illinois security lab using attribute-based access control to enable attribute- based messaging...
Post on 18-Dec-2015
220 views
TRANSCRIPT
![Page 1: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/1.jpg)
IllinoisSecurity Lab
Using Attribute-Based Access Control to Enable
Attribute-Based Messaging
Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter and Himanshu Khurana
University of Illinois at Urbana-Champaign
![Page 2: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/2.jpg)
IllinoisSecurity Lab
ACSAC 2006
Introduction to ABM
Attribute-Based Messaging (ABM): Targeting messages based on attributes.
To: faculty going on sabbatical
![Page 3: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/3.jpg)
IllinoisSecurity Lab
ACSAC 2006
Introduction to ABM
Examples• Address all faculty going on sabbatical
next term• Notify all female CS graduate students
who passed qualifying exams of a scholarship opportunity
Attribute-Based Messaging (ABM): Targeting messages based on attributes.
![Page 4: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/4.jpg)
IllinoisSecurity Lab
ACSAC 2006
Why ABM?
• Attribute-based systems have desirable properties– flexibility, privacy and intuitiveness
• Attribute-Based Messaging (ABM) brings these advantages to e-mail messaging– enhances confidentiality by supporting
targeted messaging• via dynamic and transient groups
– enhances relevance of messages• by reducing unwanted messages
![Page 5: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/5.jpg)
IllinoisSecurity Lab
ACSAC 2006
Challenges
• Access Control – access to such a system should be carefully
controlled• potential for spam • privacy of attributes
• Deployability– system should be compatible with existing
infrastructure
• Efficiency– system should have comparable
performance to regular e-mail
![Page 6: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/6.jpg)
IllinoisSecurity Lab
ACSAC 2006
Enterprise Architecture
Ensuing Issues •ABM Address Format, Client I/F
•Access Control - policy specification and enforcement
•Attribute Database creation and maintenance
To: M
anagers
Attr.DB
Policy
Decision
E-mailMTA
ABMServer
![Page 7: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/7.jpg)
IllinoisSecurity Lab
ACSAC 2006
Enterprise Architecture cont.
• Attribute database– all enterprises have attribute data about
their users– data spread over multiple, possibly
disparate databases– assume that this attribute data is
available to ABM system• “information fabric” , “data services layer”
• ABM address format −logical expressions of attribute value pairs−disjunctive normal form
![Page 8: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/8.jpg)
IllinoisSecurity Lab
ACSAC 2006
Access Control
• Access Control Lists (ACLs)– difficult to manage
![Page 9: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/9.jpg)
IllinoisSecurity Lab
ACSAC 2006
Access Control
×Access Control Lists (ACLs)× difficult to manage
• Role-Based Access Control (RBAC)– simplified management if roles already exist
![Page 10: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/10.jpg)
IllinoisSecurity Lab
ACSAC 2006
Access Control
×Access Control Lists (ACLs)× difficult to manage
× Role-Based Access Control (RBAC)× simplified management if roles already exist
• Attribute-Based Access Control (ABAC)−uses same attributes used to target messages−more flexible policies than with RBAC
• Access policy −XACML is used to specify access policies−Sun’s XACML engine is used for policy decision
![Page 11: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/11.jpg)
IllinoisSecurity Lab
ACSAC 2006
Access Control cont.
• Problem– need policy per logical expression– policy explosion
• Solution?– one policy per <attribute,value>
![Page 12: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/12.jpg)
IllinoisSecurity Lab
ACSAC 2006
Deployability
• Use existing e-mail infrastructure (SMTP)– address ABM messages to the ABM server
(MUA) and add ABM address as a MIME attachment
• No modification to client– use a web server to aid the sender in
composing the ABM address via a thin client (web browser)
• E-mail like semantics– policy specialization
![Page 13: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/13.jpg)
IllinoisSecurity Lab
ACSAC 2006
PDPSun’s XACML
Engine
Sender
AttributeDB
MS SQL ServerPolicyxml
ABM ServerWeb ServerWindows IIS
MTA
PS
1
PS
8
PS2
AR2AR1
AR
3
PS7
AR
4
MS1
MS
2
Putting It All Together
LegendPS: Policy
SpecializationMS: MessagingAR: Address
Resolution
![Page 14: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/14.jpg)
IllinoisSecurity Lab
ACSAC 2006
Security Analysis
• Problem– open to replay attacks
• Solution– MTA configured with SMTP
authentication• with additional message specific checks
![Page 15: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/15.jpg)
IllinoisSecurity Lab
ACSAC 2006
Experimental Setup
• Measured– latency over regular e-mail
• with and without access control
– latency of Policy Specialization
• Setup– up to 60K users – 100 attributes in the system
• 20% of attributes common to most users• 80% of attributes sparsely distributed
![Page 16: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/16.jpg)
IllinoisSecurity Lab
ACSAC 2006
Results
![Page 17: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/17.jpg)
IllinoisSecurity Lab
ACSAC 2006
Results Continued…
0
2
4
6
8
10
12
14
143 282 398 568 674
Number of Policies (Number of policies ~= 5 * Number of attributes)
Tim
e (s
ec)
Policy Specialization Latency
![Page 18: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/18.jpg)
IllinoisSecurity Lab
ACSAC 2006
Other Considerations
• Policy Administration– one policy per <attribute ,value> not per
address– further be reduced to one policy per
attribute
• Privacy– of sender and receivers– of ABM address
• Usability– user interfaces
![Page 19: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/19.jpg)
IllinoisSecurity Lab
ACSAC 2006
Related Work
• Technologies– List Servers– Customer Relationship Management
(CRM)
• Secure role-based messaging• WSEmail
![Page 20: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/20.jpg)
IllinoisSecurity Lab
ACSAC 2006
Future Work
• Inter-domain ABM– e.g., address doctors in the tri-state area who
have expertise in a specific kind of surgical procedure
– challenge – “attribute mapping”– application in ‘emergency communications’
• Encrypted ABM
![Page 21: Illinois Security Lab Using Attribute-Based Access Control to Enable Attribute- Based Messaging Rakesh Bobba, Omid Fatemieh, Fariba Khan, Carl A. Gunter](https://reader035.vdocument.in/reader035/viewer/2022062407/56649d265503460f949fcc74/html5/thumbnails/21.jpg)
IllinoisSecurity Lab
ACSAC 2006