Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 1 Integrating Policy with Applications.

Published byRoderick Nichols Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 1 Integrating Policy with Applications."— Presentation transcript:

1 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 1 Integrating Policy with Applications and Distributed System Services B. Clifford Neuman University of Southern California Information Sciences Institute

2 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 2 Today’s security deployment v Most of the deployment of security services today handles the easy stuff, implementing security at a single point in the network, or at a single layer in the protocol stack: –Firewalls, VPN’s –IPSec –SSL v Unfortunately, security isn’t that easy. It must be better integrated with the application. –At the level at which it must ultimately be specified, security policies pertain to application level objects, and identify application level entities (users).

3 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 3 Conclusion: Integration is hard to do v The majority of applications were not being modified to use security services. –In fact, the only widespread interoperable integration of security services with applications was SSL integration with the web, and SSL is used primarily as a confidentiality mechanism and only rarely for user authentication. v The reason –Integration with applications involved many changes: u Multiple calls to GSS-API or other authentication interfaces u Calls to decide what the user is authorized to do –Home grown policy databases or protocol extensions requiring even more calls to complete. u Custom integration with other security services –Confidentiality, integrity, payment, audit

4 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 4 Our focus for integration v We chose to focus on authorization and the management of policies used in the authorization decision. –Not really new - this is a reference monitor. –Applications shouldn’t care about authentication or identity. u Separate policy from mechanism –Authorization may be easier to integrate with applications. –Hide the calls to the key management and authentication functions.

5 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 5 Generic Authorization and Access-control API Allows applications to use the security infrastructure to implement security policies. gaa_get_object_eacl function called before other GAA API routines which require a handle to object EACL to identify EACLs on which to operate. Can interpret existing policy databases. gaa_check_authorization function tells application whether requested operation is authorized, or if additional application specific checks are required Application GAA API input output gaa_get_ object_eacl gaa_check_ authorization Yes,no,maybe SC,obj_id,op

6 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 6 Extended Access Control Lists Conventional ACLs are extended with an optional field added to each ACL entry specifying restrictions on authorized rights. An EACL consists of a set of EACL entries. Each entry represents access control policies associated with a particular subject. Subject may be a principal or group of principals. Each entry specifies rights & conditions on those rights. subjects access rights conditions

7 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 7 Specification of Conditions A condition is interpreted according to its type. Conditions can be categorized as generic (interpreted by GAA API) or specific (interpreted by the application). Conditions in credentials combined with local policy. type : value [, type : value ] time_window : Monday-Friday, sec_mech : Kerberos.V5 connection_sec: Conf,Integ,128 interpreter : PM, PM policies

8 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 8 Credential transport (needed) The GAA-API gets user & connection info from Security Context: Evaluated and unevaluated credentials Delegated authority Cross-calls to transport to retrieve additional creds The security context is provided as: –Output from GSS-API (requires many calls) –Credentials from transport or session protocols – SSL, ARDP – Other extensions are needed: –IPSec, pulled from Kernel, other extensions

9 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 9 Evaluation of credentials POLICY gaa_get_object_eacl gaa_check_authorization GAA API App EACL... GAA API Security Context GSS-API LIBRARY Transport Mechanism 23 14 4a 6a 5 6 7 5a 6b

10 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 10 Integrating security services The GAA-API calls must be made by applications. –This is a major undertaking, but one which must be done no matter how one chooses to do authorization. These calls are at the control points in the app –They occur at auditable events, and this is where records should be generated for ID systems –They occur at the places where one needs to consider dynamic network threat conditions. –Adaptive policies use such information from ID systems. –They occur at the right point for billable events.

11 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 11 Electronic commerce Some authorization policies do not require user authentication at all - just that an item is paid for. –Policy specifies required payment. –Cross call to credential transport retrieves payment credentials and grants access. –If application used GAA-API, no change to the application is necessary, simply specify the payment policy instead of a more traditional identity based policy. – To enable market based resource allocation –Set policies that require payment for consumption of system resources and allocate quota to processes for expected levels of use.

12 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 12 DEFCN objectives v Allow definition of information and resource access policies that adapt to network and situational threat conditions. v Enable intrusion detection and auditing mechanisms to adapt recorded detail based on suspicion and threat conditions. v Simplify integration of fine grained access control and related security services with applications.

13 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 13 SECURITY AUDIT RECORDS ID and Audit relation to GAA-API THREAT CONDITION UNDER ATTACK POLICY gaa_get_object_eacl gaa_check_authorization GAA API App EACL... GAA API Security Context GSS-API LIBRARY Transport Mechanism 2314 4a 6a 5 6 7 5a 6b

14 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 14 Application based ID Without the GAA-API –Convince each application developer to add calls to audit functions in addition to all the other security calls they make (good luck). Of course it needs to do authentication too. With the GAA-API –Get developers to use the GAA for authorization decisions instead of making multiple calls to implement their own authorization database. –Create module for GAA implementation that generates audit records according to policy. –Write policy (inc. adaptive or credential based) that says when to generate audit records.

15 Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 15 Summary v Integration of Security Services at the Application Layer –Applied to application level objects –Credential transport integrated at lower layers v Conditional and extensible policies -EACLs –Most extensions do not require application cognizance –Simplification of policy representation v Can integrate many security mechanisms –Authorization and payment –Audit and Intrusion Detection –Quality of protection constraints

Download ppt "Copyright © 1995-2000 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September 2000 1 Integrating Policy with Applications."

Similar presentations

Building Secure Mashups D. K. Smetters PARC Usable.

Building Secure Mashups D. K. Smetters PARC Usable.
Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.

SCENARIO Suppose the presenter wants the students to access a file Supply Credenti -als Grant Access Is it efficient? How can we make this negotiation.
Access Control Methodologies

Access Control Methodologies
Lesson 17: Configuring Security Policies

Lesson 17: Configuring Security Policies
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci555: Advanced Operating Systems Lecture.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Copyright © 1995-2006 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 10, 11 –

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CS582: Distributed Systems Lecture 10, 11 –
Copyright © 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Copyright © 1995-2007 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Similar presentations

Ads by Google