Intrusion Detection Systems and Intrusion Prevention Systems
PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE
description
Transcript of PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE
![Page 1: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/1.jpg)
1
PRIVILEGE STATES BASED ACCESS CONTROL FOR
FINE GRAINEDINTRUSION RESPONSE
Ashish Kamra, Elisa BertinoPurdue University
Presenter:Ashish Kundu
![Page 3: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/3.jpg)
3
Motivation
Databases
Anomaly Detection
Anomaly Response
Access Control
![Page 4: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/4.jpg)
4
![Page 5: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/5.jpg)
5
Access Control Decision Semantics
RequestReferenceMonitor
AllowDeny
![Page 6: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/6.jpg)
6
Extended Decision Semantics
RequestReferenceMonitor
AllowDeny
TaintSuspend
![Page 7: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/7.jpg)
7
Primary Contribution
Mechanism to enhance the
decision semantics of an
access control implementation
![Page 8: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/8.jpg)
8
Why do we want to do that?
![Page 9: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/9.jpg)
9
Support for fine-grained intrusion response
Request
Detectionengine
Responseengine
Anomaly
Drop Reques
t
LogReques
t
2nd factor of authentication
Passive Monitoring
![Page 10: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/10.jpg)
10
Mapping
Passive Monitoring
Taint decision semantic
2nd factor of
authentication
Suspend decision
semantics
![Page 11: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/11.jpg)
11
Privilege States - glue for the mapping Assign states to privileges
Response system changes privilege state fine-grained response actions
Response : access control decision semantics
![Page 12: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/12.jpg)
12
Privilege States “state” to every privilege
a user or role Five privilege states
DENYSUSPEND
TAINTGRANT
UNASSIGN
![Page 13: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/13.jpg)
13
Privilege State Semantics “DENY”: negative authorizations
“SUSPEND”: request suspension
“TAINT”: request tainting
“GRANT”: standard SQL GRANT
“UNASSIGN”: standard SQL REVOKE
![Page 14: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/14.jpg)
14
Example
U1 is a member of role R1
DBA assigns SELECT privilege in DENY on T1 to user
U1 SELECT privilege in TAINT on T1 to role
R1
Privilege state of SELECT on T1 for U1 ???
![Page 15: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/15.jpg)
15
Privilege State Dominance
Xmeans ‘X’ overrides ‘Y’
DENY
SUSPEND
TAINT
UNASSIGN
GRANT
Y
![Page 16: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/16.jpg)
16
Privilege State Transitions
+
/
+
+
??
?
/
/
/
+ /+ grant
deny
? suspend
/
unassign
taint
?
+
TAINT
SUSPEND
DENY
GRANT REVOKE
?
![Page 17: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/17.jpg)
17
Formal model
For details, please refer to the paper …
![Page 18: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/18.jpg)
18
Considering Role Hierarchies
Role hierarchy based on privilege inheritance
What about privileges in “deny”, “suspend” and “taint” states?
R_parent{insert}
R_child{select
}
{select}
![Page 19: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/19.jpg)
19
Privilege Orientation Modes
up
down
neutral
unassign, grant
deny, taint, suspend
![Page 20: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/20.jpg)
20
Privilege Propagation R8
R5 R6 R7
R2 R3 R4
R1
{select,grant}
{select,grant}
{insert,deny,down}
{insert,deny,down}
Recursive Propagation
![Page 21: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/21.jpg)
21
Implementation in PostgreSQL
New SQL commands TAINT, SUSPEND
Enhanced Access Control Lists To support privilege states and
orientation modes
Re-authentication procedure for a privilege in “suspend” state
![Page 22: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/22.jpg)
22
Access Control Check Overhead No Role Hierarchy
16 32 64 128 256 5120
10
20
30
40
50
60
BASEPSAC
Ove
rhea
d (m
icro
seco
nds)
ACL Size
![Page 23: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/23.jpg)
23
16 32 64 128 256 5120
20
40
60
80
100
120
BASEPSAC
Ove
rhea
d (m
icro
seco
nds)
ACL Size
Access Control Check Overhead With Role Hierarchy
![Page 24: PRIVILEGE STATES BASED ACCESS CONTROL FOR FINE GRAINED INTRUSION RESPONSE](https://reader036.fdocuments.in/reader036/viewer/2022062501/5681623d550346895dd273a0/html5/thumbnails/24.jpg)
24
Conclusions
Fine-granular access control in databases
Anomaly response mechanisms
Facilitates policy development
Formal model and experimental evaluation