented by LAMP is greater than the one representable by the NIST framework
• SSD and DSD constraints vs broader set of constraints (conditioned separation of duty depending on specific values of basic elements)
![Page 20: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/20.jpg)
Conclusions
• Given a distributed system based on ASI our analysis will help in the selection of a specific ac framework for such environment
![Page 21: On Comparing the Expressing Power of Access Control Model Frameworks](https://reader036.fdocuments.in/reader036/viewer/2022062411/5681678f550346895ddcbac3/html5/thumbnails/21.jpg)
Future work
• Definition of new dimensions and comparison according to them– Mapping complexity– Spatial complexity– Temporal complexity
• Development of a set of tools for specifying and analyzing ac policies using LAMP as a core system