ESPOON - unitn.it

Download Report

Transcript ESPOON - unitn.it 

ESPOON: Enforcing Security Policies in
Outsourced Environments
M. Rizwan Asghar
SRI International
Menlo Park, CA, USA
August 1, 2012
Why Outsourcing
 Cost saving
 Scalability
 Efficiency
 Availability
2
Issue:
Policy or access
request may leak
sensitive information
Motivation
Access
Request
Medical Record
Policy
Service Provider
Access
Request
Requester=Dentist,
Location=Dentist-ward,
Time=10hrs
Medical Record
Policy
Policy:
Only a dentist may get
access from dentistward during duty hours
(9-17 hrs)
Patient
Access
Response
Dentist
3
Problem
Access
Request
Medical Record
Policy
Service Provider
Access
Request
Medical Record
Patient
Policy
Problem:
How to evaluate encrypted
policy against encrypted
access request
Dentist
4
Proposed Solution
 We name our solution ESPOON (Enforcing Security Policies
in OutsOurced eNvironments)
 In ESPOON, the Service Provider is assumed honest-butcurious
 ESPOON is capable of handling complex policies involving
range queries
 ESPOON is a multiuser scheme in which entities do not
share any encryption keys
 A compromised user can be removed without requiring reencryption of policies
5
ESPOON Architecture
Outsourced Environment
Service Provider
(3)
TD{Context}
C{Policy}
Policy
Store
PDP
(ii)
(5)
Yes/No
Key
K
Ks Rs A
Store
C{Policy}
TD{REQ}
Data
Store
Administration
Point
(2)
(6)
Data
PEP
K s A  ( A, xA2 ) K sR  ( R, xR 2 )
(i)
{Policy}KuA
Ku A  ( xA1, s)
Trusted Key
Management Authority
Fully-trusted
(7)
Response
(1)
{REQ}KuR
(4)
{Context}KuR
KuR  ( xR1, s)
MSK  ( x, s)
Params ( g, h  g x , H , f )
Admin User
Trusted but can be removed
x  xi1  xi 2
Requester
PIP
Partially-trusted but can be removed
6
Policy Representation
Policy:
Only a dentist may
get access from
dentist-ward during
duty hours (9-17
hrs)
Λ
Requester=Dentist
Location=Dentist-Ward
V
V
Λ
AT:0****
V
AT:**1**
AT:*0***
Λ
AT:1****
AT:**0**
AT:***0*
AT:*1***
AT:***1*
AT:****0
AT = Access Time
7
Policy Evaluation
Λ
TD(Requester=Dentist)
TD(Location=Dentist-Ward)
Yes
C(Requester=Dentist)
V
V
Yes
C(Location=Dentist-Ward)
TD(AT:0****)
Access
Time
=10hrs
No
TD(AT:*1***)
C(AT:1****)
TD(AT:**0**)
Λ
TD(AT:***1*)
C(AT:0****)
Yes
V
TD(AT:****0)
No
C(AT:**1**)
No
C(AT:*0***)
C(AT:**0**)
Yes
Λ
No
C(AT:***0*)
Yes
C(AT:*1***)
Yes
C(AT:***1*)
C(AT:****0)
Yes
AT = Access Time
8
Policy Evaluation (2)
Yes
Λ
Yes
Yes
V
V
Yes
Yes
Λ
Yes
No
Λ
No
Yes
V
Yes
No
No
Yes
No
Yes
Yes
Yes
9
Performance Analysis: Requester

String Attribute:
O(n), n is the
number of string
attributes

Numerical
Attribute: O(ns), n
is the number of
numerical attributes
each of size s
10
Performance Analysis: Policy Evaluation

String Attribute:
O(nm), n is the
number of string
attributes and m is
the number of string
comparisons

Numerical
Attribute: O(nms2),
n is the number of
numerical attributes
and m is the number
of numerical
comparisons each of
size s
11
Related Work

Schemes supporting access controls in outsourced environments
require re-generation of keys and re-encryption of data for any
administrative changes [Vimercati et al. CSAW’07 VLDB’07]

Schemes supporting queries on encrypted data do not support access
policies [Dong et al. DBSec’08, Song et al. S&P’00, Boneh et al. EUROCRYPT’04,
Curtmola et al. CCS’06, Hwang and Lee LNCS’07, Boneh and Waters TCC’07, Wang et
al. SOFSEM’08, Baek et al. ICCSA’08, Rhee et al. JSS’10, Shao et al. Inf. Sci.’10]

Encrypted data with CP-ABE policy reveals the policy structure
[Narayan
et al. CCSW’10]

Hidden credentials schemes do not support complex policies and
require parties to be online [Holt et al. WPES’03, Bradshaw et al. CCS’04]
12
Recent Advancements
 ESPOONERBAC
– Enforcing RBAC style of policies covering:

RBAC0 – Role assignment and permission assignment

RBAC1 – Dynamic constraints (E-GRANT)

-
Dynamic separation of duties
-
Chinese Wall
RBAC2 = RBAC0 + RBAC1
 Distributed Policy Enforcement
– Under development and writing paper
13
Conclusions and Future Work
 Conclusions
– ESPOON enforces policies in outsourced environments
– ESPOON supports complex policies including range queries
– ESPOON employs a multiuser scheme where entities do not
share keys
 Future work
– Secure auditing mechanism in ESPOON
– Support for negative authorisation policies and conflict
resolution
14
References

[Asghar et al. CCS’11] M. R. Asghar, G. Russello, B. Crispo.
POSTER:ESPOONERBAC: Enforcing Security Policies in Outsourced
Environments with Encrypted RBAC. In Proceedings of the 18th ACM
conference on Computer and communications security, CCS ’11, pages 841844, New York, NY, USA, 2011. ACM.

[Asghar et al. ARES’11] M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOON:
Enforcing Encrypted Security Policies in Outsourced Environments. The Sixth
International Conference on Availability, Reliability and Security (ARES), Austria,
Vienna, 22-26 August 2011, pages 99-108. IEEE, 2011 (Full paper acceptance
rate was 20%).

M. R. Asghar, M. Ion, G. Russello, B. Crispo. ESPOONERBAC: Enforcing Security
Policies in Outsourced Environments with Encrypted RBAC. Elsevier
Computers & Security (COSE) – under review

M. R. Asghar, G. Russello, B. Crispo. E-GRANT: Enforcing Encrypted Dynamic
Security Constraints in the Cloud – A journal paper under review
16
Thank You!
Any Questions?
[email protected]
17