A pattern language for security models - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

A pattern language for security models

Description:

Title: PowerPoint Presentation Last modified by: dslxc Created Date: 1/1/1601 12:00:00 AM Document presentation format: On-screen Show Other titles – PowerPoint PPT presentation

Number of Views:55
Avg rating:3.0/5.0
Slides: 19
Provided by: nku81
Category:

less

Transcript and Presenter's Notes

Title: A pattern language for security models


1
A pattern language for security models
  • Eduardo B. Fernandez and Rouyi Pan
  • Presented by Liping Cai
  • 03/15/2006

2
Overview
  • Layers Pattern
  • Authorization Pattern
  • RBAC Pattern
  • Multilevel Security Pattern
  • File Authorization Pattern
  • Discussion

3
An instance of the layers pattern
4
Authorization Pattern
  • Context
  • -- Any computational environment where
    there are active entities that request resources
    whose access must be controlled.
  • Problem
  • -- How to describe allowable types of
    accesses by active computational entities to
    passive resources(protected objects)
  • Forces
  • -- The authorization structure must be
    independent of the type of resource
  • -- Predicates or guards may restrict the use of
    authorization according to specific conditions
  • -- some of the authorizations may be delegated
    by their holders to other subjects.

5
Authorization Pattern
  • Solution

6
Authorization Pattern
  • solution

7
Authorization Pattern
  • Consequences
  • -- applies to any type of resources
  • -- The predicts in the rules are a
    general representation of any conditions that may
    restrict the application of a rule.
  • -- the copy flag in the rules controls
    transfer of rights.
  • -- Some systems separate administrative
    authorizations from user authorizations for
    further security.
  • -- the request may not need to specify
    the exact object in the rule, the object may be
    implied by an existing protected object.
  • Known uses
  • -- Corresponds to the components of the
    access matrix, a fundamental security model.
  • -- Basis for the access control systems of
    most commercial products.
  • Related Patterns
  • -- RBAC pattern
  • -- file authorization pattern

8
RBAC Pattern
  • Context
  • -- User should get rights based on their job
    functions.
  • Problem
  • -- How to assign rights to users according
    to their roles in an institution.
  • Forces
  • -- People have different needs for access to
    information
  • -- define precise access rights for its
    members according to a need-to-know policy
  • -- Granting rights to individual users would
    require storing many authorization rules and it
    would also be hard to keep track of these rules
  • -- User may have more than one role may want
    to enforce policies such as separation of duty
  • -- a role may be assigned to individual users
    or to a groups of users

9
RBAC Pattern
Solution
10
RBAC Pattern
11
RBAC Pattern
  • Consequences
  • -- reduce the complexity of security
  • -- Institution policies about job functions can
    be reflected directly in the definition of roles
    and the assignment of users to roles
  • -- Roles can be structured for further
    flexibility and reduction of rules
  • -- Users can activate more than one session at
    a time for functional flexibility
  • -- can add UML constraints
  • -- reducing the number of authorization rules
    and the number of role assignments.
  • -- Additional conceptual complexity
  • Known Uses
  • -- Basis of most research papers and
    implementations of this idea.
  • -- implemented in a variety of commercial
    systems
  • Related Patterns
  • -- authorization pattern(simple version)
  • -- Role pattern and the abstract Session.

12
 Multilevel Security Pattern
  • Context
  • -- data and documents have sensitivity levels.
    Users have clearances and can access documents
    based on their clearances.
  • Problem
  • -- How to decide access in an environment with
    security classifications.
  • Forces
  • -- The model should protect the
    confidentiality and integrity of data based on
    its sensitivity.
  • -- The model should be able to be used at any
    architectural level.
  • -- There could be different sets of rules to
    decide access.
  • -- There must be a convenient way to assign
    users and data to classification levels.

13
Multilevel Security Pattern
Solution
14
Multilevel Security Pattern
  • Consequence
  • -- The classification of users and data is
    relatively simple.
  • -- can be proved to be secure under certain
    assumptions.
  • -- Implementations should use labels in data
    to indicate their classification.
  • -- additionally need trusted programs to
    assign users and data to levels.
  • -- hard to do or impossible in commercial.
  • Known uses
  • -- has been used by several
    military-sponsored projects and in a few
    commercial products.
  • Related Patterns
  • -- the concept of roles can also be applied
    here, role classifications can replace user
    classifications.

15
File Authorization Pattern
  • Context
  • -- The users of operating systems need to
    define files. These files can be accessed from
    different authorized workstations and access to
    the files should be restricted to authorized
    users.
  • Forces
  • -- There may be different categories of
    subjects.
  • -- Subjects may be authorized to access
    files, directories, and workstations.
  • -- A subject has a home directory for each
    authorized workstation, but the same home
    directory can be shared among several workstation
    or among several subjects.
  • -- Users may be grouped for access
  • -- Some systems may use roles instead of in
    addition to users as subjects.
  • -- There are different implementations for
    the file systems of operating system.

16
File Authorization Pattern
  • Solution

17
File Authorization Pattern
  • Consequences
  • -- can accommodate a variety of subjects
  • -- access objects can be single files,
    directories, recursive structures
  • -- Implied authorization is possible.
  • -- Implementations are not forced to follow
    the access matrix model.
  • --Some systems may not use authorizations
    for workstations.
  • -- Most operating systems use
    read/write/execute as access types. Higher level
    types of access are possible.
  • -- In most operating systems there is the
    concept of owner, a special type of user with all
    rights on the files he creates.
  • -- In some systems, files are mapped to the
    virtual memory address space. The pattern still
    applies to this case.
  • Know Uses
  • -- represents the file systems of Unix,
    Windows, Linx and most current operating systems.
  • Related patterns
  •   -- Composite pattern
  • -- RBAC pattern

18
General Discussion
  • The actual implementation depends on the
    architectural level where they are applied.
  • -- Access Control Lists
  • -- the use of capabilities
  • -- control access to classes
  • -- the use of metaclasses and reflection
  • Need to add more patterns in each level
  • Other security models
  • -- Clark-Wilson model
  • -- Chinese Wall model
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A pattern language for security models" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!