type based distributed access control
DESCRIPTION
Type Based Distributed Access Control. Dominic Duggan Stevens Institute of Technology Joint work with Tom Chothia (Stevens) and Jan Vitek (Purdue). Motivation. Our aim is to use types to place conditions on how data may be distributed. Consider a computer with public and private data:. - PowerPoint PPT PresentationTRANSCRIPT
October 2, 2003October 2, 2003 D. DugganD. Duggan 11
Type Based Type Based Distributed Access Distributed Access
Control Control Dominic DugganDominic Duggan
Stevens Institute of TechnologyStevens Institute of Technology
Joint work with Tom Chothia (Stevens) Joint work with Tom Chothia (Stevens) and Jan Vitek (Purdue) and Jan Vitek (Purdue)
October 2, 2003October 2, 2003 D. DugganD. Duggan 22
MotivationMotivation
Our aim is to use types to place conditions Our aim is to use types to place conditions on how data may be distributed.on how data may be distributed.
Consider a computer with public and Consider a computer with public and private data:private data:
October 2, 2003October 2, 2003 D. DugganD. Duggan 33
Talk outlineTalk outline
Review: Decentralized Label Model Review: Decentralized Label Model (DLM)(DLM)– Local Access ControlLocal Access Control
Key Based Decentralized Label Model Key Based Decentralized Label Model (KDLM)(KDLM)– Distributed Access Control and CryptographyDistributed Access Control and Cryptography
Formal SemanticsFormal Semantics Jeddak: A Language with Distributed Jeddak: A Language with Distributed
Access ControlAccess Control Conclusions and Further WorkConclusions and Further Work
October 2, 2003October 2, 2003 D. DugganD. Duggan 44
Local Access ControlLocal Access Control
Local Access Control Local Access Control restricts access to restricts access to data.data.
Any read or write Any read or write attempts are attempts are dynamically checked.dynamically checked.
There are no There are no restrictions on restrictions on authorized copies of authorized copies of data.data.
October 2, 2003October 2, 2003 D. DugganD. Duggan 55
Decentralized Label Model Decentralized Label Model (DLM)(DLM)
Program variable Program variable xx– Has Has typetype intint– Has Has labellabel with policies with policies
Bob : {bob, jane, mike}Bob : {bob, jane, mike} Mary : {bob, jane, mary}Mary : {bob, jane, mary}
– Is accessible by Is accessible by bobbob and and janejane– Access control checked by type Access control checked by type
checkingchecking
October 2, 2003October 2, 2003 D. DugganD. Duggan 66
DLMDLM
Data is protected by its Data is protected by its type.type.
Each attempt to copy data Each attempt to copy data is statically checked at is statically checked at compile time.compile time.
Copies of data have the Copies of data have the same type and hence the same type and hence the same protection.same protection.
Data sent outside the type Data sent outside the type checked area is no longer checked area is no longer protected.protected.
October 2, 2003October 2, 2003 D. DugganD. Duggan 77
Declassification in the DLMDeclassification in the DLM Data has type {L1, L2, L3} Data has type {L1, L2, L3}
int int
L1 = bob : { bob, jane }L1 = bob : { bob, jane }
L2 = mary : { bob, jane, L2 = mary : { bob, jane, mary }mary }
L3 = jane : { jane, tim}L3 = jane : { jane, tim}
Only Jane can access dataOnly Jane can access data
L3 L3 jane : { jane, tim, bob} jane : { jane, tim, bob}
Now Jane and Bob can Now Jane and Bob can access the dataaccess the data
October 2, 2003October 2, 2003 D. DugganD. Duggan 88
Talk outlineTalk outline
Review: Decentralized Label Model Review: Decentralized Label Model (DLM)(DLM)– Local Access ControlLocal Access Control
Key Based Decentralized Label Model Key Based Decentralized Label Model (KDLM)(KDLM)– Distributed Access Control and CryptographyDistributed Access Control and Cryptography
Formal SemanticsFormal Semantics Jeddak: A Language with Distributed Jeddak: A Language with Distributed
Access ControlAccess Control Conclusions and Further WorkConclusions and Further Work
October 2, 2003October 2, 2003 D. DugganD. Duggan 99
ProtocolCommunication
CommunicationSecurity
Minimize the Minimize the Trusted Computing Base Trusted Computing Base
Network
Application
Communication
Network
Application
CommunicationSecurity
DLM KDLM
October 2, 2003October 2, 2003 D. DugganD. Duggan 1010
KDLMKDLM As with the DLM data is As with the DLM data is
protected by its type.protected by its type.
But the data can also be But the data can also be protected by encryption.protected by encryption.
Encryption protects data Encryption protects data leaving the trusted area.leaving the trusted area.
Keys are protected in Keys are protected in the same way as data.the same way as data.
October 2, 2003October 2, 2003 D. DugganD. Duggan 1111
KDLMKDLMAlice Bob
Eve
October 2, 2003October 2, 2003 D. DugganD. Duggan 1212
KDLM: Connecting Keys KDLM: Connecting Keys and Access Restrictionsand Access Restrictions
Key namesKey names have policies (ACLs) have policies (ACLs)– KK has policy: has policy: Joe : {Jane, Mike, Sam}Joe : {Jane, Mike, Sam}– Public-private key pair for key namePublic-private key pair for key name– Private key protected by access Private key protected by access
restrictionsrestrictions
LabelsLabels are sets of key names are sets of key names– Access restricted to intersection of Access restricted to intersection of
policies (ACLs)policies (ACLs)
October 2, 2003October 2, 2003 D. DugganD. Duggan 1313
KDLM: Declassifying KDLM: Declassifying Encrypted DataEncrypted Data
Alice Bob
BA
B A
A
October 2, 2003October 2, 2003 D. DugganD. Duggan 1414
K3 has policyK3 has policy jane : {jane } jane : {jane }K2 has policy:K2 has policy:
mary : {bob,jane,mary}mary : {bob,jane,mary}Declassification in the KDLMDeclassification in the KDLMJane creates certificate for Jane creates certificate for Bob: Bob: K1 declassifies K3K1 declassifies K3
K1 has policy:K1 has policy: bob : {bob, jane bob : {bob, jane}}
Jane
{K1, K2, K3} Encrypted(int)
K1
Bob
Mary
K1 K2
K2
K2 K3
K1 K3
October 2, 2003October 2, 2003 D. DugganD. Duggan 1515
Declassification CertificatesDeclassification Certificates
Key & Policy: Key & Policy: K : skey[ bob : {mary,sam,bob} ]
Label: Label: {{K1, , K2, … ,, … ,Kn}}
Labelled Type: Labelled Type: TT {K1, K2, …,Kn}{K1, K2, …,Kn}
Declassification Cert Types: Declassification Cert Types: K1 declassifies declassifies K2 K1K2
October 2, 2003October 2, 2003 D. DugganD. Duggan 1616
Talk outlineTalk outline
Review: Decentralized Label Model Review: Decentralized Label Model (DLM)(DLM)– Local Access ControlLocal Access Control
Key Based Decentralized Label Model Key Based Decentralized Label Model (KDLM)(KDLM)– Distributed Access Control and CryptographyDistributed Access Control and Cryptography
Formal SemanticsFormal Semantics Jeddak: A Language with Distributed Jeddak: A Language with Distributed
Access ControlAccess Control Conclusions and Further WorkConclusions and Further Work
October 2, 2003October 2, 2003 D. DugganD. Duggan 1717
Kinds, Types, LabelsKinds, Types, Labels
Arities, KindsArities, Kinds
A ::= PrinA ::= Prin
A ::= SKeyA ::= SKeyFF[P:{P[P:{P11…P…Pk}k}]]
A ::= IKeyA ::= IKeyFF[P:{P[P:{P11…P…Pkk}]}]
A::= TypeA::= Type
FlagsFlags
F ::= VirtualF ::= Virtual
F ::= ActualF ::= Actual
Key names, Principals, TypesKey names, Principals, Types
K,P,T ::= k, p, tK,P,T ::= k, p, t
K,P,T ::= DecKeyK,P,T ::= DecKeyKKK,P,T ::= EncKeyK,P,T ::= EncKeyKKK,P,T ::= AuthKeyK,P,T ::= AuthKeyKKK,P,T ::= SignKeyK,P,T ::= SignKeyKK
K,P,T ::= KK,P,T ::= K11 reclassifies K reclassifies K22
K,P,T ::= E{LT}K,P,T ::= E{LT}
K,P,T ::= S{LT}K,P,T ::= S{LT}
K,P,T ::= ChanK,P,T ::= ChanLTLTK,P,T ::= K,P,T ::= t:At:A LT LT
L ::= {KL ::= {K11,…,K,…,Kmm}}
LT ::= [T]LT ::= [T]L1,L2L1,L2
October 2, 2003October 2, 2003 D. DugganD. Duggan 1818
ExpressionsExpressionsE ::= newKey E ::= newKey k:Ak:A {e} {e}E ::= newKey E ::= newKey k:Ak:A
(a(a++:LT:LT11, a, a--:LT:LT22) ) {e}{e}
E ::= reclassifyCertE ::= reclassifyCertK1,K2K1,K2()()E ::= reclassifyCertE ::= reclassifyCertK1,K2K1,K2(e)(e)E ::= chainE ::= chainK1,K2,K3K1,K2,K3(e(e11,e,e22))
E ::= encryptE ::= encryptKK(e(e11,….,e,….,ekk,e),e)E ::= decryptE ::= decryptK1,K2K1,K2(e(e11,…,e,…,ekk,e),e)E ::= signE ::= signK1,K2K1,K2(e(e11,…,e,…,ekk,e),e)E ::= authE ::= authKK(e(e11,…,e,…,ekk,e),e)
E ::= x, y, z, wE ::= x, y, z, wE ::= a, b, c, nE ::= a, b, c, n
E ::= new(n:LT){e}E ::= new(n:LT){e}E ::= fork{e}E ::= fork{e}E ::= send(eE ::= send(e11,e,e22))E ::= receive(a)E ::= receive(a)
E ::= reclassifyE ::= reclassifyK1,K2K1,K2(e(e11,e,e22))E ::= packE ::= packt:At:ALTLT(K,e)(K,e)E ::= unpack eE ::= unpack e11 to to
k:Ak:A(x:LT){e(x:LT){e22}}
Types, Principals, Key Types, Principals, Key NamesNames
type
int
3
prin
P
skey[P:{P1…Pk}]
encKeyK
decKeyK
k+ k-
K
October 2, 2003October 2, 2003 D. DugganD. Duggan 2020
Key NamesKey Names
Basically names of policies P:{PBasically names of policies P:{P11,…,P,…,Pkk}}
Exist at the type levelExist at the type level
May be:May be:– ActualActual, i.e., associated public-private key , i.e., associated public-private key
pair at run-timepair at run-time– VirtualVirtual, i.e., only compile-time, i.e., only compile-time
October 2, 2003October 2, 2003 D. DugganD. Duggan 2121
Why Key-Based DLM?Why Key-Based DLM? Suppose we added reclassification certs to DLMSuppose we added reclassification certs to DLM
ee11 has label {Joe:{Mary,Sue}} has label {Joe:{Mary,Sue}}
ee22 has label {Joe:{Mary,Sue}} has label {Joe:{Mary,Sue}}
Joe can declassify eJoe can declassify e11’s label:’s label:declassify ({Joe:{Mary,Sue,Sam}}, edeclassify ({Joe:{Mary,Sue,Sam}}, e11))
Suppose Joe issues certificate:Suppose Joe issues certificate:Joe:{Mary,Sue,Sam} declassifies Joes:{Mary,Sue}Joe:{Mary,Sue,Sam} declassifies Joes:{Mary,Sue}
Then eThen e22 can also be declassified! can also be declassified!
October 2, 2003October 2, 2003 D. DugganD. Duggan 2222
Why Key-Based DLM?Why Key-Based DLM? Some form of structural Some form of structural
equivalence/inclusion on labels is still neededequivalence/inclusion on labels is still needed
ee11 has label L has label L11
ee22 has label L has label L22
e ? ee ? e11 : e : e22 has label L has label L11 L L22
Who would own result label if it was named?Who would own result label if it was named?
October 2, 2003October 2, 2003 D. DugganD. Duggan 2323
Talk outlineTalk outline
Review: Decentralized Label Model Review: Decentralized Label Model (DLM)(DLM)– Local Access ControlLocal Access Control
Key Based Decentralized Label Model Key Based Decentralized Label Model (KDLM)(KDLM)– Distributed Access Control and CryptographyDistributed Access Control and Cryptography
Formal SemanticsFormal Semantics Jeddak: A Language with Distributed Jeddak: A Language with Distributed
Access ControlAccess Control Conclusions and Further WorkConclusions and Further Work
October 2, 2003October 2, 2003 D. DugganD. Duggan 2424
JeddakJeddak
Extends Java withExtends Java with– PrincipalsPrincipals– Key namesKey names– Labels and policiesLabels and policies
October 2, 2003October 2, 2003 D. DugganD. Duggan 2525
Talk outlineTalk outline
Review: Decentralized Label Model Review: Decentralized Label Model (DLM)(DLM)– Local Access ControlLocal Access Control
Key Based Decentralized Label Model Key Based Decentralized Label Model (KDLM)(KDLM)– Distributed Access Control and CryptographyDistributed Access Control and Cryptography
Formal SemanticsFormal Semantics Jeddak: A Language with Distributed Jeddak: A Language with Distributed
Access ControlAccess Control Conclusions and Further WorkConclusions and Further Work
October 2, 2003October 2, 2003 D. DugganD. Duggan 2626
SummarySummary
KDLM for Distributed Access ControlKDLM for Distributed Access Control
Benefit of Type-Based Approach: Benefit of Type-Based Approach: Access Checking at compile-timeAccess Checking at compile-time
– Lightweight access control for Lightweight access control for accountable systemsaccountable systems
– Extended to “compile-time” cryptoExtended to “compile-time” crypto
October 2, 2003October 2, 2003 D. DugganD. Duggan 2727
Related WorkRelated Work Information flow and type systemsInformation flow and type systems
– DenningDenning– Volpano and SmithVolpano and Smith– Pottier (Flow Caml)Pottier (Flow Caml)
Information flow and access controlInformation flow and access control– StoughtonStoughton– Heintze and Riecke, Heintze and Riecke, – Myers, Liskov (DLM)Myers, Liskov (DLM)– Myers, Zdancewic (JIF)Myers, Zdancewic (JIF)– Banerjee and NaumannBanerjee and Naumann
Types and security protocolsTypes and security protocols– AbadiAbadi– Gordon and JeffreysGordon and Jeffreys– Pierce and LiPierce and Li– Duggan (Crypto Types)Duggan (Crypto Types)
October 2, 2003October 2, 2003 D. DugganD. Duggan 2828
Questions?Questions?