Self-Adaptive Federated Authorisation Infrastructures

Self-Adaptive Federated Authorisation

InfrastructuresLionel Montrieux

C. Bailey, D. Chadwick, R. de Lemos, Self-adaptive federated authorization

infrastructures. JCSS, 2014

C. Bailey, L. Montrieux, R. de Lemos, Y. Yu, M. Wermelinger, Run-time generation, transformation, and

verification of access control models for self-protection.

SEAMS’14

L. Montrieux, C. Bailey, R. de Lemos, A. Bandara,

Engineering self-adaptive authorisation

infrastructures. Draft.

Part 1

I am Arthur, king of the Britons

None shall pass.

It’s just a scratch.

Just a flesh wound.

I’m invincible!!!

Let’s just call it a draw then.

Come on, Patsy.

–Sinclair et al, 2007

“We have been cited examples in which 50-90% of the

individuals with access to particular data store also

have legacy access to information that they no

longer need.”

Self-Adaptive Authorisation

–Cheng et al., 2009

“Self-adaptive systems are systems that are able to

modify their behaviour and/or structure in response changes that occur to the

system itself, its environment, or even its

goals.”

–Montrieux et al, draft

“Self-adaptive authorisation infrastructures refer to the run-time adaptation of the collection of authorisation

policies and their enforcement.”

–Bailey et al, 2014

“Federated authorisation infrastructures […] build

upon existing authorisation models […]. [They] provide the method through which large scale distributed access can be granted.”

Part 2

Overview

Target System

Target System

Identity Provider

Credential Issuing Policy

User Attribute Repository

Attributes

Identity Provider

Credential Validation Service

Credential Validation

Policy

Credentials

Service Provider

Policy Decision Point

Access Control Policy

ValidAttributes

Adaptive Layer

Adaptive Layer

Target System

ProbesEffectors

Monitor Triggers

SAAF Controller

Analyser SolutionsPlanner

Executor

Authorisation Infrastructure

ModelBehaviour Model

Architecture

Component

Component

Sub-component

Identity Provider Server


Authorisation Server


Service Provider Server

Roles/Attributes

Role/AttributeAdaptations

SAMLAssertion

SubjectAuthentication

Access Decision

AccessRequest

Subject AccessRequest

LDAP (Attribute Repository)

SimpleSAMLPHP: Identity ProviderAttributes


Authorisation Server

CVS PDP

PERMIS Standalone

SAAF Controller

AccessEvents

PolicyAdaptations

ResourcesResources

Policy EnforcementPoint

SimpleSAMLPHP:Service Provider

Resources

Service Provider Server

Planner Analyser

Behaviour Model


Model

Executor Asset MonitorBehaviour Gauges

Identity Provider

Authorisation Service

Rules &Attributes

Tailored Solutions

Plan

GetBehaviour

SetBehaviourRBAC/ABAC

Constructs

GetAttributes

ActivePolicies

AccessRequests/Decisions

AttributeAssignment

New Policies

Authorisation Model?

Attr3

Attr2

Attr1

Sub1

Sub2

Sub3

Sub4

IdP1

IdP2

Tgt1

Tgt2

Tgt3

Tgt4

Tgt5

Tgt6

Act1

Act2

Act3

Act4

Act5

CredentialValidationConstraints

Access ControlConstraints

Subject AttributeAssignments

Part 3

Initial Configuration

PERMIS AZ Policy<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList> <Role Type="permisRole" Value="Contractor"/> </RoleList> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment> <TargetAccess ID="ContractPayroll"> <RoleList> <Role type="permisRole" Value="Contractor"/> </RoleList> <TargetList> <TargetDomain ID="PayrollSystem"/> <AllowedAction ID="getEmpPayslip"/> <AllowedAction ID="runPayroll"/> </TargetList> </TargetAccess>

SAAF Behaviour<BehaviourPolicy> <BaseTrigger ID="bt1"> <Subject/> <Provider/> <Attribute type="permisRole">Contractor</Attribute> <Target>PayrollSystem</Target> <Action>getEmpPayslip</Action> <Rate> <Threshold>5</Threshold> <Interval>1</Interval> <TimeScale>min</TimeScale> </Rate> </BaseTrigger> <CompositeTrigger ID="ct1"> <BasedTriggerID>bt1</BasedTriggerID> <Rate> <Threshold>4</Threshold> <Interval>1</Interval> <TimeScale>day</TimeScale> </Rate> </CompositeTrigger> </BehaviourPolicy>

SAAF Solutions (1)<SolutionPolicy> <Solution> <Action> <Operation>removeSubjectAttribute</Operation> </Action> <TriggerID>bt1</TriggerID> <TriggerID>ct1</TriggerID> </Solution> <Solution> <Action> <Operation>removeAttributePermission</Operation> </Action> <Action> <Operation>buildPolicy</Operation> </Action> <Action> <Operation>activatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution>

SAAF Solutions (2) <Solution> <Action> <Operation>removeAttributeAssignment</Operation> </Action> <Action> <Operation>buildPolicyFile</Operation> </Action> <Action> <Operation>activatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution> <Solution> <Action> <Operation>deactivatePolicy</Operation> </Action> <TriggerID>ct1</TriggerID> </Solution> </SolutionPolicy>

Runtime Adaptation

bt1 ct1

AnalyserPlanner

Executor Monitor

Target System

bt1

S1

S1

S1

ct1

S1,S2,S3,S4

S2

S2

LDAP directory

PERMIS AZ Policy

<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList> <Role Type="permisRole" Value="Contractor"/> </RoleList> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment>

Before adaptation (excerpt)

PERMIS AZ Policy

<RoleAssignment ID="ContractorIdPAssignment"> <SubjectDomain ID="Contractor"/> <RoleList/> <Delegate Depth="0"/> <SOA ID="ContractIdP"/> <Validity/> </RoleAssignment>

After adaptation (excerpt)

Part 4

Validating Solutions

Verification

Analysis Planning

SAAF ControllerRBAC1RBAC2RBAC3

RBAC1RBAC2

RBAC

S1, S2, S3

RBAC1

isVerified

Model Validation

LDAP

PERMIS

RBAC

CONSTRAINTS

RBACDSML

rbacDSML MM

Constraint Verification (OCL)

constraint rbacDSML::Granted inv:self.rbacRole−>closure(parent).permission−>union (self.rbacRole.permission)−> includesAll(self.resource.permission)

Part 5

Planner Analyser

Behaviour Model


Model

Executor Asset MonitorBehaviour Gauges

Identity Provider

Authorisation Service

Rules &Attributes

Tailored Solutions

Plan

GetBehaviour

SetBehaviourRBAC/ABAC

Constructs

GetAttributes

ActivePolicies

AccessRequests/Decisions

AttributeAssignment

New Policies

Model RepairVerificationand repair

Analysis Planning

SAAF ControllerRBAC1RBAC2RBAC3

RBAC1_rRBAC2

RBAC

S1, S2, S3

RBAC1_r

RBAC1_rRBAC2

Model Repair

LDAP

PERMIS

RBAC

CONSTRAINTS

RBACDSML

Just One More Thing…

https://saaf-resource.kent.ac.uk/

game/index.php

https://saaf-resource.kent.ac.uk/game/index.php

Thank You

References• C. Bailey, D. W. Chadwick, and R. de Lemos, “Self-adaptive federated authorization infrastructures,” Journal of Computer and System Sciences, vol. 80, no. 5, pp. 935–952, Aug. 2014.

• C. Bailey, L. Montrieux, R. de Lemos, Y. Yu, and M. Wermelinger, “Run-time generation, transformation, and verification of access control models for self-protection,” in SEAMS’14: 9th International Symposium on Software Engineering for Adaptive and Self-Managing Systems, Hyderabad, India, 2014.

• B. H. C. Cheng, R. de Lemos, H. Giese, P. Inverardi, J. Magee, J. Andersson, B. Becker, N. Bencomo, Y. Brun, B. Cukic, G. D. M. Serugendo, S. Dustdar, A. Finkelstein, C. Gacek, K. Geihs, V. Grassi, G. Karsai, H. M. Kienle, J. Kramer, M. Litoiu, S. Malek, R. Mirandola, H. A. Müller, S. Park, M. Shaw, M. Tichy, M. Tivoli, D. Weyns, and J. Whittle, “Software Engineering for Self-Adaptive Systems: A Research Roadmap,” in Software Engineering for Self-Adaptive Systems, B. H. C. Cheng, R. de Lemos, H. Giese, P. Inverardi, and J. Magee, Eds. Springer Berlin Heidelberg, 2009, pp. 1–26

• S. Sinclair, S. W. Smith, S. Trudeau, M. E. Johnson, and A. Portera, “Information Risk in Financial Institutions: Field Study and Research Roadmap,” in Enterprise Applications and Services in the Finance Industry, D. J. Veit, D. Kundisch, T. Weitzel, C. Weinhardt, F. A. Rabhi, and F. Rajola, Eds. Springer Berlin Heidelberg, 2007, pp. 165–180.

Image Credits• All screen captures are from the film “Monthy Python and the Holy Grail” (1975)

• Snakes and Ladders, Len Matthews, CC by-nd 2.0 https://goo.gl/3j3KF4

https://goo.gl/3j3KF4