Trust Management II Anupam Datta Fall 2007-08 18739A: Foundations of Security and Privacy.

Slides:

Advertisements

Similar presentations

Computer Science CPSC 322 Lecture 25 Top Down Proof Procedure (Ch 5.2.2)

Advertisements

Big Ideas in Cmput366. Search Blind Search State space representation Iterative deepening Heuristic Search A*, f(n)=g(n)+h(n), admissible heuristics Local.

Inference Rules Universal Instantiation Existential Generalization

CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt ) Sept, 11, 2013.

Evaluating “find a path” reachability queries P. Bouros 1, T. Dalamagas 2, S.Skiadopoulos 3, T. Sellis 1,2 1 National Technical University of Athens 2.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Reasoning About Code; Hoare Logic, continued

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

Artificial Intelligence Inference in first-order logic Fall 2008 professor: Luigi Ceccaroni.

Methods of Proof Chapter 7, second half.. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound)

Methods of Proof Chapter 7, Part II. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound) generation.

Propositional Logic Reading: C , C Logic: Outline Propositional Logic Inference in Propositional Logic First-order logic.

Rule based Trust management using RT - second lecture Sandro Etalle thanks to Ninghui Li - Purdue William H. Winsborough – University of Texas S. Antonio.

1 EE5900 Advanced Embedded System For Smart Infrastructure Static Scheduling.

Language-based Security: Information Flow Control 18739A: Foundations of Security and Privacy Anupam Datta Fall 2009.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 19Slide 1 Propositional Logic Intro, Syntax Computer Science cpsc322, Lecture 19 (Textbook Chpt ) February, 23, 2009.

CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt ) January, 12, 2009.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

Trust Management I Anupam Datta Fall A: Foundations of Security and Privacy.

CPSC 322, Lecture 12Slide 1 CSPs: Search and Arc Consistency Computer Science cpsc322, Lecture 12 (Textbook Chpt ) January, 29, 2010.

Firewall Policy Queries Author: Alex X. Liu, Mohamed G. Gouda Publisher: IEEE Transaction on Parallel and Distributed Systems 2009 Presenter: Chen-Yu Chang.

CSCI 5582 Fall 2006 CSCI 5582 Artificial Intelligence Lecture 9 Jim Martin.

Data Flow Analysis Compiler Design Nov. 3, 2005.

Methods of Proof Chapter 7, second half.

Data Flow Analysis Compiler Design October 5, 2004 These slides live on the Web. I obtained them from Jeff Foster and he said that he obtained.

 Last lesson  Graphs  Today  Graphs (Implementation, Traversal)

CS5371 Theory of Computation Lecture 8: Automata Theory VI (PDA, PDA = CFG)

CS590U Access Control: Theory and Practice Lecture 21 (April 11) Distributed Credential Chain Discovery in Trust Management.

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

POLIPO: Policies & OntoLogies for Interoperability, Portability, and autOnomy Daniel Trivellato.

Ninghui Li (Purdue University) 2 nd Int’l Summer School in Computation Logic June 17, 2004 Logic and Logic Programming in Distributed Access Control (Part.

Ninghui Li (Purdue University) 2 nd Int’l Summer School in Computation Logic June 16, 2004 Logic and Logic Programming in Distributed Access Control (Part.

Rule based Trust management using RT – third lecture Sandro Etalle University of Twente & Eindhoven thanks to Ninghui Li - Purdue William H. Winsborough.

Logical Agents Logic Propositional Logic Summary

Dataflow Analysis Topic today Data flow analysis: Section 3 of Representation and Analysis Paper (Section 3) NOTE we finished through slide 30 on Friday.

1 Reasoning about Concrete Security in Protocol Proofs A. Datta, J.Y. Halpern, J.C. Mitchell, R. Pucella, A. Roy.

Computing & Information Sciences Kansas State University Lecture 13 of 42 CIS 530 / 730 Artificial Intelligence Lecture 13 of 42 William H. Hsu Department.

Announcements Project 4: Ghostbusters Homework 7

Kansas State University Department of Computing and Information Sciences CIS 730: Introduction to Artificial Intelligence Lecture 17 Wednesday, 01 October.

Lecture 11 Algorithm Analysis Arne Kutzner Hanyang University / Seoul Korea.

Kansas State University Department of Computing and Information Sciences CIS 730: Introduction to Artificial Intelligence Lecture 23 Friday, 17 October.

Kansas State University Department of Computing and Information Sciences CIS 730: Introduction to Artificial Intelligence Lecture 18 of 41 Friday, 01 October.

Basic Problem Solving Search strategy  Problem can be solved by searching for a solution. An attempt is to transform initial state of a problem into some.

Computer Science CPSC 322 Lecture 22 Logical Consequences, Proof Procedures (Ch 5.2.2)

Points-To Analysis in Almost Linear Time Josh Bauman Jason Bartkowiak CSCI 3294 OCTOBER 9, 2001.

Intro to Planning Or, how to represent the planning problem in logic.

CPSC 322, Lecture 4Slide 1 Search: Intro Computer Science cpsc322, Lecture 4 (Textbook Chpt ) Sept, 12, 2012.

Rule based Trust management using RT – third lecture Sandro Etalle University of Twente & Eindhoven thanks to Ninghui Li - Purdue William H. Winsborough.

Forward and Backward Chaining

CS162 Week 8 Kyle Dewey. Overview Example online going over fail03.not (from the test suite) in depth A type system for secure information flow Implementing.

Some Thoughts to Consider 5 Take a look at some of the sophisticated toys being offered in stores, in catalogs, or in Sunday newspaper ads. Which ones.

Definition and Technologies Knowledge Representation.

Decentralized Access Control: Policy Languages and Logics

Algorithms and Problem Solving

Computer Science cpsc322, Lecture 20

Knowledge and reasoning – second part

Lecture 10 Algorithm Analysis

Logic: Top-down proof procedure and Datalog

CAP 5636 – Advanced Artificial Intelligence

Knowledge and reasoning – second part

CS 188: Artificial Intelligence

BEST FIRST SEARCH -OR Graph -A* Search -Agenda Search CSE 402

Data Flow Analysis Compiler Design

Algorithms and Problem Solving

Beyond Proof-of-compliance: Security Analysis in Trust Management

Computer Science cpsc322, Lecture 20

CS 188: Artificial Intelligence Fall 2008

Presentation transcript:

Trust Management II Anupam Datta Fall A: Foundations of Security and Privacy

2 Logistics Please plan to meet with me over this week to discuss project progress and issues Office hours Friday 2-3:30PM

3 Overview Last lecture Overview of Trust Management [BFL96] RT syntax and examples [LMW02] Today Translating RT into datalog; algorithmic results [LMW02] Distributed credential chain discovery [LWM01]

4 Translating RT 1 to Datalog Type I: A.R  D to isMember(D, A.R) Type II: A.R  B.R1 to isMember(?z, A.R)  isMember(?z, B.R1) Type III: A.R  A.R1.R2 to isMember(?z, A.R)  isMember(?x, A.R1), isMember(?z,?x.R2) Type IV: A.R  B1.R1  B2.R2  …  Bn.Rn to isMember(?z, A.R)  isMember(?z, B.R1),…, isMember(?z,B.Rn)

5 Translation (2) isMember(?z, A.r(h1,…,hn)) to member(A, r, h1,…, hn, ?z) Trans(C): Datalog program resulting from translation of RT 1 credentials C Implications of C: Set of membership relations implied by C

6 RT 1 is tractable Theorem: Given a set C of RT 1 credentials, the implications of C can be computed in time O(MN v+2 ), where Each credential of C has at most v variables Each role name has at most p arguments N 0 is the number of credentials in C N = max(N 0, pN 0 ) M is the size of C A.r  f 1  f k has size k, other credentials have size 1

7 Example RT Credentials A.R i  A.R i+1 for i=1,…,K-1 A.R K  Alice, A.R K  Bob Translation 1. isMember(?z, A. R i )  isMember(?z, A.R i+1 ) for i=1,…,K-1 2. isMember(Alice, A.R K ), isMember(Bob, A.R K ) Start from ground facts; repeatedly apply rule 1 to infer implications in time O((K+1)*2) p = 0, v = 0, N 0 = K + 1, N =K+1, M = K + 1 O(MN v+2 ) = O((K+1)*(K+1) 2 ) Translation only introduces only one dummy variable because no linked roles, so (v+1) instead of (v+2)

8 Summary Similar translations into Datalog and tractability results for other languages in the RT family This is an advantage of RT over other formalisms for distributed access control, e.g. Lampson et al logic (for which the implication problem is undecidable)

9 Overview Last lecture Overview of Trust Management [BFL96] RT syntax and examples [LMW02] Today Translating RT into datalog; algorithmic results [LMW02] Distributed credential chain discovery [LWM01]

10 Goal-directed Chain Discovery Three kinds of queries and algorithms for answering them in RT 0 : 1. Given A.r, determines its members – The backward search algorithm 2. Given D, determines the set of roles that D is a member of – The forward search algorithm 3. Given A.r and D, determines whether D is a member of A.r – The Bi-direction search algorithm

11 Why Develop These Algorithms? The queries can be answered using logic programs however, this requires collection of all credentials in the system The backward algorithm is a goal-directed top- down algorithm The forward algorithm is a goal-directed bottom- up algorithm Distributed discovery requires combination of both

12 Credential Graph G C Nodes: A.r and e for each credential A.r  e in C Credential edges: e  A.r for each credential A.r  e in C Summary edges: B.r 2  A.r 1.r 2 if there is a path from B to A.r 1 D  A 1.r 1  …  A k.r k if there are paths from D to each A j.r j Reachability in the credential graph is sound and complete wrt. the set-theoretic semantics of RT 0

13 An Example Credential Graph StateU.stuID EPub.university ABU.accredited StateU Alice ACM.member EOrg.preferred EPub.university.stuID EPub.student EPub.spdiscount EPub.student  EOrg.preferred Credential Summary Key

14 The Backward Search Algorithm (Overview) Goal: Given A.r, determines its members The backward algorithm : each node stores outgoing edges each node stores entities that can reach it new edges are created in the reverse direction solutions are propagated forward

15 Backward Search In Action 2: EPub.student 4: EPub.university.stuID 6: EPub.university8: ABU.accredited9: StateU StateU 10: StateU.stuID 0: EPub.spdiscount 1: EPub.student  EOrg.preferred 3: EOrg.preferred5: ACM.member7: Alice Alice

16 The Forward Search Algorithm (Overview) Starts with one entity node Constructs a proof graph Each node in the graph stores its solutions: roles that this node can reach (is a member of ) Maintains a work list of nodes need to be processed Algorithm Outline: keep processing nodes in the work list until it is empty

17 Forward Search In Action ABU.accredited 0: Alice StateU.stuID EPub.student 3: ABU.accredited 2: StateU 6: EPub.university 1: StateU.stuID ABU.accredited EPub.university EPub.student 7: Epub.university.stuID 9: EPub.student EPub.student 1. StateU.stuID  Alice 2. ABU.accredited  StateU 3. EPub.university  ABU.accredited 4. EPub.student  EPub.university.stuID 5: ABU8: EPub4: ABU.accredited.stuID

18 Worst-Case Complexity Backward: time O(N 3 +NM), space O(NM) N is the number of rules M is the sum of the sizes of all rules, A.r  f 1  f k having size k, other credentials have size 1 Forward: time O(N 2 M), space O(NM) However, this is goal oriented, making it much better in practice

19 Bidirectional Search The bi-direction search algorithm combines backward search and forward search Bidirectional(e, D) Two queues: Forward processing and backward processing queue Iteratively remove and process node until both queues are empty Each node e stores Backward solutions, backward monitors Full and partial forward solutions, forward monitors

20 Distributed Storage of Credentials Example: 1. EOrg.preferred  ACM.member 2. ACM.member  Alice Who should store a credential? either issuer or subject It is not reasonable to require that all credentials are stored by issuers, or, all are stored by subjects.

Alice EPub StateU ABU 3. ABU.accredited  StateU 1. COE.stuID  Alice 4. EPub.university  ABU.accredited 5. EPub.student  EPub.university.stuID Who stores these statements? 2. StateU.stuID  COE.stuID COE

22 Traversability of Edges and Paths StateU.stuID Alice EPub.university.stuID EPub.student EPub.university ABU.accredited StateU Backward (Issuer stored) Forward (Subject stored) Key Confluent Idea: Confluent paths can be discovered by bidirectional search An edge B.r 2  A.r 1.r 2 has the same traversability as B  A.r 1

23 How to Ensure that Every Path is Confluent? Goal: Use constraints local to each credential to ensure that every path is confluent Approach: give each role name a traceability type introduce a notion of well-typed credentials Main idea: by requiring consistent storage strategy at role name level, guarantee chains using well-typed credentials are confluent

24 Types of Role Names A role name has two types: Issuer side: issuer-traces-all issuer-traces-def (e.g. A1.r  A2.r  A3.r) issuer-traces-none Subject side: subject-traces-all subject-traces-none

25 Well-typedness of Role Names

26 Typing role expressions

27 Well-typed Credentials

28 Example

29 Example (contd)

30 Properties

31 Benefits of the Storage Type System Guarantees that chains of well-typed credentials can be discovered Enables efficient chain discovery by telling the algorithm whether forward or backward search should be used for an intermediate query

32 Acknowledgement Slides for the second part of the lecture were based, in part, on slides from Ninghui Li and John Mitchell.