Professional Documents
Culture Documents
Aim, e-.lain and illustrate attribute-based security systems as an alternative to /classic0 access control and encry.tion Such systems
Im.rove mana1ement and formali2ation 3nable ne4 middle4are and a..lications
AB) &once.t
AB) sends email to .arties described in terms of a collection of attributes. Similar to a listserv" but reci.ients are determined dynamically usin1 one or more enter.rise databases An AB) address is a database 8uery. 3-, female 1rad students in en1ineerin1 4ho have .assed their 8ualifyin1 e-ams
Advanta1es
Efficiency, .eo.le 4ho do not need an email do not receive it
3-, all of the faculty on sabbatical
@esi1n &hallen1es
Access Control, on 4hat attributes should a .arty be allo4ed to route:
3-, All faculty 4ho ma!e more than ;<=>">>>?year
Encryption, if the senders do not !no4 their s.ecific reci.ients" ho4 can they encry.t endto-end: Privacy, 4hat should the sender and reci.ient be allo4ed to learn:
3fficiency of
Access control decisions 3ncry.tion and !ey 1eneration
A..roach
Attribute-Based Access &ontrol 5ABA&6 for access decisions
/+olicy s.eciali2ation0 .rovides attributes that can be used for routin1
&om.arison
(o4 does /attribute-based0 security differ from other a..roaches: Access &ontrol Cists 5A&Cs6 and ca.abilities. ole-Based Access &ontrol 5 BA&6
A role is a bundle of .rivile1es Activate a role 4ithin a session to .erform a tas! ole hierarchies aid role definitions )ust establish and mana1e roles
@atabase
eflective Access +olicy
A&C
ABA&
)any established ideas for ho4 to use attributes in A&
F.=>E attribute certificates Attributes in dynamic to!ens as in Shibboleth )uch im.licit use in a..lication servers
@BA& desi1n6
ABA& in +ractice
Established Under Investigation
)ulti-Cevel Security 5)CS6 for military a..lications F.=>E attribute certificates Attributes in dynamic to!ens as in Shibboleth )uch im.licit use in a..lication servers
Attribute-based ACMs rust negotiation ransaction !atalog "used in our #!$AC design%
AB3
&i.herte-t +olicy AB3 5&+-AB36 Attributes are re.resented as strin1s
Ay.es are boolean" enumerated" and numerical ran1e
Attribute Authority 5AA6 issues individual .rivate !eys for attributes of each user 3ncry.t usin1 /access structure0 and .ublic .arameters for attributes of readers +rotects a1ainst collusion
AB) Addresses
Addresses are dis*unctive normal forms Citerals assert e8ualities or ine8ualities 3-, 55+osition G $aculty6 and 5Salary H <=>>>>66 @efines
delivery .olicy
Any address can be formed 4ith allo4ed attributes Ahe sendin1 rules collectively define the
AB) 3ncry.tion
AA issues !eys usin1 the enter.rise database
Ahe /$aculty0 attribute has a !ey #ne attribute is for e-.iry
encry.tion .olicy
AB) Server
User
Web Server
@atabase
<6
+rotocol Ste.s
Ahe .rotocols for the AB) system are 1iven in terms of three /.aths0 +olicy s.eciali2ation .ath )essa1in1 and address resolution .ath Attribute !eyin1 .ath
+@+
+S< +S7 +S4 +S3
Authentication Sender +olicy S.eciali2ation 5+S6 +ath, Server <. Authenticate User
7. 3. 4. =. 6. 7. User Info. 5I@6 User Info. 5I@6 User Attributes User I@ and Attributes outable Attributes outable Attributes
AB) Server
@atabase
eceivers
)S4 )S3
A <
+@+
)S7 )S<
A 4
A 3
)AA Messaging "M&% Path' <. Send 5AB)6 messa1e 5S)A+6 Sender 7. Botify AB) (ost 3. eceive 5AB)6 messa1es 5S)A+6 4. Send resolved messa1es Address #esolution "A#% Path' =. User I@ and Authori2ation 6. +olicy @ecision 7. AB) Address
AB) Server
@atabase
)AA @atabase
A%3
eceiver
A%4 A%7 Attribute Keying "AK% Path' <. User Info. 5I@6 7. User Info. 5I@6 3. User Attributes 4. User Secret %ey =. @ecry.ted 3mail
A%<
AA
3fficiency Analysis
)easure costs on each .ath and try to estimate latencies for mid-si2e enter.rises )ust con*ecture the attributes and ty.es of .olicies that 4ill be used Im.lementation uses the &+-AB3 library JBethencourt Sahai Watters >7K.
elational @atabase @B Si2e 5Bo. of Users6 6>% 4=% 3>% <=% Av1 Cist Si2e 3=< 7E6 <6D 77 Address esolution Aime )ean E=L &onf. Interval 5ms6 With Access &ontrol 5<D>" 3=E6 5<=3" 3E=6 5<37" 7776 5E>" <766 Without Access &ontrol 5E7" 7376 5D7" 7636 564" <366 537" 466
F)C @atabase @B Si2e 5Bo. of Users6 6>% 4=% 3>% <=% Av1 Cist Si2e 7ED 46E 7E< <74 Address esolution Aime )ean E=L &onf. Interval 5ms6 With Access &ontrol 56<44" 7E646 53E7>" 47=>6 577D3" 376>6 573>7" 7D4E6 Without Access &ontrol 5=776" 73>66 53=DE" 44==6 57=E3" 3<=76 57>3D" 767D6
3ncry.tion Aime
Bumber of elational Citerals > > < Bumber of 38uality Citerals 7 3 4 = 6 >.>=s >.>7s >.>Es >.<7s >.<4s >.<7s 7 <.=3s <.==s <.=7s <.=Es <.6<s <.6=s <.66s 4 3.>>s 3.>=s 3.>Ds 3.>Es 3.<7s 3.<6s 3.<7s 6 4.4Es 4.=6s 4.=6s 4.6>s 4.6<s 4.64s 4.63s
AA Scalability
Windo4 of Mulnerability
3nforcement of .olicies
S?)I)3 to authenticate sender to AB) server Mulnerability 4indo4s, could let delivery be a subset of encry.tion
+rivacy
What should senders and receivers !no4:
elated Wor!
Attribute-Based Addressin1 for &ustomer elation )ana1ement J(offmann (urley EEK ole-Based )essa1in1 J&had4ic! et al >4K ABA& for trust mana1ement and credentialbased access control AB3 for im.osin1 access controls on e-ternal systems
ABA& for SS feeds a..lied to &@& health alerts eflective @atabase &ontrol 5 @BA&6 a..lied to access control for hos.ital information systems &om.ilin1 FA&)C .olicies for @BA& JNahid'(#<< K 'oo1le /Attribute Based Security and )essa1in10 for more htt. ,??seclab.illinois.edu?4eb?.ro*ects?6<-attribute-based-me
&onclusions
3mail messa1in1 based on attributes collected from an enter.rise database is feasible and de.loyable for mid-si2e enter.rises. Access control .olicies and encry.tion are mana1eable usin1 attribute-based security mechanisms. Inter-enter.rise AB) 4ill 4or! best 4ith a multi-authority AB3 techni8ueO
@iscussions
@esi1n &hallen1es for Arinity ? (I3
Access control" encry.tion" .rivacy: