Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust and Security for Next Generation Grids, www.gridtrust.eu Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC.

Published byDamian Berry Modified over 8 years ago

Similar presentations

Presentation on theme: "Trust and Security for Next Generation Grids, www.gridtrust.eu Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC."— Presentation transcript:

1 Trust and Security for Next Generation Grids, www.gridtrust.eu Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC OGF-25-Tutorial Catania, 02-06/02/2009

2 Trust and Security for Next Generation Grids, www.gridtrust.eu Tutorial Agenda 1. Usage Control for Grids (25 minutes) 2. An Architecture for Usage Control in Grids (20 minutes) 3. Usage Control Policies in XACML (45 minutes) 4. Usage Control in Action: Controlling Service Usage in a Grid-Based Content Management System (20 minutes) 5. PolPA: A Usage Control Policy Language for Grids (45 minutes) 6. Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain (25 minutes)

3 Trust and Security for Next Generation Grids, www.gridtrust.eu Security Virtual Organisations

4 Trust and Security for Next Generation Grids, www.gridtrust.eu Security throughout the VO Lifecycle

5 Trust and Security for Next Generation Grids, www.gridtrust.eu Plan Introduction to virtual organisations Introduction to virtual organisations Introduction to access control and usage control Introduction to access control and usage control Examples Examples

6 Trust and Security for Next Generation Grids, www.gridtrust.eu Dynamic Virtual Organisations “ Virtual organizations: a temporary or permanent coalition of geographically dispersed individuals, groups, organisational units or entire organisations that pool resources, capabilities and information in order to achieve common goals” 154 3 2 Services 3’ Dynamic 6

7 Trust and Security for Next Generation Grids, www.gridtrust.eu Trust in Virtual Organisations “Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. Especially since each partner contribute with their core competencies” 154 3 2 Collaboration Threats: Bad service (contract not respected) Attacks – loss of information Attacks – disruption of service Vulnerability to attacks (low level of security at one of the partners) … How do you maintain Trust and Security properties in dynamic VO? Need for Trust and security mechanisms

8 Trust and Security for Next Generation Grids, www.gridtrust.eu Desired Self-Organization/Self- Protection Behavior 154 3 2 User Trust requirement: always all nodes sufficiently trusted Dynamic Business Processes -> Self-organization Self-protection Avoid/Minimize intervention of human operators 3’ If trust of node x < Min trust threshold Then replace node x VO policy rules: 3 If trust of node x < Min trust threshold Then tighten security for node x

9 Trust and Security for Next Generation Grids, www.gridtrust.eu Issues: Policy Based Trust and Security Management in VOs VO = set of users that pool resources in order to achieve common goals - Rules governing the sharing of the resources VO = set of users that pool resources in order to achieve common goals - Rules governing the sharing of the resources Trust and security policies are derived following the goals of the VO and rules for sharing resources Trust and security policies are derived following the goals of the VO and rules for sharing resources  Access to resources can be updated according to the behaviour of users (reputation) discovery of potential trustworthy partners Establishment of security policies, following governing rules Monitoring Enforcing policies Maintenance of reputation membership and policy adaptation termination of trust relationships maintenance of reputation

10 Trust and Security for Next Generation Grids, www.gridtrust.eu Trust and Security in Grids (Outsourcing) Res. Service Provider (SP) Service Requestor (SR) VO Service Request Shared resources Infrastructure Provider (IP) Service Instance Can I trust the SR and SP? Is SP using my resources with malicious intent? Is the selected IP secure?

11 Trust and Security for Next Generation Grids, www.gridtrust.eu Current State of the Art in Grid Authorization GridTrust focuses on authorization GridTrust focuses on authorization OGSA/Globus default autorisation mechanism: GridMap is coarse Grained and static OGSA/Globus default autorisation mechanism: GridMap is coarse Grained and static Extended authorization mechanisms Extended authorization mechanisms  Akenti (fine grained distributed access control)  PERMIS (RBAC)  Shibboleth (cross-domain single sign-on and attribute-based authorization ) Basic limitation: once you receive access to a resource, you are free to use it without any control. Basic limitation: once you receive access to a resource, you are free to use it without any control. Need for finer grained and continuous control Need for finer grained and continuous control

12 Trust and Security for Next Generation Grids, www.gridtrust.eu Usage Control Model: Beyond Ac. Control Usage Control DRM Trust Mangt. Traditional Access Control Server-side Reference Monitor (SRM) Client-side Reference Monitor (CRM) SRM & CRM Sensitive Information Protection Intellectual Property Rights Protection Privacy Protection UCON [Park04]

13 Trust and Security for Next Generation Grids, www.gridtrust.eu Example of UCON Model PreAuthorization without update (PreA0) PreAuthorization without update (PreA0) Temporal logic specification Temporal logic specification  permitaccess(s, o, r) → (tryaccess(s, o, r) ∧ (p1 ∧ ・・ ・∧ pi))  where p1,..., pi are predicates built from subject and/or object attributes, which are pre-authorization predicates. Polpa Encoding Polpa Encoding  tryaccess(s, o, r).  pA(s, o, r).  permitaccess(s, o, r).  endaccess(s, o, r)

14 Trust and Security for Next Generation Grids, www.gridtrust.eu Another Example of UCON Model OnAuthorization with preUpdate (OnA1) OnAuthorization with preUpdate (OnA1) Temporal logic specification Temporal logic specification  (1) permitaccess(s, o, r) → tryaccess(s, o, r) ∧ preupdate(attribute)  (2)  ( ¬ (p1 ∧ ・・ ・∧ pi) ∧ (state(s, o, r) = accessing) → revokeaccess(s, o, r)) Polpa Encoding Polpa Encoding  tryaccess(s, o, r).  update(s, o, r).  permitaccess(s, o, r).  (endaccess(s, o, r) or (pA(s, o, r).revokeaccess(s, o, r)))

15 Trust and Security for Next Generation Grids, www.gridtrust.eu Applications of Usage Control With UCON we can express policies such as With UCON we can express policies such as  Mandatory Access Control (MAC),  History based access control in general,  Resource usage limitation,  Chinese wall (CWSP), With UCON integrated with RTML, credential based-trust management, we can also enforce With UCON integrated with RTML, credential based-trust management, we can also enforce  Role Based Access Control,  Attribute Based Access Control policies, or  Other credential-based policies Other … Other …

16 Trust and Security for Next Generation Grids, www.gridtrust.eu From Access Control to Usage Control Before usage Pre decision Pre update Ongoing usage After usage Ongoing update Post update Mutability of attributes Ongoing decision Continuity of decision Time Usage Decision still valid ? Can you revoke access ?

17 Trust and Security for Next Generation Grids, www.gridtrust.eu GridTrust Objective: Bring Usage Control To The Grid Integrate usage control into Grid Integrate usage control into Grid Supports many existing access control models Supports many existing access control models New models of trust and security New models of trust and security Usage control model: policy language Usage control model: policy language Rights Authori zations Obliga tions Condit ions Subjects Objects Attributes Usage Decision

18 Trust and Security for Next Generation Grids, www.gridtrust.eu Examples of UCON concepts Subject attributes Subject attributes  Immutable: subject.identity  Mutable: subject.credit = subject.credit – resource.cost Object attributes Object attributes Immutable: Object.identity Mutable: r.availableSpace = r.availableSpace – s.assignedSpace Mutable attribute update Mutable attribute update  Pre-update: s. balance = s. balance - r.cost  Ongoing-update:. balance = s. balance - r.costunit  Post-update: s.totalUsage = s.totalUsage + r.resourceUsage Authorization Authorization  Pre-authorization: s.balance >= r.cost  Ongoing-authorization: s.reputation > r.reputationMinimum  Post-authorization: socket.remoteDomain Є AcceptableDomains Conditions Conditions  Pre-conditions: 08:00 <= currentTime <= 18:00  Ongoing-conditions: 08:00 <= currentTime <= 18:00 (long duration access can be revoked) Obligations Obligations  Pre-obligations: accepted(s, r.licenseAgreement)  Ongoing-obligations: read(s, r.publicity)

19 Trust and Security for Next Generation Grids, www.gridtrust.eu How Continous Usage Control Works Shared resources Hosting Environment Service Program … OpenFile() … ReadFile() … OpenFile() … CloseFile() … Maps Service Provider (SP) Service Instance Monitor Start Opened Reading Closed Policy Enforcement Point Violation Local Policy

20 Trust and Security for Next Generation Grids, www.gridtrust.eu Example: Managing Conflicts of Interest in Virtual Organisations Conflict of Interest Collaborates on Allocated to Owned By

21 Trust and Security for Next Generation Grids, www.gridtrust.eu Example: The Chinese Wall Based on the notion of conflict of interest class Based on the notion of conflict of interest class Need a history Need a history Client 1 Resource 1Resource 2 Client 2 Resource 3Resource 4 Conflict of interest class access

22 Example: Chinese Wall Security Policy gvar[1]:=0. gvar[2]:=0. ([eq(gvar[2],0),eq(x1,”/home/paolo/SetA/*”),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[1]:= 1. i([eq(x1,lvar[1])].read(x1,x2,x3)). [eq(x1,lvar[1])].close(x1,x2))Par ([eq(gvar[1],0),eq(x1,”/home/paolo/SetB/*”),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[2]:=1. i([eq(x1,lvar[1])].read(x1,x2,x3)). [eq(x1,lvar[1])].close(x1,x2)) Usage Control Policy Language History of System Calls

23 Trust and Security for Next Generation Grids, www.gridtrust.eu GridTrust Framework: Tools and Policy-based Services GRID Service Middleware Layer NGG Architecture GRID Application Layer GRID Foundation Middleware Layer Network Operating System Trust and Security Goals Self-* … Dynamic VO … Reputation Mgt service VO Mngt … Resources VO Members Services Computational usage control +TM Fine grained Continuous OGSA compliant Usage Cont. service Secure VO Req Editor Usage Control Policies VO-level Policies VO Model and Refinement Tool 2. Local Policies 1. Global Policies Sec Res Broker Enforcer

Download ppt "Trust and Security for Next Generation Grids, www.gridtrust.eu Tutorial Usage Control for Next Generation Grids Introduction Philippe Massonet et al CETIC."

Similar presentations

Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.

1 Formal Model and Analysis of Usage Control Dissertation defense Student: Xinwen Zhang Director: Ravi S. Sandhu Co-director: Francesco Parisi-Presicce.
Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology www.list.gmu.edu Department of Information.

Cyber-Identity and Authorization in an Uncertain World Ravi Sandhu Laboratory for Information Security Technology Department of Information.
Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.

Attribute Mutability in Usage Control July 26, 2004, IFIP WG11.3 Jaehong Park, University of Maryland University College Xinwen Zhang, George Mason University.
1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.

1 Safety Analysis of Usage Control (UCON) Authorization Model Xinwen Zhang, Ravi Sandhu, and Francesco Parisi-Presicce George Mason University AsiaCCS.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.

A Usage-based Authorization Framework for Collaborative Computing Systems Xinwen Zhang George Mason University Masayuki Nakae NEC Corporation Michael J.
Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-

Usage Control: UCON Ravi Sandhu. © Ravi Sandhu2 Problem Statement Traditional access control models are not adequate for todays distributed, network-
Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.

Logical Model and Specification of Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.

Towards A Times-based Usage Control Model Baoxian Zhao 1, Ravi Sandhu 2, Xinwen Zhang 3, and Xiaolin Qin 4 1 George Mason University, Fairfax, VA, USA.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Trust and Security for Next Generation Grids, www.gridtrust.eu Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.

Trust and Security for Next Generation Grids, Implementing UCON with XACML for Grid Services Bruno Crispo Vrije Universiteit Amsterdam.
Trust and Security for Next Generation Grids, www.gridtrust.eu Grid Security Requirements Philippe Massonet et al CETIC OGF-25-Presentation Catania, 02-06/03/2009.

Trust and Security for Next Generation Grids, Grid Security Requirements Philippe Massonet et al CETIC OGF-25-Presentation Catania, 02-06/03/2009.
The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.

The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.
Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations

Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Trust Management of Services in Cloud Environments:

Trust Management of Services in Cloud Environments:
Trust and Security for Next Generation Grids, www.gridtrust.eu Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe.

Trust and Security for Next Generation Grids, Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe.
Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Federated Digital Rights Management Mairéad Martin The University of Tennessee TERENA General Assembly Meeting Prague, CZ October 24, 2002.

Similar presentations

Ads by Google