Slide title In CAPITALS 50 pt Slide subtitle 32 pt ESPOON: Enforcing Security Policies in Outsourced Environments M. Rizwan Asghar SRI International Menlo.

Slide titleIn CAPITALS

50 pt

Slide subtitle 32 pt

ESPOON: Enforcing Security Policies in Outsourced Environments

M. Rizwan Asghar

SRI InternationalMenlo Park, CA, USA

August 1, 2012

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

2

Why Outsourcing

Cost saving

Scalability

Efficiency

Availability

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

3

Motivation

Patient

Service Provider

Policy

Dentist

Access Request

Access Request

Medical Record Access ResponsePolicy:

Only a dentist may get access from dentist-ward during duty hours (9-17 hrs)

PolicyMedical Record

Issue:Policy or access request may leak sensitive information

Requester=Dentist, Location=Dentist-ward, Time=10hrs

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

4

Problem

Patient

Service Provider

Policy

Dentist

Access Request

Access Request

Medical Record

PolicyMedical Record

Problem:How to evaluate encrypted policy against encrypted access request

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

5

Proposed Solution

We name our solution ESPOON (Enforcing Security Policies in OutsOurced eNvironments)

In ESPOON, the Service Provider is assumed honest-but-curious

ESPOON is capable of handling complex policies involving range queries

ESPOON is a multiuser scheme in which entities do not share any encryption keys

A compromised user can be removed without requiring re-encryption of policies

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

6

ESPOON Architecture

Policy Store

PIP

Administration Point

Admin User

Service Provider

(i)

Requester

Key Store

PEP

PDP

(6)Data

(5)Yes/No (2)

(7)Response

(1)

Outsourced Environment

Trusted but can be removed Partially-trusted but can be removed

Trusted Key Management Authority

Data Store

Fully-trusted),( 1 sxK AuA

),( 1 sxK RuR

),( 2As xAKA ),( 2Rs xRK

R

),( sxMSK ),,,( fHghgParams x

21 ii xxx

AsK

AuKPolicy}{

(ii)

}{PolicyC

RuKREQ}{

RsK }{REQTD

(3)

}{PolicyC

(4)

RuKContext}{

}{ContextTD

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

7

Policy Representation

Λ

V

Λ

V

Λ

V

AT = Access Time

Policy:Only a dentist may get access from dentist-ward during duty hours (9-17 hrs)

Requester=Dentist

Location=Dentist-Ward

AT:0****

AT:*0*** AT:**0** AT:***0* AT:****0

AT:1****

AT:*1***

AT:**1** AT:***1*

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

8

Policy Evaluation

Λ

V

Λ

V

Λ

V

AT = Access Time

C(Requester=Dentist)

C(Location=Dentist-Ward)

C(AT:0****)

C(AT:*0***) C(AT:**0**) C(AT:***0*) C(AT:****0)

C(AT:1****)

C(AT:*1***)

C(AT:**1**) C(AT:***1*)

TD(Requester=Dentist)

TD(Location=Dentist-Ward)

Access Time=10hrs

TD(AT:0****)

TD(AT:*1***)

TD(AT:**0**)

TD(AT:***1*)

TD(AT:****0)

Yes

No

NoNo Yes

Yes

Yes

Yes

NoYes

Yes

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

9

Policy Evaluation (2)

Λ

V

Λ

V

Λ

V

Yes

No

NoNo Yes

Yes

Yes

Yes

NoYes

Yes

No

Yes

Yes

Yes

Yes

Yes

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

10

Performance Analysis: Requester

String Attribute: O(n), n is the number of string attributes

Numerical Attribute: O(ns), n is the number of numerical attributes each of size s

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

11

Performance Analysis: Policy Evaluation

String Attribute: O(nm), n is the number of string attributes and m is the number of string comparisons

Numerical Attribute: O(nms2), n is the number of numerical attributes and m is the number of numerical comparisons each of size s

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

12

Related Work

Schemes supporting access controls in outsourced environments require re-generation of keys and re-encryption of data for any administrative changes [Vimercati et al. CSAW’07 VLDB’07]

Schemes supporting queries on encrypted data do not support access policies [Dong et al. DBSec’08, Song et al. S&P’00, Boneh et al. EUROCRYPT’04, Curtmola et al. CCS’06, Hwang and Lee LNCS’07, Boneh and Waters TCC’07, Wang et al. SOFSEM’08, Baek et al. ICCSA’08, Rhee et al. JSS’10, Shao et al. Inf. Sci.’10]

Encrypted data with CP-ABE policy reveals the policy structure [Narayan et al. CCSW’10]

Hidden credentials schemes do not support complex policies and require parties to be online [Holt et al. WPES’03, Bradshaw et al. CCS’04]

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

13

Recent Advancements

ESPOONERBAC

– Enforcing RBAC style of policies covering:

RBAC0 – Role assignment and permission assignment

RBAC1 – Dynamic constraints (E-GRANT)

- Dynamic separation of duties

- Chinese Wall

RBAC2 = RBAC0 + RBAC1

Distributed Policy Enforcement– Under development and writing paper

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

14

Conclusions and Future Work

Conclusions– ESPOON enforces policies in outsourced environments

– ESPOON supports complex policies including range queries

– ESPOON employs a multiuser scheme where entities do not share keys

Future work– Secure auditing mechanism in ESPOON

– Support for negative authorisation policies and conflict resolution

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

16

References

[Asghar et al. CCS’11] M. R. Asghar, G. Russello, B. Crispo. POSTER:ESPOONERBAC: Enforcing Security Policies in Outsourced Environments with Encrypted RBAC. In Proceedings of the 18th ACM conference on Computer and communications security, CCS ’11, pages 841-844, New York, NY, USA, 2011. ACM.

[Asghar et al. ARES’11] M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOON: Enforcing Encrypted Security Policies in Outsourced Environments. The Sixth International Conference on Availability, Reliability and Security (ARES), Austria, Vienna, 22-26 August 2011, pages 99-108. IEEE, 2011 (Full paper acceptance rate was 20%).

M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOONERBAC: Enforcing Security Policies in Outsourced Environments with Encrypted RBAC. Elsevier Computers & Security (COSE) – under review

M. R. Asghar, G. Russello, B. Crispo. E-GRANT: Enforcing Encrypted Dynamic Security Constraints in the Cloud – A journal paper under review

Top right corner for field-mark, customer or partner logotypes. See Best practice for example.

Slide title 40 pt

Slide subtitle 24 pt

Text 24 pt

Bullets level 2-520 pt

17

Thank You!

Any Questions?

[email protected]