Embed Size (px)
Citation preview
NISNet PhD student workshop, Bergen, Norway01-03 September 2010
Access Control with Trust and Machine Learning
Sergiy Gladysh
NTNU, ITEM
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
2Access Control: General Model
Requests
Access Control Policy
(PDP – Policy Decision Point)
O11
Audit Log
Information Security Boundary
O12 O13
Objects
O21 O22 O23
B
A
C
Reference Monitor
(PEP – Policy Enforcement Point)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
3Discretionary Access Control (DAC)
O11
D
O12
O13
O14
C
A
B
...
Users
Authorization
Reference Monitor
Access Matrix
ACL1:A: r, wB: rC: r:
O1 O2 O3 ...A: r,w r -B: r r rwC: r: r r
O21
O22
O23
O24
ACL2:A: rB: r, wC: r, w
ObjectsInformation Security Boundary
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
4Mandatory Access Control (MAC)
O11
D
O12
O13
O14
Users
O21
O22
O23
O24
Objects
Information Security Boundary
Confidentiality Label 2
Access Level 1
Access Level 2
Access Level 3
Access Level 4
C
B
A
Confidentiality Label 2
Top Secret
Secret
Confidential
Unclassified
Reference Monitor
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
5
Role-Based Access Control (RBAC)
P11
D
P12
P13
C
A
B
Role1
...
Users
Permissions
User-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
Objects
Se
ssio
ns
Se
ssio
ns
Role Activation
(UA) (RA)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
6
Context-Aware RBAC, Dynamic Constraints, ABAC
P11
D
P12
P13
C
A
B
Role1...
Users RA Constraints: - Location;- Temporal
PermissionsUser-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
Objects
Se
ssio
ns
Ses
sio
ns
Role Activation
(UA) (RA)
UA Constraints: - Separation of Duties (SoD);- Attributes (ABAC, XACML)
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
7Problems in Open Environments
Requests
Access Control Policy
(PDP – Policy Decision Point)
O11
Audit Log
Information Security Boundary
O12 O13
Objects
O21 O22 O23
B
A
C
Reference Monitor(PEP – Policy
Enforcement Point)
X... ZW
?
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
8
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Problem in Open Environment: New/Unknown User
Trust Network
?
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
9
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCX
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Lookup: Graph Query >> Indirect Trust Edge
Trust Network
?
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
10
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCX
ωEC ωC
X
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Subjective Logic >> Probabilistic Inferrence of Metric for Indirect Trust
Trust Network
?
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
11
Trust Network Analysis + Machine Learning
ωEA
ωEB
ωEC
ωCXωE
C ωCX
X
E
C
B
A
Trust Metrics - Beta Probability Density Funtions
Subjective Logic >> Inferred Metric for Indirect Trust
Trust Network
:) !
Access Control with Trust and Machine LearningSergiy Gladysh, PhD researcher, NTNU
12
RBAC Dynamic Constraints + Trust Network
P11
D
P12
P13
C
A
B
Role1
...
Users RA Constraints: - Location;- Temporal
PermissionsUser-Role Assignment
Role2
Roles
O11
O12
O13
O14
Objects
P21
P22
P23
Permissions
O21
O22
O23
O24
ObjectsS
ess
ion
sS
ess
ions
Role Activation
(UA) (RA)
UA Constraints: - SoD; - ABAC; - Trust / Reputation
Trust Network
ωEA
ωEB
ωEC
ωCX
ωEC ωC
X
X
E
C
B
A
