Presentation is loading. Please wait.

Presentation is loading. Please wait.

Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette and Carl Lagoze Cornell Digital Library Research Group ECDL2000 Lisbon, Portugal September.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette and Carl Lagoze Cornell Digital Library Research Group ECDL2000 Lisbon, Portugal September."— Presentation transcript:

1 Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette and Carl Lagoze Cornell Digital Library Research Group ECDL2000 Lisbon, Portugal September 19, 2000

2 Digital Library Context Repositories of simple, familiar entities Repositories of complex, dynamic objects

3 Access Control Challenge Enforcement of highly expressive access control policies to support context-specific and object- specific requirements of digital libraries.

4 General-Purpose Policy Enforcement

5 Context-Specific Policy Enforcement

6 Limitations of traditional access control mechanisms Limited expressiveness for policies Fixed set of abstractions –objects are files, directories, etc. –actions are read, write, execute, etc. Not easily extended for complex or fine- grained policies

7 Policy Enforcement Continuum repository-centric object-centric Digital Objects general-purpose policiescontext-specific policies

8 Policy-Carrying, Policy-Enforcing Digital Objects - motivation Semantics of policy language must parallel the behavioral semantics of real-world entities Secure enforcement of fine-grained, context-sensitive policies Extensibility for policies and enforcement mechanisms Support for portability and mobile computing (enforce policies on un-trusted mobile agents) Decentralized policy management

9 Digital Libraries: context-specific policies Distance Education (“Lecture object”): –“guests may view course syllabus and slides 1-10 of Lecture 1, but may not view the Lecture 1 video or other slides.” –“students may not view Lecture 2 video unless they submit assignment for Lecture 1.” Library digitization (“Book object”): –“before copyright expiration on 1/1/2002 CU students can access chapters 1-6 and CU alumni can access pages 1-20 of chapter 2; after expiration, all users can access all pages of all chapters.” Business Strategy (“Technology portfolio object”): –“managers may view product specification only after product safety report has been certified by head of R&D.” –“only the executive team may run the market share simulation”

10 Building on existing work Fedora - digital object and repository architecture (Payette and Lagoze, 1998, 2000) Security Automata (Schneider, 1999) PoET - Policy Enforcement Toolkit (Erlingsson and Schneider, 1999, 2000)

11 FEDORA: Digital Object Architecture Interoperability – among heterogeneous digital objects Interface Stability - for accessing digital objects Extensibility – of digital object behaviors Distribution - of digital object data and executables Security - flexible policy enforcement for access control Preservation - longevity of digital objects

12 Fedora Digital Object Model Disseminations Generic interface Data Stream Data Stream Data Stream Extensible Mechanism Encapsulated service request Primitive Disseminator Typed Disseminator Internal stream

13 Extensible Behaviors - “Lecture” Content Disseminations Lecture Mechanism Dublin Core GetVideo(quality) GetSlide(seqNum) GetSyncData GetDCRecord GetDCField(name) Lecture Data Archive Video-H Policy-L (PSlang) Video-L Policy-D (PSlang) slide-2 (gif) slide-1 (gif) metadata (xml)

14 Security Automata Theoretical basis for specifying policies that are enforceable, flexible, and fine-grained Policies are modeled as state transitions Execution Monitoring (EM) –Class of enforcement mechanisms that enforce policies by simulating a security automaton –Monitors executions upon a target (system, application, object) and prevents executions that violate policy –“Reference Monitors” are EM Source: Schneider, 1999

15 Example: Simple Security Automaton Un-authenicated user Authenticated user Present Cornell ID “Only authenticated Cornell users can view the lecture.” View metadata View lecture

16 In-Line Reference Monitoring (IRM) Security automata simulations are merged into program object code (checks inserted before each execution) The application program, itself, becomes the reference monitor, ensuring that policy is not violated when it runs. Source: Erlingsson and Schneider, 1999, 2000 Traditional (kernel as Reference Monitor) kernel program executable OS RM Language-based security (IRM) In-lined program

17 Policy Enforcement Toolkit (PoET) Trusted program rewriter - modifies Java bytecode Secure class loader Event-oriented policy language (PSLang) Source: Erlingsson and Schneider, 1999, 2000 Policy in PSlang Policy in PSlang Program rewriter Secure Class loader Modified Bytecode (target with policy embedded) JVM Java Bytecode (class file) Program runs (obeys policy) PoET

18 FEDORA and PoET IRM Policy Enforcement Content Disseminations Video-H Lecture Mechanism Video-L Dublin Core Java bytecode in-lined with policies at runtime slide-2 (gif) slide-1 (gif) metadata (xml) access request Policy-L (PSlang) Policy-D (PSlang)

19 Object structure view via client Digital Object Policy

20 End-User View … policies enforced transparently

21 Challenges and Future Work Ramp up - enforcement of more complex policies, more object types Examine tension between object-centric vs. repository centric policy enforcement Mobile computing - trust schemes to support policy enforcement as objects move “Intentional” policies and dynamic policy binding Preservation application of security automata - detect unacceptable transitions

22 References: Fedora Payette, Sandra and Carl Lagoze, “Flexible and Extensible Digital Object and Repository Architecture,” ECDL98, Heraklion, Crete, September 21-23, 1998, Springer, 1998, (Lecture notes in computer science; Vol. 1513). http://www.cs.cornell.edu/payette/papers/ecdl98/fedora.html Payette, Sandra, Christophe Blanchi, Carl Lagoze, and Edward Overly, “Interoperability for Digital Objects and Repositories: The Cornell/CNRI Experiments,” D-Lib Magazine, May 1999. http://www.dlib.org/dlib/may99/payette/05payette.html Payette, Sandra and Carl Lagoze, Policy-Carrying, Policy-Enforcing Digital Objects, accepted by Fourth European Conference on Research andAdvanced Technology for Digital Libraries, Portugal, Springer, 2000, (Lecture notes in computer science), draft available at http://www.cs.cornell.edu/payette/papers/ecdl2000/pcpe-draft.ps Payette, Sandra and Carl Lagoze, Value Added Surrogates for Distributed Content: Establishing a Virtual Control Zone, D-Lib Magazine, June 2000, http://www.dlib.org/dlib/june00/payette/06payette.html

23 References: Security Automata and PoET Schneider, Fred B., “Enforceable Security Policies,” Computer Science Technical Report #TR98-1664, Department of Computer Science, Cornell University, July 24, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR98-1664 Erlingsson, Ulfar and Fred B. Schneider, “SASI Enforcement of Security Policies: A Retrospective,” Computer Science Technical Report #TR99-1758, Department of Computer Science, Cornell University, July 19, 1999, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR99-1758 Erlingsson, Ulfar and Fred B. Schneider, “IRM Enforcement of Java Stack Inspection,” Computer Science Technical Report #TR2000-1786, Department of Computer Science, Cornell University, February 19, 2000, http://cs-tr.cs.cornell.edu:80/Dienst/UI/1.0/Display/ncstrl.cornell/TR2000-1786

Download ppt "Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette and Carl Lagoze Cornell Digital Library Research Group ECDL2000 Lisbon, Portugal September."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb. 2000 Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.

Containment and Integrity for Mobile Code Status Report to DARPA ISO: Feb Fred B. Schneider Andrew Myers Department of Computer Science Cornell University.
Planning for Flexible Integration via Service-Oriented Architecture (SOA) APSR Forum – The Well-Integrated Repository Sydney, Australia February 2006 Sandy.

Planning for Flexible Integration via Service-Oriented Architecture (SOA) APSR Forum – The Well-Integrated Repository Sydney, Australia February 2006 Sandy.
Project Prism Virtual Remote Control: Preservation Risk Management for Web Resources Nancy Y. McGovern, ECURE 2002.

Project Prism Virtual Remote Control: Preservation Risk Management for Web Resources Nancy Y. McGovern, ECURE 2002.
R.Jantz, August 31, 2006 1 Two-day forum on PREMIS Preservation Metadata and the Trusted Digital Repositories August 31, September 1 National Library of.

R.Jantz, August 31, Two-day forum on PREMIS Preservation Metadata and the Trusted Digital Repositories August 31, September 1 National Library of.
Fedora Commons: Introduction and Update Swedish National Library June 24, 2008.

Fedora Commons: Introduction and Update Swedish National Library June 24, 2008.
Building a Digital Library with Fedora International Conference on Developing Digital Institutional Repositories Hong Kong December 9, 2004.

Building a Digital Library with Fedora International Conference on Developing Digital Institutional Repositories Hong Kong December 9, 2004.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University CS 502 Computing Methods.

Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University CS 502 Computing Methods.
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Cornell Digital Library Research Group.

Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Cornell Digital Library Research Group.
Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.

Java for High Performance Computing Jordi Garcia Almiñana 14 de Octubre de 1998 de la era post-internet.
The Fedora Project March 19, 2003 ISTEC Symposium, Brazil Sandy Payette Cornell Information Science.

The Fedora Project March 19, 2003 ISTEC Symposium, Brazil Sandy Payette Cornell Information Science.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University June 29, 1999 Harvard.

Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University June 29, 1999 Harvard.
William Y. Arms Corporation for National Research Initiatives March 22, 1999 Object models, overlay journals, and virtual collections.

William Y. Arms Corporation for National Research Initiatives March 22, 1999 Object models, overlay journals, and virtual collections.
Cornell/CNRI Repository Interoperability Project Interoperability Meeting February 24, 1999.

Cornell/CNRI Repository Interoperability Project Interoperability Meeting February 24, 1999.
More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)

More Enforceable Security Policies Lujo Bauer, Jay Ligatti and David Walker Princeton University (graciously presented by Iliano Cervesato)
A Type System for Expressive Security Policies David Walker Cornell University.

A Type System for Expressive Security Policies David Walker Cornell University.
Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University MOA2/Cornell Architecture.

Flexible and Extensible Digital Object and Repository Architecture (FEDORA) Sandra Payette Cornell University MOA2/Cornell Architecture.
Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000.

Policy-Carrying, Policy-Enforcing Digital Objects Sandra Payette Project Prism - Cornell University DLI2 All-Projects Meeting June 14, 2000.

Similar presentations

Ads by Google