Network Quality of Service for the Enterprise: A Broad

Download Report

Transcript Network Quality of Service for the Enterprise: A Broad

A Credential-Based Approach for Facilitating
Automatic, Secure Resource Sharing Among
Ad-hoc Dynamic Coalitions
Janice Warner and
Vijayalakshmi Atluri
Rutgers University
Ravi Mukkamala
Old Dominion
University
August 2005
Coalition Resource Sharing
• Dynamic and Ad-hoc – members may leave and new
members may join
• Examples:
• Natural Disaster: government agencies, non-government
organizations and private organizations may share data
about victims, supplies and logistics.
• Homeland Security: Information collected by various
governmental agencies shared for comprehensive data
mining
• Virtual Enterprises: Collaboration between companies
August 2005
IFIP05-Warner, Atluri and
Mukkamala
2
Current Approaches to Resource
Sharing
• Form teams (workgroups) comprising of users from all
coalition entities
Problems: not viable and scalable - may result in delays
• User ids given to each external member of the coalition and
access control is provisioned on these ids.
Problem: administratively burdensome; requires explicit
revocation upon coalition or user termination
• Single access id provided to each external coalition entity
Problem: Fine-grained access control is not possible
• Resources are copied to external coalition member
Problem: Updates are difficult and may result in
uncontrolled sharing
August 2005
IFIP05-Warner, Atluri and
Mukkamala
3
Outline
•
•
•
•
•
Motivation
What is needed
CBAC Model
DCBAC Model
Conclusions and Future Work
August 2005
IFIP05-Warner, Atluri and
Mukkamala
4
Resource Sharing among Coalitions
• Typically, the policies for sharing are stated at the
coalition level
• Example – The Red Cross and Doctors without Borders will
work together to investigate the spread of infectious diseases in
the wake of a natural disaster.
• Enforcing coalition-level security policies requires
transforming them to implementation level
• Example - Dr. Roberts of Doctors without Borders can access
reports on the spread of infectious diseases in Turkey.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
5
Our Preliminary Solution
(presented at ICDCIT04)
• A formal model comprising of three levels
(user-object, role, coalition levels)
• Enables handshaking of relevant
information by appropriate levels of the
agencies
• Allows distributed access control – control
remains in the hands of the resource owner
August 2005
IFIP05-Warner, Atluri and
Mukkamala
6
Layered CBAC Model
coalition segment role segment user-object request
= 555444555, DB99, RC11, doctor (location: Turkey, specialty:
immunology)  concept: disease, type: data 
role segment
user-object request
= doctor (location:
Turkey, specialty:
immunology)  concept:
Coalition
Level
Coalition
Level
Role
Level
Role
Level
disease, type: data 
user-object request
=roberts, concept:
disease, type: data
August 2005
role segment
user-object request
= doctor (location:
Turkey, specialty:
immunology)  concept:
disease, type: data 
User-Object
Level
Entity A
Drs-w/o-Borders
User-Object
Level
Entity B
Red Cross
IFIP05-Warner, Atluri and
Mukkamala
user-object request
=RID799, RID223
7
Limitations of CBAC Model
• Coalitions need to have high level agreements in
place before there is a flow of information:
• Coalition entities know what is available and how to
find it.
• Coalition entity ids are pre-assigned.
• Credentials requirements are union of all
associated with role that has access to requested
object.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
8
Dynamic Coalition-Based Access
Control Model (DCBAC)
• Dynamic because:
• Employs a Coalition Service Registry (CSR) where
shared resources and coalition level policies are
publicized
Agreements do not need to established between
coalition partners beforehand
• Computes credentials needed by external user from
local access control policies through Mapper layer.
Coalition access control policy determined through
transformation of local access control policy
August 2005
IFIP05-Warner, Atluri and
Mukkamala
9
Principals of DCBAC
• Existing access control mechanisms within
each coalition entity remain intact.
• Access rights are granted to subjects only if
they belong to an organization recognized
by the coalition.
• Subjects of a coalition entity must have
credentials with attribute values comparable
to those of local subjects.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
10
DCBAC Architecture
Network (e.g., Internet)
Coalition
Access Point
(CAP)
Coalition Level
Credential Filter
Local Services
(shared and private)
August 2005
Coalition
Service Registry
(CSR)
Coalition Level
Credential Filter
Credential to
LAC Mapper
Credential to
LAC Mapper
Local Access
Control (LAC)
Local Access
Control (LAC)
Local User
Interface
Local User
Interface
IFIP05-Warner, Atluri and
Mukkamala
Local Services
(shared and private)
11
Example Emergency
Management Scenario
International Red Cross makes available its
Emergency Response IS subject to:
Organization Level Policy:
Must be member of a non-profit, certified, relief
organization.
Individual Policy:
Access is restricted to information concerning the
emergency site in which they are currently working.
Policy Based on LAC Mapping:
Credentials must be comparable with those of internal
users.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
12
Coalition Service Registry
Coalition
Service Registry
(CSR)
• Similar to UDDI Web Service Registry
• Advertises resources that coalition entities make
available
• Describes interface to resources
• Describes credentials needed to access resources
• Verifies organizational-level credentials
• Issues a “ticket” which can be submitted by
individuals in authenticated organization with
request to access a specific resource.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
13
CSR is a UDDI-like Registry
Coalition
Service Registry
(CSR)
UDDI:name
UDDI:discovery URL
businessEntity
UDDI:contacts
UDDI:description
UDDI:name
businessService
UDDI:description
UDDI:category bag
UDDI:accessPoint
UDDI:description
bindingTemplate
August 2005
IFIP05-Warner, Atluri and
Mukkamala
UDDI:category bag
UDDI:tModelInstanceDetails
14
CSR is a UDDI-like Registry
UDDI:name
Resources listed in the CSR
are searchable based on
resource identifiers, name,
keywords or category.
UDDI:discovery URL
businessEntity
Coalition
Service Registry
(CSR)
UDDI:contacts
UDDI:description
UDDI:name
businessService
UDDI:description
UDDI:category bag
UDDI:accessPoint
UDDI:description
bindingTemplate
August 2005
IFIP05-Warner, Atluri and
Mukkamala
UDDI:category bag
UDDI:tModelInstanceDetails
15
CSR is a UDDI-like Registry
Coalition
Service Registry
(CSR)
UDDI:name
UDDI:discovery URL
businessEntity
UDDI:contacts
UDDI:description
UDDI:name
businessService
UDDI:description
Provides network address
of Coalition Access Point
from which resource can
be requested.
UDDI:category bag
UDDI:accessPoint
Provides
credential info
and other access
requirements
UDDI:description
bindingTemplate
August 2005
IFIP05-Warner, Atluri and
Mukkamala
UDDI:category bag
UDDI:tModelInstanceDetails
16
Example – Resource request is
made
Network (e.g., Internet)
Coalition Level
〈744, (location:Turkey, specialty: infectious
disease), Red_Cross_RID_730〉
Credential Filter
〈744, (degree:MD, gender:M, location:Turkey,
specialty: infectious disease), concept: disease type:
data 〉
〈744, roberts, concept: disease type: data 〉
August 2005
Coalition
Service Registry
(CSR)
Credential to
LAC Mapper
Local Access
Control (LAC)
Local User
Interface
IFIP05-Warner, Atluri and
Mukkamala
17
Example – Obtain organizational
assertion
Network (e.g., Internet)
Doctors-Without-Borders CAP
consults the CSR:
• to find the resource(s) (if it has
not been located before)
• to obtain a valid organizational
assertion (if it does not currently
have one)
Coalition Level
Credential Filter
Coalition
Service Registry
(CSR)
Credential to
LAC Mapper
Local Access
Control (LAC)
Local User
Interface
August 2005
IFIP05-Warner, Atluri and
Mukkamala
18
Tickets are SAML assertions
Coalition
Service Registry
(CSR)
• Assertions are declarations of facts:
•
•
•
•
Issuer ID and issuance timestamp
Assertion ID
Subject
“Conditions” under which assertion is valid (e.g.,
validity period)
• CSR declares that organizational credentials were
submitted and validated.
• Assertions can be digitally signed (and should be)
August 2005
IFIP05-Warner, Atluri and
Mukkamala
19
Example – Request send to
provider’s CAP
Network (e.g., Internet)
Coalition Level
〈744, Doctors Without Borders, Red Cross,
SAML Assertion, Red_Cross_RID_730,
(location:Turkey, specialty: infectious disease) 〉
Coalition Level
Credential Filter
Credential Filter
Credential to
LAC Mapper
Credential to
LAC Mapper
Local Access
Control (LAC)
Local Access
Control (LAC)
Local User
Interface
August 2005
Local Services
(shared and private)
Local User
Interface
IFIP05-Warner, Atluri and
Mukkamala
20
Example – Provider evaluates
request
Network (e.g., Internet)
Coalition Level
Coalition Level
Validates organizational credentials
Credential Filter
Credential Filter
〈744, Red_Cross_RID_730, (location:Turkey,
specialty: infectious disease) 〉
Credential to
LAC Mapper
Credential to
LAC Mapper
Local Access
Control (LAC)
Local Access
Control (LAC)
Local User
Interface
Local User
Interface
August 2005
〈744, Red_Cross_RID_730〉
IFIP05-Warner, Atluri and
Mukkamala
Local Services
(shared and private)
21
Conclusions
• DCBAC automates translation of coalition level
policies into subject-resource level.
• Depends upon credentials – both organizational level
and user.
• Maps roles to credentials commonly held by members
of the role.
• Uses a Coalition Service Registry so that ad-hoc
coalitions can be formed simply by discovering
resources that are needed.
• Can be built using currently available standard
protocols – XACML, UDDI and SAML.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
22
Ongoing Work
• Mapper – Details on mapping local policies to
credentials submitted to ICISS 2005
• Graph-based approach
• Strategies for inclusion of similar credentials
• Data mining of logs, local policies, and other
security related data to obtain:
• Groupings of users with similar data requirements and
attributes
• Groupings of resources
• Resolving semantic heterogeneity between
policies and credential attributes.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
23
Coalition Level
DCBAC – Coalition Level
• Interacts with the coalition level at
other coalition entities through the
Coalition Access Point (CAP).
• Incoming: Processes requests by
validating CSR ticket.
• Outgoing: Obtains ticket, appends to
user request and forwards it to
appropriate CAP.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
Credential Filter
Credential to
LAC Mapper
Local Access
Control (LAC)
Local User
Interface
24
Coalition Level
DCBAC – Credential Filter
Credential Filter
• Incoming Requests:
• Determines whether user credentials sent
with request are adequate.
• Optionally, can downgrade or upgrade the
credentials of users from specific entities.
Credential to
LAC Mapper
Local Access
Control (LAC)
Local User
Interface
• Outgoing Requests:
• Filters user credentials such that only
those necessary to obtain access are sent.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
25
Coalition Level
DCBAC - Mapper
Credential Filter
Credential to
LAC Mapper
Local Access
Control (LAC)
• Assumes RBAC local access control
Local User
although this is not essential.
Interface
• Incoming – Compares user credentials to
internal roles that have rights to requested
resource.
• Outgoing – Determines role played by
requester and retrieves credentials common
to users playing that role.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
26
Coalition Level
DCBAC – LAC
• Enforces control on local services for
both local and non-local requests.
• Local requests are received through
the local user interface.
• External requests are received through
the mapper.
August 2005
IFIP05-Warner, Atluri and
Mukkamala
Credential Filter
Credential to
LAC Mapper
Local Access
Control (LAC)
Local User
Interface
27