A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,

A New Modeling Paradigm for Dynamic Authorization in

Multi-Domain Systems

MMM-ACNS, September 13, 2007

Manoj Sastry, Ram Krishnan, Ravi Sandhu

Intel Corporation, USA

George Mason University, USA

University of Texas, San Antonio, USA

2

Copyright © Intel Corporation, 2007

Outline• Introduction

• Usage Scenario

• Characteristics of Multi-Domain Interactions

• Concept of Dynamic Attributes

• UCON Background

• EUCON Model & Components

• Summary

3


Introduction• Emergence of mobile devices & ubiquitous n/w

– Anytime, Anywhere connectivity

•Mobility causes users to transcend domains

• Traditional ABAC unsuitable for dynamic env– Attributes pre-defined– Extensive a-priori agreement of attribute semantics

• New paradigm for modeling access control– Dynamic & Multi-domain interactions

4


Usage Scenario

• Alice makes a purchase of $100 at Coffee Shop

• Coffee Shop provides a $10 ‘credit’ to Alice

• Credit usable at multiple stores

• Later, Alice uses ‘credit’ to purchase a book at Book Store

CoffeeShop (CS)

BookShop (BS)

Purchase

Credit Credit

Alice

5


Characteristics of Multi-Domain Interactions• Subjects/Objects interact with multiple systems

– E.g., Alice interacts with Coffee Shop & Book Store

• Information is dynamic & transcends systems– E.g., Alice acquired a ‘credit’ at Coffee Shop & used it

to buy a book at the Book Store

• Prior agreement of semantics not desirable– E.g., Coffee Shop issues ‘credit’ to Alice that has to

be interpreted by Book Store at authorization time; next day, Coffee Shop may issue ‘coupon’

Multi-Domain Attrib

utes

Dynamic Attributes

6


Concept of Dynamic Attributes• Not pre-defined attributes

• Not attributes whose value is dynamic

• New-born attributes with new name-value pairs

• E.g., ‘Credit’ was dynamically created by Coffee Shop; Book Store needs to interpret the semantics when Alice uses it to buy a book

7


Usage Control Model (UCON) Background

Proposed extensions to UCON -> EUCON

8


Classification of EUCON Attributes

• Classification based on two factors– Time of attribute definition•Pre-defined Attributes•Dynamic Attributes

– Scope of attribute definition•Local Attributes•Multi-Domain Attributes

9


EUCON Attributes: PLA, PMA, DLA• Pre-Defined Local Attributes (PLA)– Same as current notion of attributes in attribute-

based access control models such as UCON

• Pre-Defined Multi-Domain Attributes (PMA)– A-priori agreement of attribute semantics across

multiple domains

• Dynamic Local Attributes (DLA)– Dynamically created but interpretable within same

domain– E.g., Coffee Shop could create an attribute ‘discount’

that is usable at a later date at the same store

10


EUCON Attributes: DMA• Dynamic Multi-Domain Attributes (DMA)

– New approach to model emerging usage scenarios– Attributes created on the fly and interpretable in

multiple domains at authorization time– Subject & Object Attributes can be DMA•E.g., ‘Credit’ is a new-born subject (Alice) attribute created by the Coffee Shop. Book Store interacts with CS at run time when Alice uses it to purchase a book•E.g., Alice checks in with airport security and the objects she carries gets a DMA “cleared=true”. Alice uses this DMA at the airline system to board

11


EUCON Authorizations• Rules based on subject and object attributes

• Pre-defined Local Authorization– Current UCON authorization

• Pre-defined Multi-Domain Authorization– Current authorization methods for multi-domain

• Dynamic Local Authorization– Construction of rules based on DLA

• Dynamic Multi-Domain Authorization– Construction of dynamic authorization rules by interpreting DMA– E.g., Book Store interprets ‘credit’ at runtime and constructs

dynamic authorization rules

12


EUCON Obligations• Subject pre-req before access can be granted

– E.g., Alice agrees to a license before she can access whitepaper

• Pre-defined Local & Dynamic Obligations– Obligations on local & dynamic attributes

• Pre-defined Multi-Domain Obligations– Obligations interpretable across multiple domains

• Dynamic Multi-Domain Obligations– Obligations on DMA– Defined dynamically and interpreted at multiple domains– E.g., Before Alice can use ‘credit’ at Book Store, she is

obligated to engage in a transaction with another Coffee Shop within the Book Store

13


EUCON Conditions• System factors held before access granted

• Dynamic Multi-Domain Conditions– Conditions on DMA interpretable at multiple domains– E.g., Book Store could dynamically discover a

condition on using ‘credit’ such that current ‘credit’ usage on all Coffee Shop systems is not > $1000

14


Extended UCON (EUCON)

15


Summary

Emergence of mobile & dynamic apps

Users transcend domains in mobile env.

Current access control models unsuitable

New paradigm for dynamic, multi-domain

Proposed extensions to UCON - EUCON

16


Thank You!

BACKUP

18


Related Work• Damiani, Vimercati & Samarati identify reqs

– Similar to our requirements for a mobile env.– Survey extensions proposed for other models;

however, our concept of DMA is different

• Covington & Sastry have proposed CABAC– Authorization policies based entirely on attributes– Transaction attributes defined in this work is similar

to our pre-defined multi-domain attributes

19


Background: Continuity & Mutability

Documents

A New Modeling Paradigm for Dynamic Authorization in Multi-Domain Systems MMM-ACNS, September 13, 2007 Manoj Sastry, Ram Krishnan, Ravi Sandhu Intel Corporation,