Presentation is loading. Please wait.

Presentation is loading. Please wait.

Type-Based Distributed Access Control Tom Chothia, Dominic Duggan, and Jan Vitek Presented by Morgan Kleene.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Type-Based Distributed Access Control Tom Chothia, Dominic Duggan, and Jan Vitek Presented by Morgan Kleene."— Presentation transcript:

1 Type-Based Distributed Access Control Tom Chothia, Dominic Duggan, and Jan Vitek Presented by Morgan Kleene

2 Problem Enforcing access control in a distributed setting, i.e., in a setting where requests need not go through a central authority Would like to do as much as possible statically

3 Model Current paper extends and augments DLM, (Distributed Label Model) the foundation of JIF [Myers and Liskov] All hosts are trusted (this can be relaxed, as in their later work) We deal with mistrust between principals only, not a domain that we do not trust

4 Review of DLM Policy { o: r 1, r 2, …, r n } denotes a policy where o is the owner and the r i ’s are the readers authorized to read the data annotated with this policy (o is not necessarily a reader) LUB operation on policies is simply the union of two policies { o 1 : r 1,…, r n } ⊔ { o 2 : s 1, …, s n } = {o 1 :r 1,…,r n ; o 2 : s 1, …, s n } { o 1 : r 1,…, r n } ⊔ { o 2 : s 1, …, s n } = {o 1 :r 1,…,r n ; o 2 : s 1, …, s n }

5 DLM Declassification Suppose a principal A is acting with authority L A. Then A can declassify data with L 2 to label L 1 if the following condition holds: L 1 ⊑ L 2 ⊔ L A

6 Dynamic Operations (DLM) In general, we don’t know what the labels of the data are Operations involving dynamic labels must be checked dynamically Declassification Declassification Read Access Read Access If a program type-checks then it contains the proper dynamic checks

7 Example

8 Extending the Model (Chothia et. al.) DLM says nothing about encryption What properties of cryptography do we care about? Private keys are only given to authorized users through an unspecified PKI Private keys are only given to authorized users through an unspecified PKI Ciphertext can safely be made public Ciphertext can safely be made public A user who wishes to share encrypted data can do so by sharing his private key A user who wishes to share encrypted data can do so by sharing his private key All three are modeled in the type system introduced

9 Policies Mean the same thing as in DLM In DLM, policies are expressed at the type level, now we introduce another level of abstraction and work at the Kind level Kinds are ‘types’ for Types in the same way that Types classify values

10 Kinds Three classes of Kinds Principals Principals Types Types EKey F (P : P 1, P 2, …, P n ) EKey F (P : P 1, P 2, …, P n ) The label inside the EKey constructor means exactly what it did before The F tag on the encryption key indicates whether the key is virtual (only used for specifying policy) or actual (has a corresponding cryptographic key)

11 Types K is a key name, which has kind EKey F (P : P 1, P 2, …, P n ) K is a key name, which has kind EKey F (P : P 1, P 2, …, P n ) An encryption key a + has type [EncKey(K)] RW. This type has kind Type A decryption key a - has type [DecKey(K)] RW Principle names P are types having kind Prin Primitive types (int, etc.) having kind Type

12

13 How can a user share a key? Central Question: “ Should it be possible to declassify encrypted data, making it available to principals that did not have access to It beforehand without having toe decrypt the data, declassify it, and then re-encrypt under another key?” If no, then a simple treatment suffices If yes (paper’s answer) things are more complex

14 Declassification Certificates Allow a principal to issue a certificate giving another principal access to data encrypted with a particular key If we do things the wrong way: Principal P wants access to data it doesn’t have permission to read Principal P wants access to data it doesn’t have permission to read The data may be encrypted with the a key that it has a declassification certificate for The data may be encrypted with the a key that it has a declassification certificate for It can just declassify the data and gain access! It can just declassify the data and gain access! The problem is that when we decrypted we forgot about the constraints on the original data

15 Resolution using Kinds Since we now have access control information in the Kinds we insist on two conditions To encrypt a value with secrecy label K 1,...,K n where K i : EKey F (P i : P i1, P i2, …, P in ) we must have n encryption keys where the type of the i th encryption key is [EncKey(K i )] ri wi To encrypt a value with secrecy label K 1,...,K n where K i : EKey F (P i : P i1, P i2, …, P in ) we must have n encryption keys where the type of the i th encryption key is [EncKey(K i )] ri wi

16 Contd. When we decrypt we must have declassification certificates [K i ’ reclassifies K i ] r’i w’i When we decrypt we must have declassification certificates [K i ’ reclassifies K i ] r’i w’i Decrypting the data with this key gives us data that can only be read by those authorized in all of the K i ’ Decrypting the data with this key gives us data that can only be read by those authorized in all of the K i ’

17 Kinds and Key Distribution Kinds also enforce the semantics of having a private key selectively distributed Suppose a key name K is of Kind EKey F (P : P 1, P 2,…,P n ) We forbid constructing a private key where there is a reader not on the access list in the Kind, for example [EncKey(K)] RW where R = EncKey(P: Q) and Q isn’t one of the P i ’s We forbid constructing a private key where there is a reader not on the access list in the Kind, for example [EncKey(K)] RW where R = EncKey(P: Q) and Q isn’t one of the P i ’s

18 Kinds and Declassification of Ciphertext The Kind of the decryption key already constrains who may see the output, so we can essentially give the ciphertext any read permissions we want

19 What it actually does A soundness lemma is proved that implies that no dynamic checks are needed This seems to imply that the system is completely static This seems to imply that the system is completely static You would need to recompile whenever your labels changed You would need to recompile whenever your labels changed

20 Kinds Lack of dynamic control seems undesirable Possibly a consequence of the use of Kinds Possibly a consequence of the use of Kinds In DLM principals are at the value level In DLM principals are at the value level Thus their types can be checked against those of files and other types not known statically Thus their types can be checked against those of files and other types not known statically Not clear how to do this here

Download ppt "Type-Based Distributed Access Control Tom Chothia, Dominic Duggan, and Jan Vitek Presented by Morgan Kleene."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Completeness and Expressiveness

Completeness and Expressiveness
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Operating System Security

Operating System Security
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.

Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Hybrid Signcryption with Insider Security Alexander W. Dent.

Hybrid Signcryption with Insider Security Alexander W. Dent.
Copyright © Cengage Learning. All rights reserved.

Copyright © Cengage Learning. All rights reserved.
F22H1 Logic and Proof Week 7 Clausal Form and Resolution.

F22H1 Logic and Proof Week 7 Clausal Form and Resolution.
1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.

1 The RSA Algorithm Supplementary Notes Prepared by Raymond Wong Presented by Raymond Wong.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Information Flow, Security and Programming Languages Steve Steve Zdancewic.

Information Flow, Security and Programming Languages Steve Steve Zdancewic.
Chapter 7: Relational Database Design. ©Silberschatz, Korth and Sudarshan7.2Database System Concepts Chapter 7: Relational Database Design First Normal.

Chapter 7: Relational Database Design. ©Silberschatz, Korth and Sudarshan7.2Database System Concepts Chapter 7: Relational Database Design First Normal.
1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.

1 Enforcing Confidentiality in Low-level Programs Andrew Myers Cornell University.
Decentralized Robustness Stephen Chong Andrew C. Myers Cornell University CSFW 19 July 6 th 2006.

Decentralized Robustness Stephen Chong Andrew C. Myers Cornell University CSFW 19 July 6 th 2006.

Similar presentations

Ads by Google