Security Policy Reconciliation in Distributed Environments - PowerPoint PPT Presentation

1 / 30

About This Presentation

Title:

Security Policy Reconciliation in Distributed Environments

Description:

Use Blowfish-128. MAY use integrity check. HMAC-MD5. IEEE Policy 2004, Hao Wang. 5. Recurring Theme ... Blowfish-CBC. Integrity. HMAC-MD5. HMAC-SHA1. IEEE ... – PowerPoint PPT presentation

Number of Views:32

Avg rating:3.0/5.0

Slides: 31

Provided by: hbw3

Learn more at: http://pages.cs.wisc.edu

Category:

more less

Transcript and Presenter's Notes

Title: Security Policy Reconciliation in Distributed Environments

1
Security Policy Reconciliation in Distributed
Environments

Hao Wang, Somesh Jha, Miron Livny
University of Wisconsin

Patrick D. McDaniel ATT Research
2
Policy Reconciliation

To reconcile multiple policies among participants

Session policy
1. 2.
1. 2. 3.
Alice
Bob
3
MotivationSecure Communication
SSH Session
Server Policy Client Policy
SSH Protocol 1. SSH1 2. SSH2 1. SSH2
Different requirement
Encryption 1. AES-128 1. 3DES 1. AES-128 1. 3DES
MAC 1. HMAC-SHA1 2. HMAC-MD5 1. HMAC-MD5 2. HMAC-SHA1
Different preference
Compression 1. None 2. Zlib 1. Zlib 2. None
Different preference
4
MotivationResource Sharing

Policy reconciliation also occurs in
collaborative environments
E.g. GRID, Condor, SETI_at_Home
Policies may change frequently

MUST authenticate
Use PKI
Use Kerberos
MUST encrypt all channels
Use AES-128

MUST authenticate
Use PKI
Use Kerberos
MUST encrypt all channels
Use AES-128
Use DES-128
Use Blowfish-128
MAY use integrity check
HMAC-MD5

?
Internet
?

MUST authenticate
Use Kerberos
MAY encrypt all channels
Use AES-128

5
Recurring Theme

Each site/host/user may have
Different security requirements
Different security preferences
Session policy is dynamic

Internet
6
Policy Reconciliation

To establish a provisioning session policy among
participants

Session policy
1. 2.
1. 2. 3.
Alice
Bob
Reconciliation Engine
7
Problem Domain

We deal with session provisioning policy
E.g. a secure session between two parties
We do not deal with
Policy decisions
Policy constructions, transformations
Resolving policy conflicts
Separation of policies and mechanisms
Our work provides the mechanism

8
Outline

Motivation
Policy Representation using DAG
Policy Reconciliation
Implementation

9
Security Policy Reconciliation

How to represent security policies
Need to capture dependencies within each policy
Need to capture policy preferences
How to reconcile security policies
Need to resolve policy preferences
Need to be efficient

10
Existing Approaches

How to represent security policies
Flat
Do not address preferences
e.g. IPsec policy
Proposal 1 AH
Transform 1 HMAC-SHA
Transform 2 HMAC-MD5
Proposal 2 ESP
Transform 1 3DES with HMAC-SHA
Transform 2 3DES with HMAC-MD5
Proposal 2 PCP
Transform 1 LZS
Transform 2 Deflate

Proposal 1 may use one of the 2 listed transforms
This policy offers 2 proposals
Proposal 2 MUST use both ESP and PCP and there
are two transforms each for ESP and PCP.
11
Existing Approaches (cont.)

How to reconcile security policies
Policies with preferences have not been well
addressed
Dependencies within policies are not expressed
explicitly
Generally a NP-complete problem
Gong and Qian, 1994
McDaniel and Prakash, 2002

12
Our Contributions

How to represent security policies
Use directed acyclic graph (DAG) to represent
policies
Concise
Capture dependencies among policy components
Allow efficient reconciliation
Handle policies with preferences

13
Our Contributions

How to reconcile security policies
DAG model simplifies the problem
Policy is reconciled only once per session
Reconcile policies with preferences
Polynomial time reconciliation
Supports multi-party reconciliation
Current implementation supports two-party
reconciliation

14
Policy Representation

Graph model
Use Directed Acyclic Graph (DAG) S (N, E)
called schema
Nset of nodes
Each node is either an AND ( ) or an OR ( )
node
AND node collection
OR node decision
Eset of edges
A policy P (S, C) is a sub-schema derived from
S, where C is the condition function
A policy instance is derived from P

15
Policy Schema

Authentication
Kerberos
PKI (X.509)
Password
Encryption
AES-CBC
3DES-CBC
Blowfish-CBC
Integrity
HMAC-MD5
HMAC-SHA1

root
Integrity
Authentication
Encryption
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
MD5
SHA1
CBC
16
Policy Schema Policies

The policy schema defines the blue print
Each site has its own security policy based on
the schema, i.e. sub-schema
Similar to database schema

root
root
Authentication
Integrity
Encryption
Authentication
Integrity
Encryption
HMAC
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Kerberos
PKI
AES
3DES
Schema
Policy sub-schema
MD5
CBC
SHA1
MD5
SHA1
CBC
17
Policy Schema Policies
root
root
Authentication
Integrity
Encryption
Authentication
Integrity
Encryption
HMAC
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Kerberos
PKI
AES
3DES
Schema
Policy sub-schema
MD5
CBC
SHA1
MD5
SHA1
CBC
root
root
Authentication
Authentication
Integrity
Encryption
Integrity
Encryption
HMAC
HMAC
Kerberos
AES
PKI
3DES
Policy instance 1
Policy instance 2
MD5
CBC
MD5
CBC
18
Policies May Have Preferences

Each user/host/site has its own preferences
Either due to design or requirements
E.g. A may consider Kerberos to be the preferred
authentication algorithm over PKI while B
prefers PKI
A policy P with preference (S, C, Pref)
Pref(n) partial order function for each node

19
Policy With Preferences

Authentication
1. Kerberos
2. PKI (X.509)
3. Password
Encryption
1. AES-CBC
2. 3DES-CBC
3. Blowfish-CBC
Integrity
1. HMAC-MD5
2. HMAC-SHA1

root
Integrity
Authentication
Encryption
1
1
1
2
2
3
3
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
1
2
1
1
1
MD5
SHA1
CBC
20
Policy With Preferences

Use partial ordering to express preferences

Policy 1
Authentication
Kerberos or PKI
Password

Policy 2
Authentication
Kerberos
PKI
Password

21
Outline

Motivation
Policy Representation using DAG
Policy Reconciliation
Implementation

22
Policy Reconciliation

Assumptions
A common policy schema shared by participants
Custom policy schemas for different participants
Goals
A common policy schema for the participants
Reconciled once per session
Must handle preferences

23
Policy Construction
root
Authentication
Integrity
Encryption
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Schema
MD5
CBC
SHA1
root
root
Authentication
Integrity
Encryption
Integrity
Authentication
Encryption
HMAC
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Kerberos
PKI
Password
AES
Blowfish
Sub-schema A
Sub-schema B
CBC
MD5
CBC
SHA1
SHA1
24
Reconciling Preferences
root
root
Authentication
Integrity
Encryption
Integrity
Authentication
Encryption
1
1
2
1
2
1
2
3
1
2
3
HMAC
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Kerberos
PKI
Password
AES
Blowfish
1
1
2
Sub-schema A
Sub-schema B
CBC
MD5
CBC
SHA1
SHA1
25
Policy Reconciliation With Preferences
root
root
root
Authentication
Authentication
Authentication
1
1
2
1
2
3
1
2
3
Password
Kerberos
PKI
Kerberos
Password
PKI
Kerberos
PKI
Password
Sub-schema A
Sub-schema B
Reconciled Policy Schema
Preference A
Preference B
Reconciled Preference
Preference A
26
Policy Reconciliation
root
root
Authentication
Integrity
Encryption
Integrity
Authentication
Encryption
1
1
2
1
2
1
2
3
1
2
3
HMAC
HMAC
Kerberos
PKI
Password
AES
3DES
Blowfish
Kerberos
PKI
Password
AES
Blowfish
1
1
2
Sub-schema A
Sub-schema B
CBC
MD5
CBC
SHA1
SHA1
root
Authentication
Integrity
Encryption
1
2
3
1
2
HMAC
Kerberos
PKI
Password
AES
Blowfish
1
Reconciled Policy
SHA1
CBC
27
Policy Instantiation
root
Authentication
Integrity
Encryption
AES-CBC
1
1
2
1
2
HMAC
Kerberos
PKI
Password
AES
Blowfish
Blowfish-CBC
1
Reconciled Policy
SHA1
CBC
Most preferred Instance
root
root
Authentication
Authentication
Encryption
Encryption
Integrity
Integrity
Kerberos
AES
HMAC
Kerberos
Blowfish
HMAC
Policy Instance 1
Policy Instance 2
SHA1
CBC
SHA1
CBC
28
Policy ReconciliationSummary
Schema
Policy sub-schema
Policy sub-schema
Policy sub-schema
Policy Reconciliation Engine
Reconciled Policy Schema
Policy Instance
Policy Instance
Policy Instance
29
Implementation