policy-based systems
DESCRIPTION
Policy-Based Systems. System Security. Previous lectures. We have discussed the 4 main models of access control: Discretionary Access Control (DAC) Mandatory Access Control (MAC) Bell- LaPadula for Confidentiality Biba for Integrity Role-based Access Control (RBAC) - PowerPoint PPT PresentationTRANSCRIPT
Policy-Based SystemsSystem Security
Previous lectures• We have discussed the 4 main models of access control:• Discretionary Access Control (DAC)• Mandatory Access Control (MAC)
• Bell-LaPadula for Confidentiality• Biba for Integrity
• Role-based Access Control (RBAC)• Usage Control (UCON)
Policy-based Access Control(P-bAC)• A policy is a rule governing the behaviour of a system.• In P-aBC, an authorization policy governs the access rights of
subjects over targets• targets and objects have the same meaning
P-bAC Advantages• Policies are specified independently of entities• Provide at a glance a coherent view of the access control in a
system• Give a neat separation between access control logic and the
enforcement mechanism
P-bAC Approaches• There are several approaches that use policies for access
control:• XACML• Ponder2• Policy Description Language (PDL)• REI• Firewall rules
Authorization Policies
subject, action, targetwhen condition then decision
• Subject: entity that wants to perform an action• Action: an operation on the resources (open, read, write, etc.)• Target: a resource on which a subject wants to operate• Condition: a Boolean expression to represent context• Decision: policy outcome (allow, deny, kill, ask, etc.)
Policy Enforcement Architecture
IETF - RFC 2753
Policy Enforcement Point (PEP)• The point where the policy decisions are actually enforced• PEP collects information about:• who the subject is• what action is going to execute• which target is going to be accessed
Example – Intercepting• I want to perform a read operation on foo• The PEP intercepts the action and creates a tuple (Andrew,
read, foo)• The PEP passes the tuple to the Policy Decision Point (PDP)
Example – Retrieving Policies• Once the PDP receives the tuple, it retrieves the relevant
policies from the PR matching the tuple
Example – Evaluating• Once the PDP receives the tuple, it retrieves the relevant
policies from the PR matching the tuple• Ask the PIP for the current time• Now the PDP is able to evaluate the policy• Because the condition part is true, the decision returned by
the policy is allow
Example – Enforcing• The PDP informs the PEP that the operation can be allowed• The PEP lets the operation being executed
Fine-grained control thru PEP• Traditionally access control mechanisms are concerned with
checking before the access takes place• A finer grained control can be achieved by placing multiple
Policy Enforcement Points (PEP) between the subject and target
Same Access Multiple PEPs
Distributed Enforcing
Policy Combination - I• Both policies matches the tuple from PEP• Both policies are valid when evaluated by the PDP• Which one should be applied?
Policy Combination - II• Both policies matches the tuple from PEP• Both policies are valid when evaluated by the PDP• Which one should be applied?
Conflict Resolution• A robust P-bAC system has to provide a conflict resolution
mechanism• The conflict resolution has to be performed at the PDP to
return a univocal decision to the PEP• Several conflict resolution techniques:• Policy order• Decision priority• Specificity of policy arguments• …
Ordered Conflict Resolution• The first policy that applies is used• In this case the PDP returns the decision deny• This mechanism is used in Firewall rules
Decision Priority Conflict Resolution• Requires a ordered decision set• In this case the PDP returns the decision allow
Most Specific Policy First• The policy with the most specific arguments takes priority• In this case the PDP returns allow• It might be used in combination with other resolution
strategies (e.g., when arguments have similar specificity)
Policy Engineering• A P-bAC mechanism is very flexible but when the number of
policies becomes too large it might be difficult to manage• Conflict resolution might help, but still is up to the security
admin to be able to manage the life cycle of policies
Questions?