A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in

Multi-Domain Systems

MMM-ACNS, September 13, 2007

Manoj Sastry, Ram Krishnan, Ravi Sandhu

Intel Corporation, USA

George Mason University, USA

University of Texas, San Antonio, USA

2

Copyright © Intel Corporation, 2007

Outline• Introduction

• Usage Scenario

• Characteristics of Multi-Domain Interactions

• Concept of Dynamic Attributes

• UCON Background

• EUCON Model & Components

• Summary

3


Introduction• Emergence of mobile devices & ubiquitous n/w

– Anytime, Anywhere connectivity

•Mobility causes users to transcend domains

• Traditional ABAC unsuitable for dynamic env– Attributes pre-defined– Extensive a-priori agreement of attribute semantics

• New paradigm for modeling access control– Dynamic & Multi-domain interactions

4


Usage Scenario

• Alice makes a purchase of $100 at Coffee Shop

• Coffee Shop provides a $10 ‘credit’ to Alice

• Credit usable at multiple stores

• Later, Alice uses ‘credit’ to purchase a book at Book Store

CoffeeShop (CS)

BookShop (BS)

Purchase

Credit Credit

Alice

5


Characteristics of Multi-Domain Interactions• Subjects/Objects interact with multiple systems

– E.g., Alice interacts with Coffee Shop & Book Store

• Information is dynamic & transcends systems– E.g., Alice acquired a ‘credit’ at Coffee Shop & used it

to buy a book at the Book Store

• Prior agreement of semantics not desirable– E.g., Coffee Shop issues ‘credit’ to Alice that has to

be interpreted by Book Store at authorization time; next day, Coffee Shop may issue ‘coupon’

Multi-Domain Attrib

utes

Dynamic Attributes

6


Concept of Dynamic Attributes• Not pre-defined attributes

• Not attributes whose value is dynamic

• New-born attributes with new name-value pairs

• E.g., ‘Credit’ was dynamically created by Coffee Shop; Book Store needs to interpret the semantics when Alice uses it to buy a book

7


Usage Control Model (UCON) Background

Proposed extensions to UCON -> EUCON

8


Classification of EUCON Attributes

• Classification based on two factors– Time of attribute definition•Pre-defined Attributes•Dynamic Attributes

– Scope of attribute definition•Local Attributes•Multi-Domain Attributes

9


EUCON Attributes: PLA, PMA, DLA• Pre-Defined Local Attributes (PLA)– Same as current notion of attributes in attribute-

based access control models such as UCON

• Pre-Defined Multi-Domain Attributes (PMA)– A-priori agreement of attribute semantics across

multiple domains

• Dynamic Local Attributes (DLA)– Dynamically created but interpretable within same

domain– E.g., Coffee Shop could create an attribute ‘discount’

that is usable at a later date at the same store

10


EUCON Attributes: DMA• Dynamic Multi-Domain Attributes (DMA)

– New approach to model emerging usage scenarios– Attributes created on the fly and interpretable in

multiple domains at authorization time– Subject & Object Attributes can be DMA•E.g., ‘Credit’ is a new-born subject (Alice) attribute created by the Coffee Shop. Book Store interacts with CS at run time when Alice uses it to purchase a book•E.g., Alice checks in with airport security and the objects she carries gets a DMA “cleared=true”. Alice uses this DMA at the airline system to board

11


EUCON Authorizations• Rules based on subject and object attributes

• Pre-defined Local Authorization– Current UCON authorization

• Pre-defined Multi-Domain Authorization– Current authorization methods for multi-domain

• Dynamic Local Authorization– Construction of rules based on DLA

• Dynamic Multi-Domain Authorization– Construction of dynamic authorization rules by interpreting DMA– E.g., Book Store interprets ‘credit’ at runtime and constructs

dynamic authorization rules

12


EUCON Obligations• Subject pre-req before access can be granted

– E.g., Alice agrees to a license before she can access whitepaper

• Pre-defined Local & Dynamic Obligations– Obligations on local & dynamic attributes

• Pre-defined Multi-Domain Obligations– Obligations interpretable across multiple domains

• Dynamic Multi-Domain Obligations– Obligations on DMA– Defined dynamically and interpreted at multiple domains– E.g., Before Alice can use ‘credit’ at Book Store, she is

obligated to engage in a transaction with another Coffee Shop within the Book Store

13


EUCON Conditions• System factors held before access granted

• Dynamic Multi-Domain Conditions– Conditions on DMA interpretable at multiple domains– E.g., Book Store could dynamically discover a

condition on using ‘credit’ such that current ‘credit’ usage on all Coffee Shop systems is not > $1000

14


Extended UCON (EUCON)

15


Summary

Emergence of mobile & dynamic apps

Users transcend domains in mobile env.

Current access control models unsuitable

New paradigm for dynamic, multi-domain

Proposed extensions to UCON - EUCON

16


Thank You!

BACKUP

18


Related Work• Damiani, Vimercati & Samarati identify reqs

– Similar to our requirements for a mobile env.– Survey extensions proposed for other models;

however, our concept of DMA is different

• Covington & Sastry have proposed CABAC– Authorization policies based entirely on attributes– Transaction attributes defined in this work is similar

to our pre-defined multi-domain attributes

19


Background: Continuity & Mutability

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

Documents

dynamic newborn attributes

book slide

copyright intel corporation

book store slide

coffee shop coffee shop

current notion of attributes

ucon eucon slide

coffee shop systems