Data and Applications Security Developments and Directions

1
Data and Applications Security Developments and
Directions

• Secure Knowledge Management
• Confidentiality, Privacy and Trust
• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• November 29, 2005

2
Outline of the Unit

• Background on Knowledge Management
• Secure Knowledge Management
• Confidentiality Access Control
• Privacy
• Trust Management
• Integrated System
• Secure Knowledge Management Technologies
• Directions
• Appendix TrustX Research

3
References

• Proceedings Secure Knowledge Management Workshop
• Secure Knowledge Management Workshop, Buffalo,
  NY, September 2004
• http//www.cse.buffalo.edu/caeiae/skm2004/
• Secure Knowledge Management
• Authors Thuraisingham, Bertino, Sandhu
• To be published in IEEE Transactions on Systems,
  Man and Cybernetics
• This lecture is based on the above paper

4
What is Knowledge Management

• Knowledge management, or KM, is the process
  through which organizations generate value from
  their intellectual property and knowledge-based
  assets
• KM involves the creation, dissemination, and
  utilization of knowledge
• Reference http//www.commerce-database.com/knowle
  dge-management.htm?sourcegoogle

5
Knowledge Management Components
Knowledge
Components of
Management
Components,
Cycle and
Technologies
Cycle
Technologies
Components
Knowledge, Creation
Expert systems
Strategies
Sharing, Measurement
Collaboration
Processes
And Improvement
Training
Metrics
Web
6
Organizational Learning Process
Incentives
Source Reinhardt and Pawlowsky
7
Aspects of Secure Knowledge Management (SKM)

• Protecting the intellectual property of an
  organization
• Access control including role-based access
  control
• Security for process/activity management and
  workflow
• Users must have certain credentials to carry out
  an activity
• Composing multiple security policies across
  organizations
• Security for knowledge management strategies and
  processes
• Risk management and economic tradeoffs
• Digital rights management and trust negotiation

8
SKM Strategies, Processes, Metrics, Techniques

• Security Strategies
• Policies and procedures for sharing data
• Protecting intellectual property
• Should be tightly integrated with business
  strategy
• Security processes
• Secure workflow
• Processes for contracting, purchasing, order
  management, etc.
• Metrics
• What is impact of security on number of documents
  published and other metrics gathered
• Techniques
• Access control, Trust management

9
SKM Strategies, Processes, Metrics, Techniques
10
Secure Knowledge Management Architecture
11
SKM Technologies

• Data Mining
• Mining the information and determine resources
  without violating security
• Secure Semantic Web
• Secure knowledge sharing
• Secure Annotation Management
• Managing annotations about expertise and
  resources
• Secure content management
• Markup technologies and related aspects for
  managing content
• Secure multimedia information management

12
Confidentiality, Privacy and Trust

• Confidentiality Ensuring that only authorized
  individuals get/acquire the information/knowledge
  according to the confidentiality policies
• Privacy Ensuring that my personal information is
  distributed according to the policies I enforce
• Trust Do we believe that the other person will
  not divulge confidential and/or private
  information even though he/she is authorized to
  receive the information

13
Access Control Strategy

• XML to specify policies
• Subjects request access to XML documents under
  two modes Browsing and authoring
• With browsing access subject can read/navigate
  documents
• Authoring access is needed to modify, delete,
  append documents
• Access control module checks the policy based and
  applies policy specs
• Views of the document are created based on
  credentials and policy specs
• In case of conflict, least access privilege rule
  is enforced
• Works for Push/Pull modes
• Presentation at MITRE on March 18, 2005

14
System Architecture for Access Control
15
Third-Party Architecture
XML Source
Credential base
policy base

• The Owner is the producer of information It
  specifies access control policies
• The Publisher is responsible for managing (a
  portion of) the Owner information and answering
  subject queries
• Goal Untrusted Publisher with respect to
  Authenticity and Completeness checking

SE-XML
Owner
Publisher
Reply document
credentials
Query
User/Subject
16
RBAC for SKM

• Access to information sources including
  structured and unstructured data both within the
  organization and external to the organization
• Search Engines and tools for identifying relevant
  pieces of this information for a specific purpose
• Knowledge extraction, fusion and discovery
  programs and services
• Controlled dissemination and sharing of newly
  produced knowledge

17
RBAC for SKM
18
UCON (Usage Control) for SKM

• RBAC model is incorporated into UCON and useful
  for SKM
• Authorization component
• Obligations
• Obligations are actions required to be performed
  before an access is permitted
• Obligations can be used to determine whether an
  expensive knowledge search is required
• Attribute Mutability
• Used to control the scope of the knowledge search
• Condition
• Can be used for resource usage policies to be
  relaxed or tightened

19
UCON for SKM
20
Confidentiality Controller
21
Some Privacy concerns

• Medical and Healthcare
• Employers, marketers, or others knowing of
  private medical concerns of employees
• Security
• Allowing access to individuals travel and
  spending data
• Allowing access to web surfing behavior
• Marketing, Sales, and Finance
• Allowing access to individuals purchases

22
Privacy Preserving Data Mining

• Association Rules
• Privacy Preserving Association Rule Mining
• IBM, - - - - -
• Decision Trees
• Privacy Preserving Decision Trees
• IBM, - - - -
• Clustering
• Privacy Preserving Clustering
• Purdue, - - - -
• Link Analysis
• Privacy Preserving Link Analysis
• UTD, (ICDM Conference Workshop on Privacy
  Preserving Data Mining, November 2005)

23
Privacy Controller

Interface to the Client

Inference Engine/

Privacy
Controller
Privacy
Policies
Ontologies
Rules

Client

Database

Client


Engine




24
Trust Negotiation model Joint Research with
Prof. Elisa Bertino et al at Purdue and U. Of
Milan

• A promising approach for open systems where most
  of the interactions occur between strangers
• The goal establish trust between parties in
  order to exchange sensitive information and
  services
• The approach establish trust by verifying
  properties of the other party

25
Trust Management for SKM

• Trust Services
• Identify services, authorization services,
  reputation services
• Trust negotiation (TN)
• Digital credentials, Disclosure policies
• TN Requirements
• Language requirements
• Semantics, constraints, policies
• System requirements
• Credential ownership, validity, alternative
  negotiation strategies, privacy
• Example TN systems
• KeyNote and Trust-X (U of Milan), TrustBuilder
  (UIUC)

26
Trust Management for SKM
27
Integrated Approach Confidentiality, Privacy and
Trust
28
SKM for Coalitions

• Organizations form federations and coalitions
  work together to solve a problem
• Universities, Commercial corporations, Government
  agencies
• Challenges is to share data/information and at
  the same time ensure security and autonomy for
  the individual organizations
• How can knowledge be shared across coalitions?
• Incentive compatible knowledge sharing techniques

29
SKM Coalition Architecture Joint Research with
Prof. Ravi Sandhu at GMU
Knowledge for Coalition
Export
Export
Knowledge
Knowledge
Export
Knowledge
Component
Component
Knowledge for
Knowledge for
Agency A
Agency C
Component
Knowledge for
Agency B
30
Directions

• We have identified high level aspects of SKM
• Strategies, Processes. Metrics, techniques,
  Technologies, Architecture
• Need to investigate security issues
• RBAC, UCON, Trust, Privacy etc.
• CS departments should collaborate with business
  schools on KM and SKM

31
Data and Applications Security Developments and
Directions

• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• Secure Knowledge Management
• Confidentiality, Privacy and Trust
• Appendix TrustX System and Current Research
• Joint work with Purdue University and
• University of Milan
• November 29, 2005

32
The problem Establishing trust in open systems

• Interactions between strangers
• - In conventional systems user identity is
  known in advance
• and can be used for performing access
  control
• - In open systems partecipants may have no
  pre-existing
• relationship and may not share a common
  security domain

?

• Mutual authentication
• - Assumption on the counterpart honesty no
  longer holds
• - Both participants need to authenticate each
  other

33
Trust Negotiation model

• A promising approach for open systems where most
  of the interactions occur between strangers
• The goal establish trust between parties in
  order to exchange sensitive information and
  services
• The approach establish trust by verifying
  properties of the other party

34
Trust negotiation the approach

• Interactions between strangers in open systems
• are different from traditional access control
  models

Policies and mechanisms developed in conventional
systems need to be revised
ACCESS CONTROL POLICIES VS. DISCLOSURE POLICIES
USER IDs VS. SUBJECT PROPERTIES
35
Subject properties digital credentials

• Assertion about the credential owner issued and
  certified by a Certification Authority.

• Each entity has an associated set of
  credentials,
• describing properties and attributes of the
  owner.

CA
36
Use of Credentials
Credential Issuer
Digital Credentials

• Julie
• 3 kids
• Married
• American

Alice
Check
Check
-Julie - Married
-Julie - American
Company B
Want to know marital status
Company A
Referenced from http//www.credentica.com/technolo
gy/overview.pdf
Want to know citizenship
37
Credentials

• Credentials can be expressed through the Security
  Assertion Mark-up Language (SAML)
• SAML allows a party to express security
  statements about a given subject
• Authentication statements
• Attribute statements
• Authorization decision statements

38
Disclosure policies
Disclosure policies

• Disclosure policies govern
• Access to protected resources
• Access to sensitive information
• Disclosure of sensitive credentials
• Disclosure policies express trust requirements by
  means of credential combinations that must be
  disclosed to obtain authorization

39
Disclosure policies - Example

• Suppose NBG Bank offers loans to students
• To check the eligibility of the requester, the
  Bank asks the student to present the following
  credentials
• The student card
• The ID card
• Social Security Card
• Financial information either a copy of the
  Federal Income Tax Return or a bank statement

40
Disclosure policies - Example

• p1 (, Student_Loan ? Student_Card())
• p2 (p1), Student_Loan ? Social_Security_Card())
  
• p3 (p2, Student_Loan ? Federal_Income_Tax_R
  eturn())
• p4 (p2, Student_Loan ? Bank_Statement())
• P5(p3,p4, Student_Loan ? DELIV)
• These policies result in two distinct policy
  chains that lead to disclosure
• p1, p2, p3, p5 p1, p2, p4, p5

41
Trust Negotiation - definition
The gradual disclosure of credentials and
requests for credentials between two strangers,
with the goal of establishing sufficient trust so
that the parties can exchange sensitive
information and/or resources
42
Trust-X system Joint Research with University
of Milan and Purdue University

• A comprehensive XML based framework for trust
  negotiations
• Trust negotiation language (X-TNL)
• System architecture
• Algorithms and strategies to carry out the
  negotiation process

43
Trust-X language X-TNL

• Able to handle mutliple and heterogeneus
  certificate specifications
• Credentials
• Declarations
• Able to help the user in customizing the
  management of his/her own certificates
• X-Profile
• Data Set
• Able to define a wide range of protection
  requirements by means of disclosure policies

44
X-TNL Credential type system
X-TNL simplifies the task of credential
specification by using a set of templates
called credential types Uniqueness is ensured by
use of XML Namespaces Credential types are
defined by using Document Type Definition
lt!DOCTYPE library_badge lt!ELEMENT library_badge
(name, address, phone_number, email?,
release_date, profession,Issuer)gt lt!ELEMENT name
(fname, lname)gt lt!ELEMENT address
(PCDATA)gt lt!ELEMENT phone_number
(PCDATA)gt lt!ELEMENT email
(PCDATA)gt lt!ELEMENT release_date
(PCDATA)gt lt!ELEMENT profession
(PCDATA)gt lt!ELEMENT fname
(PCDATA)gt lt!ELEMENT lname
(PCDATA)gt lt!ELEMENT Issuer ANYgt lt!ATTLIST
Issuer XMLLINK CDATA FIXED SIMPLE HREF
CDATA REQUIRED TITLE CDATA
IMPLIEDgt lt!ATTLIST library_badge CredID ID
REQUIREDgt lt!ATTLIST library_badge SENS CDATA
REQUIREDgt gt
45
Trust-X negotiation phases- basic model

• Introduction
• Send a request for a resource/service
• Introductory policy exchanges
• Policy evaluation phase
• Disclosure policy exchange
• Evaluation of the exchanged policies in order to
  determine secure solutions for both the parties.
• Certificate exchange phase
• Exchange of the sequence of certificates
  determined at step n. 2.

46
Trust-X Architecture
Trust-X has been specifically designed for a
peer-to-peer environment in that each party is
equipped with the same functional modules and
thus it can alternatively act as a requester or
resource controller during different
negotiations.
47
How a policy is processed

• Upon receiving a disclosure policy the compliance
  checker determines if it can be satisfied by any
  certificate of the local X-profile.

• Then, the module checks in the policy base the
  protection needs associated with the
  certificates, if any.
• The state of the negotiation is anyway updated
  by the tree manager, which records whether new
  policies and credentials have been involved or
  not.

COMPLIANCE CHECKER
TREE MANAGER
Disclosure Policies
Policy Base
Policy Reply
X-Profile
48
Current Research

• How can we ensure privacy in Trust Negotiation
  Systems
• Joint work with U. of Milan and Purdue
• Squichinari, Bertino, Ferrari and Thuraisingham
  et al
• To appear in ACM Transactions on Information and
  Systems Security