PolicyCarrying, PolicyEnforcing Digital Objects - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

PolicyCarrying, PolicyEnforcing Digital Objects

Description:

... Digital Objects, accepted by Fourth European Conference on Research andAdvanced ... TR99-1758, Department of Computer Science, Cornell University, July 19, 1999, ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 24
Provided by: sandrap7
Category:

less

Transcript and Presenter's Notes

Title: PolicyCarrying, PolicyEnforcing Digital Objects


1
Policy-Carrying, Policy-EnforcingDigital Objects
Sandra Payette Project Prism - Cornell
University DLI2 All-Projects Meeting June 14, 2000
2
Access Control Challenge
Enforcement of highly expressive access control
policies to support context-specific requirements
of digital libraries.
3
General-Purpose Policy Enforcement
4
Context-SpecificPolicy Enforcement
5
Limitations of traditional access control
mechanisms
  • Fixed set of abstractions
  • objects are files, directories, etc.
  • actions are read, write, execute, etc.
  • Limited expressiveness for policies
  • Not easily extended for complex or fine-grained
    policies

6
Requirements for new contexts
  • Architecture that supports behavior-centric
    policy enforcement
  • Policy definition languages that are flexible
  • Highly secure enforcement mechanism
  • Support for mobile code and mobile computing
    environments

7
Policy Enforcement Continuum
Digital Objects
repository-centric
object-centric
8
Generalization
  • Digital objects can be treated as generic
    entities, even if they are very specialized in
    some ways
  • Generic policies can address the non-specific
    nature of a digital object or a collection of
    digital objects

Only repository managers can delete objects
from the collection.
9
Specialization
  • Digital objects can have object-specific policies
    associated with them
  • Policies may be fine-grained or idiosyncratic
  • General-purpose enforcement mechanisms will not
    easily accommodate these policies, if at all

10
Example Object-specific policy
11
Policy-Carrying, Policy-Enforcing Digital Objects
- motivation
  • Semantics of policies should parallel the
    behavioral semantics of real-world entities
  • Decentralized policy management
  • Extensibility for policies and mechanisms
  • Portability and Mobile computing (policies move
    with the objects)

12
Experiments Building on existing work
  • Fedora - digital object and repository
    architecture (Payette and Lagoze, 1998, 2000)
  • Security Automata (Schneider, 1999)
  • PoET - Policy Enforcement Toolkit (Erlingsson
    and Schneider, 1999, 2000)

13
Fedora Digital Object Model
Extensible Mechanism
Encapsulated service request
Typed Disseminator
Internal stream
Data Stream
Data Stream
Data Stream
Generic interface
Primitive Disseminator
Disseminations
14
Fedora - Behaviors
GetVideo(quality) GetSlide(seqNum) GetSyncData
GetDCRecord GetDCField(name)
Lecture Mechanism
Video-H (mpeg)
slide-2 (gif)
slide-1 (gif)
metadata (xml)
Video-L (mpeg)
Content Disseminations
Lecture Archive
15
Security Automata
  • Theoretical basis for specifying policies that
    are enforceable, flexible, and fine-grained
  • Policies are modeled as finite-state machines
  • Enforcement mechanism simulates automaton,
    preventing executions that violate policy

Source Schneider, 1999
16
Example Simple Security Automata
Lesson 1 Video Accessed
Descriptive Metadata Accessed
Present Cornell ID
After viewing descriptive metadata, ONLY
Cornellians can access the Lesson 1 video.
17
Policy Enforcement Toolkit (PoET)
  • Implements In-line Reference Monitors (IRMs) that
    simulate security automata
  • Mediates all executions upon a system,
    application, or object
  • Modifies bytecode to embed policies (trusted
    program rewriter)
  • Converts java applications to secured applications

Source Erlingsson and Schneider, 1999, 2000
18
PoET - how it works
POLICY in PSLang
JVM
PoET Rewriter
PoET Class Loader
Modified Bytecode (policy embedded)
Program runs (obeys policy)
Java Bytecode
Source Erlingsson and Schneider, 1999, 2000
19
Fedora and PoET
Java bytecode in-lined with policies
Video-H
Policy-L (psl)
Video-L
slide-2 (gif)
Lecture Archive
slide-1 (gif)
Default Policy
metadata (xml)
Content Disseminations
20
The Overall Result
Guarded Lecture Mechanism

Lecture Archive

Content Disseminations
High resolution video (students only) Low
Resolution video (students others with fee)
Slides (1-20 all users 21-25 students only)
21
Challenges and Future Work
  • Ramp up - enforcement of more complex policies,
    more object types
  • Examine tension between object-centric vs.
    repository centric policy enforcement
  • Mobile computing - trust schemes to support
    policy enforcement as objects move
  • Intentional policies and dynamic binding
  • Preservation application of security automata -
    detect unacceptable transitions

22
References - Fedora
Payette, Sandra and Carl Lagoze, Flexible and
Extensible Digital Object and Repository
Architecture, ECDL98, Heraklion, Crete,
September 21-23, 1998, Springer, 1998, (Lecture
notes in computer science Vol. 1513).
http//www.cs.cornell.edu/payette/papers/ecdl98/fe
dora.html Payette, Sandra, Christophe Blanchi,
Carl Lagoze, and Edward Overly, Interoperability
for Digital Objects and Repositories The
Cornell/CNRI Experiments, D-Lib Magazine, May
1999. http//www.dlib.org/dlib/may99/payette/05pay
ette.html Payette, Sandra and Carl Lagoze,
Policy-Carrying, Policy-Enforcing Digital
Objects, accepted by Fourth European Conference
on Research andAdvanced Technology for Digital
Libraries, Portugal, Springer, 2000, (Lecture
notes in computer science), draft available at
http//www.cs.cornell.edu/payette/papers/ecdl2000/
pcpe-draft.ps Payette, Sandra and Carl Lagoze,
Value Added Surrogates for Distributed Content
Establishing a Virtual Control Zone, D-Lib
Magazine, June 2000, http//www.dlib.org/dlib/june
00/payette/06payette.html
23
ReferencesSecurity Automata and PoET
Schneider, Fred B., Enforceable Security
Policies, Computer Science Technical Report
TR98-1664, Department of Computer Science,
Cornell University, July 24, 1999,
http//cs-tr.cs.cornell.edu80/Dienst/UI/1.0/Displ
ay/ncstrl.cornell/TR98-1664 Erlingsson, Ulfar
and Fred B. Schneider, SASI Enforcement of
Security Policies A Retrospective, Computer
Science Technical Report TR99-1758, Department
of Computer Science, Cornell University, July 19,
1999, http//cs-tr.cs.cornell.edu80/Dienst/UI/1.
0/Display/ncstrl.cornell/TR99-1758   Erlingsson,
Ulfar and Fred B. Schneider, IRM Enforcement of
Java Stack Inspection, Computer Science
Technical Report TR2000-1786, Department of
Computer Science, Cornell University, February
19, 2000, http//cs-tr.cs.cornell.edu80/Dienst/U
I/1.0/Display/ncstrl.cornell/TR2000-1786
Write a Comment
User Comments (0)
About PowerShow.com