Computational Issues in Secure Interoperation

1
Computational Issues in Secure Interoperation

• Li gong Xiaolei Qian
• Presented by
• Saubhagya Joshi

2
focus

• Principles of Secure Interoperation
• Autonomy
• Any access permitted within an individual system
  must also be permitted under secure
  interoperation
• Security
• Any access NOT permitted within individual system
  must also be denied under secure interoperation
• This paper
• General secure interoperation problem is
  undecidable
• Optimal solutions for secure interoperation is
  NP-complete
• Complexity is reduced by composability in secure
  local interoperation

3
Background

• From HRU model, given two systems G1, G2,
  interoperation F and access right r in G1
• Actions on objects
• create, delete, enter right, remove right
• Can access right r be added to G1 where it did
  not previously exist?
• General Secure Interoperation is Undecidable

4
Definitions

• Secure System
• A secure system is an access control list in the
  form of G ltV, Agt where V is a set of entities
  and A is a binary relation access on V that is
  reflexive, transitive and antisymmetric.
• Permitted Access
• Permitted Access is a binary relation F on ? in1
  Vi where ? (u, v) ? F, u ? Vi, v ? Vj, and i ? j.

5

• Restricted Access
• Permitted Access is a binary relation R on ? in1
  Vi where ? (u, v) ? R, u ? Vi, v ? Vj, and i ?
  j.
• In a federated system Q ltV, Agt consisting of
  n subsystems where,
• V ?in1 Vi and A (?in1 Ai ? F) - R
• Autonomy Principle
• Ai remains legal in A, ie (u,v)Ai and
  (u,v)A
• Security Principle
• Illegal access (u,v)/Ai and (u,v)/A

6

• Secure Interoperation
• Given Gi ltVi, Aigt, n 1, , n. Q lt ? in1 Vi,
  Bgt is a secure interoperation if B ? R ?, and ?
  u, v ? Vi, (u, v)Ai if and only if (u, v)B.

7
Problem Security Evaluation

• Given Gi ltVi, Aigt, I1, , n, permitted access
  F, and restricted access R. Is lt ?in1 Vi (?in1
  Ai ? F) Rgt a secure interoperation?
• Security Evaluation is polynomial time.

8

• If insecure, it can be made secure by
• Removing security violations by reducing F until
  interoperation is secure
• Look for S ? F such that C ?in1 Ai ? S) R is
  secure
• Trivial
• Look for a secure solution that includes all
  other secure solutions
• Find S ? F such that C ?in1 Ai ? S) R is
  secure, and, for any secure solution T, T ? S.
• Not possible all the time

9

• F (b3, a2),(a3, b2)
• S1 (a3, b2)
• S2 (b3, a2)
• F S1 ? S2
• Look for solutions that cannot be expanded
  further
• Find secure solution S ? F such that, for any
  secure solution T, S ? T.

10

• Maximize data sharing
• Natural optimality measure
• Arcs that cause problems
• a and d
• c and d
• Solution
• Remove d
• Retain a and c

11
Problem Maximum Secure Interoperation

• Maximum secure interoperation is NP complete
• Non-deterministic machine can guess solution at
  random and verify security and autonomy
  properties
• Maximum access secure interoperation is NP
  complete
• Simplified maximum-access secure interoperation
  is in polynomial-time
• Graph is acyclic

12
Composability

• Given secure local interoperation, is global
  interoperation secure?
• Given system Gi ltVi, Aigt, i 0, 1, , n, where
  Go is the master system, let Go-i ltGo, Gi, Figt
  denote the local interoperation between Go and Gi
  with permitted Access set Fi, i 1, , n. The
  global system is given by
• G lt ?in1 Vi, (?in1 Ai ) ? (?in1 Fi )gt.

13

• G is secure if and only if Go-i is secure, I
  1, , n.

CASE 1
CASE 2
14
Conclusion

• Security of general interoperation is undecidable
• Finding secure solution with optimality is
  NP-complete
• Composability reduces complexity